Bug ID 1300749: Syslog target files do not use the hostname configured via system user interface.

Last Modified: Oct 21, 2024

Affected Product(s):
F5OS Velos(all modules)

Known Affected Versions:
F5OS-A 1.5.0, F5OS-A 1.5.1

Fixed In:
F5OS-A 1.8.0, F5OS-A 1.5.2

Opened: May 19, 2023

Severity: 2-Critical

Symptoms

Syslog target files, for example: /var/F5/system/log/platform.log, use a hardcoded nodename for every device as a hostname.

Impact

In a remote log collector, source IPs are the only way to differentiate among devices.

Conditions

No special conditions.

Workaround

It is possible to do an irule workaround that replaces custom strings in syslog traffic depending on the client's IP address. This iRule is applied to the virtual server on another LTM that consumes the syslog traffic and load balances. when CLIENT_DATA { switch [IP::client_addr] { "10.10.10.10" { UDP::payload replace 38 11 "ABCDC01F5OS01" } "10.10.10.20" { UDP::payload replace 38 11 "ABCDC01F5OS02" } } } Below is the example message after irule workaround. Jul 31 03:33:50 10.10.10.10 2023-07-31T07:33:50.181136+00:00 appliance-1 lacpd[1]: priority="Info" version=1.0 msgid=0x3401000000000046 msg="" info_str="check_if_op_modify(): new oc_if_enabled: 0 (1:Enabled 2:Disabled ... )". to this Jul 31 06:00:01 10.10.10.10 2023-07-31T10:00:01.356324+00:00 ABCDC01F5OS01 lacpd[1]: priority="Info" version=1.0 msgid=0x3401000000000046 msg="" info_str="check_if_op_modify(): new oc_if_enabled: 1 (1:Enabled 2:Disabled ... )". Jul 31 06:00:04 10.10.10.20 2023-07-31T10:00:04.983677+00:00 ABCDC01F5OS02 lacpd[1]: priority="Info" version=1.0 msgid=0x3401000000000046 msg="" info_str="check_if_op_modify(): new oc_if_enabled: 0 (1:Enabled 2:Disabled ... )".

Fix Information

Infrastructure to use the system hostname user configuration in the syslog target logs has been added with a knob and it is enabled by default. It can be turned off if old behavior is preferred.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips