Last Modified: Oct 21, 2024
Affected Product(s):
F5OS Velos
Known Affected Versions:
F5OS-A 1.5.0, F5OS-A 1.5.1
Fixed In:
F5OS-A 1.8.0, F5OS-A 1.5.2
Opened: May 19, 2023 Severity: 2-Critical
Syslog target files, for example: /var/F5/system/log/platform.log, use a hardcoded nodename for every device as a hostname.
In a remote log collector, source IPs are the only way to differentiate among devices.
No special conditions.
It is possible to do an irule workaround that replaces custom strings in syslog traffic depending on the client's IP address. This iRule is applied to the virtual server on another LTM that consumes the syslog traffic and load balances. when CLIENT_DATA { switch [IP::client_addr] { "10.10.10.10" { UDP::payload replace 38 11 "ABCDC01F5OS01" } "10.10.10.20" { UDP::payload replace 38 11 "ABCDC01F5OS02" } } } Below is the example message after irule workaround. Jul 31 03:33:50 10.10.10.10 2023-07-31T07:33:50.181136+00:00 appliance-1 lacpd[1]: priority="Info" version=1.0 msgid=0x3401000000000046 msg="" info_str="check_if_op_modify(): new oc_if_enabled: 0 (1:Enabled 2:Disabled ... )". to this Jul 31 06:00:01 10.10.10.10 2023-07-31T10:00:01.356324+00:00 ABCDC01F5OS01 lacpd[1]: priority="Info" version=1.0 msgid=0x3401000000000046 msg="" info_str="check_if_op_modify(): new oc_if_enabled: 1 (1:Enabled 2:Disabled ... )". Jul 31 06:00:04 10.10.10.20 2023-07-31T10:00:04.983677+00:00 ABCDC01F5OS02 lacpd[1]: priority="Info" version=1.0 msgid=0x3401000000000046 msg="" info_str="check_if_op_modify(): new oc_if_enabled: 0 (1:Enabled 2:Disabled ... )".
Infrastructure to use the system hostname user configuration in the syslog target logs has been added with a knob and it is enabled by default. It can be turned off if old behavior is preferred.