Last Modified: Jul 08, 2025
Affected Product(s):
F5OS F5OS, F5OS-A, F5OS-C, Velos
Known Affected Versions:
F5OS-A 1.1.0, F5OS-A 1.1.1, F5OS-A 1.2.0, F5OS-A 1.3.0, F5OS-A 1.3.1, F5OS-A 1.3.2, F5OS-A 1.4.0, F5OS-A 1.5.0, F5OS-A 1.5.1, F5OS-A 1.5.2, F5OS-A 1.5.3, F5OS-A 1.7.0, F5OS-A 1.8.0, F5OS-C 1.2.1, F5OS-C 1.2.2, F5OS-C 1.3.0, F5OS-C 1.3.1, F5OS-C 1.3.2, F5OS-C 1.5.0, F5OS-C 1.5.1, F5OS-C 1.6.0, F5OS-C 1.6.1, F5OS-C 1.6.2, F5OS-C 1.8.0, F5OS-C 1.8.1
Opened: Dec 29, 2023 Severity: 3-Major
When enabling very verbose logging on an F5OS system, some log messages may not be logged due to systemd journal log throttling. When this occurs, a messages such as the following will be present: Jan 01 00:42:47 appliance-1 journal: Suppressed 42047 messages from /system.slice/docker.service
Log messages required to debug a problem are not captured in the system logs.
- F5OS system - Enabling debug logging, e.g. enable debug logging for LDAP authentication
For LDAP debug logging: 1. Log into the system via SSH as root 2. Stop the system-managed 'nslcd' daemon by removing /etc/auth-config/nslcd. For a VELOS partition, log into the system controller where the partition is active. The file will be /var/F5/partition<partition ID>/auth-config/nslcd. rm /etc/auth-config/nslcd 3. Wait a few seconds (for the system to notice the file deletion and stop the running nslcd instance). 4. Start nslcd manually and pass "-d" (or "-dd" or "-ddd" or other parameters, as desired). For a VELOS partition, the container name will be "partition<partition ID>_name-service-ldap, rather than "name-service-ldap". docker exec -it name-service-ldap /usr/sbin/nslcd -d | gawk '{ print strftime("[%FT%T%z]"), $0 }' The system will kill this nslcd process any time an administrator make configuration changes to authentication settings (including changing a role's "remote-gid" mapping). At that point, the administrator will need to re-do these steps again to restart debug logging.
None