Bug ID 515291: qkview command line option to exclude audit/secure logs

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0

Opened: Mar 30, 2015

Severity: 3-Major

Symptoms

Currently qkview will always collect /var/log/audit and /var/log/secure log files, which logs administrator user's activity.

Impact

You may be unwilling to provide F5 Support the qkview output due to security and regulation concerns.

Conditions

This occurs when running qkview.

Workaround

None

Fix Information

You can now run qkview with --exclude <hex> to exclude certain log files where hex value can be the OR value of following bitmasks: 0x1: exclude /var/log/audit* 0x2: exclude /var/log/secure* 0x4: exclude /root/.bash_history

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips