Bug ID 515291: qkview command line option to exclude audit/secure logs

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9

Fixed In:
12.0.0

Opened: Mar 30, 2015
Severity: 3-Major

Symptoms

Currently qkview will always collect /var/log/audit and /var/log/secure log files, which logs administrator user's activity.

Impact

You may be unwilling to provide F5 Support the qkview output due to security and regulation concerns.

Conditions

This occurs when running qkview.

Workaround

None

Fix Information

You can now run qkview with --exclude <hex> to exclude certain log files where hex value can be the OR value of following bitmasks: 0x1: exclude /var/log/audit* 0x2: exclude /var/log/secure* 0x4: exclude /root/.bash_history

Behavior Change