Skip to content
View in the app

A better way to browse. Learn more.
Gear Crushers

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Understanding Log Files

dennis
in F5

Featured Replies

So many log files found under /var/log so what do they mean.

/var/log/audit

The audit event messages are messages that the BIG-IP system logs as a result of changes to the BIG-IP system configuration. Logging audit events is optional.

The audit log messages generated by the BIG-IP system include the following types of information:

  • Time stamp: The time/date that the system logged the message
    Host name: The host name of the BIG-IP system that generated the message
    Service: The name of the service (and process ID) that generated the message
    Message code: The code that is associated with the message (refer to the previous Local traffic log message format section for Message code sub-code definitions)
    User: The name of the user who made the configuration change, the user's partition, and the user's permission level
    Event: The description of the configuration change or event that caused the system to log the message

/var/log/boot.log

The boot messages contain information that is logged when the system boots.

/var/log/cron

When the cron daemon starts a cron job, the daemon logs the information about the cron job in this file.

/var/log/daemon.log

The daemon messages are logged by various daemons that run on the system.

/var/log/dmesg

The dmesg messages contain kernel ring buffer information that pertains to the hardware devices that the kernel detects during the boot process.

/var/log/gtm

The GSLB messages pertain to global traffic management events.

/var/log/httpd/httpd_errors

The httpd messages contain the Apache Web server error log.

/var/log/kern.log

The kernel messages are logged by the Linux kernel.

/var/log/ltm

The local traffic messages pertain specifically to the BIG-IP local traffic management events.

The local traffic (ltm) log messages generated by the BIG-IP system include the following types of information:

Time stamp: The time/date that the system logged the message

Host name: The host name of the BIG-IP system that generated the message

Service: The name of the service (and process ID) that generated the message

Message code: The code that is associated with the message. The code is comprised of the following sub-codes:

...Product Code: The first two hex digits form the product code. For example, 0x01 is the BIG-IP product code.

...Subset Code: The third and fourth hex digits are the subset code. For example, 0x2a is the subset code for LIBHAL.

...Message Number: The next four digits form the message number within a module.

...Severity Level: The last digit between the colon symbols is the severity level, with 0 being the highest severity level.

...Message text: The description of the event that caused the system to log the message.

/var/log/maillog

The mail messages contain the log information from the mail server that is running on the system

/var/log/pktfilter

The packet filter messages are those that result from the use of packet filters and packet-filter rules.

/var/log/secure

The secure log messages contain information related to authentication and authorization privileges.

/var/log/messages

The system event messages are based on global Linux events, and are not specific to BIG-IP local traffic management events.

/var/log/tmm

The TMM log messages are those that pertain to Traffic Management Microkernel events.

/var/log/user.log

The user log messages contain information about all user level logs.

/var/log/webui.log

The webui log messages display errors and exception details that pertain to the Configuration utility.

  • Author

Using the tmsh utility to review log files

Impact of procedure:

Performing the following procedure should not have a negative impact on your system.

Before entering tmsh mode find out what your current date/time is on the system by typing the following command:

hwclock

Log in to the Traffic Management Shell (tmsh) by typing the following command:

tmsh

To view log files, use the following command syntax:

show /sys log

For example, to view the ltm log file, you would type the following command:

show /sys log ltm

You can also specify a date range when reviewing log files from the tmsh utility. To do so, use the following command syntax:

show /sys log  range

For example, to view ltm logs from three days ago until now, type the following command:

show /sys log ltm range now-3d

For example, to view all ltm logs from 2015-03-05, type the following command:

show /sys log ltm range 2015-03-05

For example, to view ltm logs from two to four days ago, type the following command:

show /sys log ltm range now-2d--now-4d

For example, to view ltm logs from 2016-05-14 at 1:30pm through 2016-05-14 at 2pm, type the following command:

show /sys log ltm range 2016-05-14:13:30--2016-05-14:14:00

Note: For more information about using tmsh utility data/time formats, refer to the time help page. To do so, type help time at the tmsh utility prompt.

Create an account or sign in to comment
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.