GUI下的log显示有:
system———->/var/log/messages
packer filter ————->/var/log/pktfilter
Local traffic————–>/var/log/ltm
audit—————–>/var/log/audit
打开GUI下的审计需要打开MCP审计功能并确保MCP的日志级别不高于notice
打开b 命令的审计则需打开bigpipe的审计
在/var/log 下其实还有很多其他日志文件
——————————————————
使用logtool可以快速的在所有日志中查找感兴趣的日志,使用方法如下
[root@v10-1:Active] log # logtool –help
Unknown option: help
Usage: /usr/bin/logtool [options] ["<SearchString>"]
Options:
–filename: Append the log file name to the message
–level=LEVEL: Search for messages at a level
–system=NAME: Search for messages from a system
–slot=NUMBER: Search for messages from a slot
–zipped: Search for messages in compressed log files
注意searchstring是区分大小写的。
—————————————-
在命令行下查看日志时候可以通过增加 bigcodes 管道来解析F5一些专用的抽象代码,例如
cat /var/log/ltm | bigcodes |less
—————————————-
resize-logFS 可以用来resize 给/var/log预分配的固定空间,默认是7G,可配区间是1-10G
——————–
配置syslog-ng将log发送到远程syslog服务器
Read the rest of 扫盲计划之:log&syslog »
F5技术 by .
*TechNews is switching to HTML format*
AskF5 is reformatting the TechNews email from plain text to HTML. The new HTML format will enable subscribers to quickly view all added and updated documents for their F5 products. In addition, the “BIG-IP” section will be separated out by each BIG-IP product, making it even easier for you to locate the solutions that apply to your needs. Look for the new HTML format in next week’s TechNews email.
*Helping F5 Support troubleshoot technical issues*
Refer to the following solution for information about the files you can provide to F5 Support in order to help F5 support troubleshoot technical issues.
SOL2633: Instructions for submitting a support case to F5 Networks https://support.f5.com/kb/en-us/solutions/public/2000/600/sol2633.html
*RSS feeds on Ask F5*
Read the rest of AskF5 – Added and updated documents from 8/1 through 8/7 »
startup :
put script in directory
/config/startup
failover:
put script in directory
/config/failover/acitve
or
/config/failover/standby
这个脚本是用来检查pool member状态,如果down了就在/var/log/messages里打印日志,这个可以辅助检查是哪个pool的哪个member down了。可以弄成cron task。
#!/bin/sh
# Pool Member watch script for Big-IP V9-10
#
#——————————————————————————-
# Init
#——————————————————————————-
POOL_FLG=0
#——————————————————————————-
# Check status
#——————————————————————————-
#/usr/bin/logger -is -p debug “Script $0 start.”
#check how much member down
POOL_FLG=`/bin/bigpipe pool | grep -c “down”`
if [ $POOL_FLG -ne 0 ]; then
#echo number of down pool members
/usr/bin/logger -is -p warn “Script $0 checked $POOL_FLG Members down. ”
#check IP address of down members
DOWN_MEMBER=`/bin/bigpipe pool show | /bin/awk ‘/down/{ print $4 }’`
#Loop
for I in ${DOWN_MEMBER}
do
#echo IP address of down members
/usr/bin/logger -is -p warn “Script $0 checked ${I} is down. Check BIG-IP status.”
done
fi
Description
This document explains iRules CMP compatibility for the various LTM versions and offers guidelines for constructing CMP compatible iRules and converting existing iRules for CMP compatibility.
Virtual servers using a number of common iRule-accessible features are not CMP-compatible in some versions:
- Persistence
- Session Table
- Global Variables
- Class / Data Group List References
- Rate Classes
- Statistics Profiles
Virtual servers using non-CMP compatible features should be demoted from CMP processing and all connections for that vs will be handled by TMM0.
Read the rest of CMP Compatibility »
*Helping F5 Support troubleshoot technical issues*
Refer to the following solution for information about the files you can provide to F5 Support in order to help F5 support troubleshoot technical issues.
SOL2633: Instructions for submitting a support case to F5 Networks https://support.f5.com/kb/en-us/solutions/public/2000/600/sol2633.html
*RSS feeds on Ask F5*
You can receive Ask F5 RSS feeds to stay informed about new documents pertaining to your products. You can configure feeds for specific products, product versions and/or document sets. You can also aggregate multiple feeds in your RSS Reader to display one unified list of all selected documents.
For more information, including instructions to sign up for Ask F5 RSS feeds, refer to:
https://support.f5.com/kb/en-us/pages/rssfaq.html
*Avoiding the 497 day jiffies counter bug in the Linux 2.4 kernel*
To avoid any issues which may result from the 497 day jiffies counter bug in the Linux 2.4 kernel, customers should schedule an annual reboot of their BIG-IP LTM, GTM, ASM, WebAccelerator, Link Controller, WAN Optimization and FirePass systems. Although the counter bug is not an F5 software defect, and all issues known to affect F5 products have been patched in current product versions, an annual reboot is recommended to avoid any other issues which may arise. For more information (including which product versions are affected), refer to SOL7036: The Linux uptime counter wraps after 497 days.
*Added and updated documents from 7/25 through 7/31*
BIG-IP – New
Read the rest of Added and updated documents from 7/25 through 7/31 »
GTM version 10 is here! With its arrival, GTM gets more than a fist-full of new iRules commands for you to add to the toolbox. In this article, we’ll take a look at the command syntax and work through some examples.
whoami
Returns the server name for the local GTM. This example checks for client source and which GTM is handling the request so it can override the wideIP to serve up a specific host entry. Read the rest of v.10 – New GTM iRules commands »
在GUI点击config sync to peer和命令b config sync 具有等同的效果,都是将配置推送到对端设备上,当执行b config sync时候:
1. 系统将尝试连接对端icontrol接口(运行在对端的443之上),其间要建立SSL,并向对方出示web管理员账号和密码。
2. 同步设备master key,检查时间差异
3. 本机产生一份当前的配置的ucs,放在/var/tmp下
4. 传送ucs文件到对端的/var/local/ucs下,作为一个临时ucs
5. 通知对端备份当前配置为cs_backup.ucs
6. 通知对端机器上执行b config install安装传送过来的临时ucs文件
7. 通知对端删除临时ucs
8. 通过获取对端/var/log/configsync_peer.log日志,将对端ucs安装情况打印在屏幕上
从上述过程可以看出,任何一步受到影响都可能造成同步的失败,因此当遇到同步失败时候可以从这些过程入手,分解测试各个环节是否都正常:
Read the rest of [原]config sync 排错指导 »
F5技术 by .
handshake hold’ iRule command does not work for resumed SSL sessions
http://support.f5.com/kb/en-us/solutions/public/11000/800/sol11834.html
SOL11833: Interpreting OPSWAT Antivirus and Firewall support charts
http://support.f5.com/kb/en-us/solutions/public/11000/800/sol11833.html
SOL11828: After a health monitor configured for manual resume has marked a node as down, it is not possible to mark the node back up using the Configuration utility
http://support.f5.com/kb/en-us/solutions/public/11000/800/sol11828.html
SOL11826: Users may be unable to stop the Policy Builder utility
http://support.f5.com/kb/en-us/solutions/public/11000/800/sol11826.html
SOL11819: TMM may core when the memory from a Network Access connection is reallocated to a new Network Access connection
http://support.f5.com/kb/en-us/solutions/public/11000/800/sol11819.html
SOL11814: The BIG-IP APM virtual server may intermittently become unavailable
http://support.f5.com/kb/en-us/solutions/public/11000/800/sol11814.html
SOL11789: SSL handshakes may fail for virtual servers using Datagram Transport Layer Security (DTLS)
http://support.f5.com/kb/en-us/solutions/public/11000/700/sol11789.html
SOL11736: Defining network resources for BIG-IP high availability features
http://support.f5.com/kb/en-us/solutions/public/11000/700/sol11736.html
BIG-IP – Updated
SOL11810: An iSession tunnel using compression may cause TMM to miss a heartbeat and restart
http://support.f5.com/kb/en-us/solutions/public/11000/800/sol11810.html
SOL11809: Restarting the pvad process may result in dropped UDP monitor packets
http://support.f5.com/kb/en-us/solutions/public/11000/800/sol11809.html
SOL11801: The source port may be translated for server-initiated traffic over a Network Access connection
http://support.f5.com/kb/en-us/solutions/public/11000/800/sol11801.html
SOL11796: Overview of the Auto Last Hop setting
http://support.f5.com/kb/en-us/solutions/public/11000/700/sol11796.html
SOL11740: BIG-IP debug BigDB keys should not be left enabled when the system is in production mode
http://support.f5.com/kb/en-us/solutions/public/11000/700/sol11740.html
SOL11737: The BIG-IP ASM bd process may leak memory when it fails to uncompress the server response
http://support.f5.com/kb/en-us/solutions/public/11000/700/sol11737.html
SOL11724: Certain Data Guard custom regular expression patterns may cause the BIG-IP PSM to dump core
http://support.f5.com/kb/en-us/solutions/public/11000/700/sol11724.html
SOL11699: The High-Speed Bridge (HSB) does not correctly handle runt frames
http://support.f5.com/kb/en-us/solutions/public/11000/600/sol11699.html
SOL11682: Mac OS X and Linux users may receive ‘connection dropped’ message after launching Network Access
http://support.f5.com/kb/en-us/solutions/public/11000/600/sol11682.html
SOL11636: HTTP/1.0 Keep-Alive connections may cause BIG-IP WebAccelerator to drop some requests
http://support.f5.com/kb/en-us/solutions/public/11000/600/sol11636.html
SOL11619: BIG-IP LTM licensing of 10 concurrent users for BIG-IP APM
http://support.f5.com/kb/en-us/solutions/public/11000/600/sol11619.html
SOL11611: Using SNMP to query pool member and node address statistics consumes excessive system resources
http://support.f5.com/kb/en-us/solutions/public/11000/600/sol11611.html
SOL11586: Changing the Maximum Cookie Header Length setting to a low value may result in false illegal cookie length violations
http://support.f5.com/kb/en-us/solutions/public/11000/500/sol11586.html
Read the rest of AskF5 – Added and updated documents from 7/18 through 7/24 »
-
京ICP备09028733号
