When using Remote Access for managed BIGIPs, it’s important to be aware of the following aspects regarding data collection and system logging:

​
System Syslog and Audit Logs

  • System Syslog: This is collected, including audit logs.

​
Audit Log Parsing

The logging system is designed to note and parse audit logs from the following services:

  • rest(pam_audit)
  • scriptd
  • tmsh
  • mcpd
  • httpd
  • httpd(pam_audit)
  • icrd_child
  • sshd(pam_audit)

​
Fields Available in Logs

Depending on the service, in addition to the full message, the following fields are available:

  • action
  • alert_code
  • attempts
  • client
  • cmd_data
  • end
  • folder
  • host
  • level
  • log_file_code
  • module
  • object
  • partition
  • pid
  • start
  • status
  • transaction
  • tty
  • user

​
Early Release Dashboard

If permitted, an early release version of a dashboard for viewing the BIGIP audit log is available:

This data is expected to be integrated into the Cloud.Red portal in a future release.