How to Compress F5 BIG-IP log files

Compress F5 BIG-IP log files

When you open a support case with F5 Support they will ask for a qkview and quite likely they will ask for logs from the system. The reason for this is because although the qkview utility will collect the logs from the device, by default it gathers up to 5MB of log files, meaning that the files can get truncated.

In order to gather all the log files from the system and not miss anything, you need to create a tarball file following these steps:

  1. Log in to the command line.
  2. Create a tar archive in the /var/tmp directory that contains all the files in the /var/log directory, by typing the following command:  tar zcvf /var/tmp/$HOSTNAME-logs.tar.gz /var/log/*
  3. This will generate a file in /var/tmp with the name of the device followed by the -logs.tar.gz suffix. You need to transfer this file out of the system using an utility like scp/WinSCP

That is all in regards to creating a tar file with the logs that you can submit to F5 Support. However, if you want to dig further, you can find below some of the logs in the /var/log directory and their description:

TypeDescriptionLog file
auditThe audit event messages are messages that the BIG-IP system logs as a result of changes to the BIG-IP system configuration. Logging audit events is optional./var/log/audit
bootThe boot messages contain information that is logged when the system boots./var/log/boot.log
cronWhen the cron daemon starts a cron job, the daemon logs the information about the cron job in this file./var/log/cron
daemonThe daemon messages are logged by various daemons that run on the system./var/log/daemon.log
dmesgThe dmesg messages contain kernel ring buffer information that pertains to the hardware devices that the kernel detects during the boot process./var/log/dmesg
GSLBThe GSLB messages pertain to global traffic management events./var/log/gtm
httpdThe httpd messages contain the Apache Web server error log./var/log/httpd/httpd_errors
kernelThe kernel messages are logged by the Linux kernel./var/log/kern.log
local trafficThe local traffic messages pertain specifically to the BIG-IP local traffic management events./var/log/ltm
mailThe mail messages contain the log information from the mail server that is running on the system./var/log/maillog
packet filterThe packet filter messages are those that result from the use of packet filters and packet-filter rules./var/log/pktfilter
securityThe secure log messages contain information related to authentication and authorization privileges./var/log/secure
systemThe system event messages are based on global Linux events, and are not specific to BIG-IP local traffic management events./var/log/messages
TMMThe TMM log messages are those that pertain to Traffic Management Microkernel events./var/log/tmm
userThe user log messages contain information about all user level logs./var/log/user.log
webuiThe webui log messages display errors and exception details that pertain to the Configuration utility./var/log/webui.log