Operational Defect Database
BugZero found this defect 1557 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 880565
Audit Log: "cmd_data=list cm device recursive" is been generated continuously
Last update date:
4/26/2024
Affected products:
BIG-IP
BIG-IP TMOS
Affected releases:
14.1.2.3
14.1.2.4
14.1.2.5
14.1.2.6
14.1.2.7
14.1.2.8
14.1.3
14.1.3.1
14.1.4
14.1.4.1
14.1.4.2
14.1.4.3
Fixed releases:
No fixed releases provided.
Description:
Impact ... Audit log file contains numerous 'cmd_data=list cm device recursive' messages. ... Conditions ... This occurs during normal operation. ... Workaround ... -- To suppress all messages, do the following: 1. ... Edit the 'include' section of syslog configuration to suppress audit logs of 'cmd_data=cd /' and 'cmd_data=list cm device recursive': # tmsh edit /sys syslog all-properties 2. ... Replace 'include none' with following syntax: === sys syslog { - snip - include " filter f_audit { facility(local0) and match(AUDIT) and not match(\"cmd_data=list cm device recursive|cmd_data=cd /\"); };" - snip - } -- To filter the messages sent to existing remote syslog servers, do the following: 1. ... Set sys syslog remote-servers none: # tmsh modify sys syslog remote-servers none 2. ... Define the remote syslog server in the 'sys syslog include' statement. ... 3. Add the following filter: filter f_remote_server { not (facility(local0) and message(\"AUDIT\") and match(\"cmd_data=list cm ...
