Compress F5 BIG-IP log files
When you open a support case with F5 Support they will ask for a qkview and quite likely they will ask for logs from the system. The reason for this is because although the qkview utility will collect the logs from the device, by default it gathers up to 5MB of log files, meaning that the files can get truncated.
In order to gather all the log files from the system and not miss anything, you need to create a tarball file following these steps:
- Log in to the command line.
- Create a tar archive in the /var/tmp directory that contains all the files in the /var/log directory, by typing the following command: tar zcvf /var/tmp/$HOSTNAME-logs.tar.gz /var/log/*
- This will generate a file in /var/tmp with the name of the device followed by the -logs.tar.gz suffix. You need to transfer this file out of the system using an utility like scp/WinSCP
That is all in regards to creating a tar file with the logs that you can submit to F5 Support. However, if you want to dig further, you can find below some of the logs in the /var/log directory and their description:
| Type | Description | Log file |
| audit | The audit event messages are messages that the BIG-IP system logs as a result of changes to the BIG-IP system configuration. Logging audit events is optional. | /var/log/audit |
| boot | The boot messages contain information that is logged when the system boots. | /var/log/boot.log |
| cron | When the cron daemon starts a cron job, the daemon logs the information about the cron job in this file. | /var/log/cron |
| daemon | The daemon messages are logged by various daemons that run on the system. | /var/log/daemon.log |
| dmesg | The dmesg messages contain kernel ring buffer information that pertains to the hardware devices that the kernel detects during the boot process. | /var/log/dmesg |
| GSLB | The GSLB messages pertain to global traffic management events. | /var/log/gtm |
| httpd | The httpd messages contain the Apache Web server error log. | /var/log/httpd/httpd_errors |
| kernel | The kernel messages are logged by the Linux kernel. | /var/log/kern.log |
| local traffic | The local traffic messages pertain specifically to the BIG-IP local traffic management events. | /var/log/ltm |
| The mail messages contain the log information from the mail server that is running on the system. | /var/log/maillog | |
| packet filter | The packet filter messages are those that result from the use of packet filters and packet-filter rules. | /var/log/pktfilter |
| security | The secure log messages contain information related to authentication and authorization privileges. | /var/log/secure |
| system | The system event messages are based on global Linux events, and are not specific to BIG-IP local traffic management events. | /var/log/messages |
| TMM | The TMM log messages are those that pertain to Traffic Management Microkernel events. | /var/log/tmm |
| user | The user log messages contain information about all user level logs. | /var/log/user.log |
| webui | The webui log messages display errors and exception details that pertain to the Configuration utility. | /var/log/webui.log |