ifeldshteyn_384
Feb 22, 2019Nimbostratus
F5 timestamp inquiry
Hello, we have a logfile being monitored by F5 that includes a syslog-formatted timestamp. When F5 reads the log and sends it to a secondary system, ex: Splunk, it appends another timestamp. Look at the example below with double the timestamps and server.
Feb 21 13:41:26 f5_monitor_server Feb 21 13:41:25 f5_dmz_server debug mcpd[6282]: save_master_key(7) called
What can we do to not wrap this additional timestamp and host ? I understand we can filter it out in Splunk but I don't want to waste the extra cycles as syslog is quite chatty.
Thanks