The LoadMaster can produce various warning and error messages using the syslog protocol. Syslog messages include a full timestamp and the LoadMaster host name in every message. Syslog messages comply with RFC5424. These messages are normally stored locally.

It is also possible to configure the LoadMaster to transmit these error messages to a remote syslog server by entering the relevant IP address in the Syslog host text box, selecting the severity and clicking Add Syslog Host. Syslog messages are transmitted securely using TLS to remote servers.

The LoadMaster uses OCSP to check the validity of the server certificates supplied by configured syslog servers. If these checks fail, connections to the server are not permitted.

To delete a hosts entry, set the severity level to None.

Six different error message levels are defined and each message level may be sent to a different server. Notice messages are sent for information only; Emergency messages normally require immediate user action.

Note: Up to 10 individual IP addresses can be specified. If there were more than 10 hosts configured in a previous LoadMaster version, after upgrading - all entries are displayed but no more can be added.

Examples of the type of message that may be seen are shown below:

  • Emergency: Kernel-critical error messages
  • Critical: Unit 1 has failed and unit 2 is taking over as active (in a HA setup)
  • Error: Authentication failure for root from 192.168.1.1
  • Warn: Interface is up/down
  • Notice: Time has been synced
  • Info: Local advertised Ethernet address
Note: One point to note about syslog messages is they cascade in an upwards direction. Thus, if a host is set to receive WARN messages, the message file includes messages from all levels above WARN but none for levels below.

If you enter the same host address again, the old entry for the same host is replaced. There is no need to have multiple entries for the same host because a single entry covers the syslog level that is defined, plus all other levels that are of higher priority. So, you only need to include one entry with the lowest level priority required.

You can also specify a non-standard port for syslog transfer by entering it into the Remote Syslog Port text box and clicking Set Port:

  • If the Remote Syslog Port is not configured, logging is done on UDP on port 514.
  • If the Remote Syslog Port is configured as 601, logging is done on TCP on port 601.
  • If the Remote Syslog Port is configured as any port other than 601, logging is done on secured TCP, that is, over SSL on the configured port.

To enable a syslog process on a remote Linux server to receive syslog messages from the LoadMaster, the syslog must be started with the “-r” flag.

Syslog Message Prefix

Enter the fixed string in the Prefix text box and click Set Prefix to add it to the beginning of all syslog messages. You can use this prefix to include identifiers such as a license key, which may be required by remote syslog consumers for authentication or tracking purposes. There is a limit of 80 characters for the Prefix field. Most characters are supported.

You can specify the protocol to use when connecting to a remote syslog server by selecting the appropriate option in the Remote Syslog Protocol drop-down list.

Server Certificate Validation

This check box only appears when TLS is selected as the Remote Syslog Protocol.

When Server Certificate Validation is enabled, it ensures that the host name or IP address that was used to initiate the secure connection resides in the Certificate Subject or Subject Alternative Names (SAN) of the certificate.

Server Certificate Validation is disabled by default.