Logs not appearing in OMS

[strtdusty]

We have configured the iApp, double checking the wrokspace ID and shared access key. The components all show up: The statistics on the "send" iRule indicate that it is being executed without failure: I assume I should see a new log schema in OMS. When searching on "F5CustomLog_CL" as the video indicates, I see no F5 related schemas: Nothing stands out in the LTM log except maybe: Jan 9 11:11:57 ourWAF err tmm[40715]: 01010028:3: No members available for pool /Common/Azure-OMS-logger.app/Azure-OMS-logger_format_pool Jan 9 11:11:57 ourWAF err tmm5[40715]: 01010028:3: No members available for pool /Common/Azure-OMS-logger.app/Azure-OMS-logger_format_pool Jan 9 11:11:57 ourWAF err tmm4[40715]: 01010028:3: No members available for pool /Common/Azure-OMS-logger.app/Azure-OMS-logger_format_pool Jan 9 11:11:57 ourWAF err tmm3[40715]: 01010028:3: No members available for pool /Common/Azure-OMS-logger.app/Azure-OMS-logger_format_pool Jan 9 11:11:57 ourWAF err tmm2[40715]: 01010028:3: No members available for pool /Common/Azure-OMS-logger.app/Azure-OMS-logger_format_pool Jan 9 11:11:57 ourWAF err tmm7[40715]: 01010028:3: No members available for pool /Common/Azure-OMS-logger.app/Azure-OMS-logger_format_pool Jan 9 11:11:57 ourWAF err tmm1[40715]: 01010028:3: No members available for pool /Common/Azure-OMS-logger.app/Azure-OMS-logger_format_pool Jan 9 11:11:57 ourWAF err tmm6[40715]: 01010028:3: No members available for pool /Common/Azure-OMS-logger.app/Azure-OMS-logger_format_pool

[jsevedge]

@strtdusty Could you please select 'advanced' in the iApp for the first question about configuration? Then near the bottom of the iApp select debug for the question "What level of internal logging would you like this solution to use (debug/info during testing)?". Once done please cause some events to be triggered (ASM violation, etc..) and look at /var/log/ltm for messages around that time and include any relevant ones back here.

NOTE: Be sure no sensitive information is included in the logs, feel free to switch to the slack channel and send via direct message if you prefer.

[strtdusty]

@jsevedge That definitely helped. Lots of log info but I believe the key one is: Jan 10 15:03:33 vm-usw-icsp-stage-f5-waf-01 info tmm2[40715]: Rule /Common/Azure-OMS-logger.app/Azure-OMS-logger_send_ir : Payload Data 453: {"Error":"InvalidAuthorization","Message":"The workspace key could not be validated due to the local system time not matching the time in Azure. Please check that the local system time is accurate and the correct time zone is set. The request time was 1\/10\/2018 3:03:33 PM +00:00 while the service processed the request at 1\/10\/2018 11:03:33 PM +00:00. The difference in time was 08:00:00.5588272 and the maximum allowed difference is 00:15:00."} Server is set to "America/Los Angeles" time zone. Time is correct looking at the UI

For clarity, the time being sent from Big-IP is the local time but appears to be specified as GMT (it was 3:03 PM Pacific when the message was sent)

[jsevedge]

@strtdusty Ah ha, you found a valid bug. It will be fixed in the next official release, however i have also pushed it to the develop branch so pull the iApp from there and try again in the meantime. Let me know if it works for you!

https://github.com/F5Networks/f5-cloud-iapps/tree/develop/f5-cloud-logger

[jsevedge]

@strtdusty Oh, and once you verify it works remember to go back in and set the logging level to error (maybe info) to stop all the log messages that were generated in debug mode.

[strtdusty]

The dev branch fixes our isse. Thanks!