Forum Discussion
kong5_153476
Nimbostratus
NimbostratusA irule of source IP and IP after SNAT
After the SNAT config used SNAT pool, Customer requested that record the correspondence of source IP and IP after SNAT to file /var/log/ltm. Request every connections, such as TCP、UDP etc.
Anyone can help me?
Here's another link with an example of logging the entire connection.. client, client(snat) and server for TCP.
https://devcentral.f5.com/questions/how-to-monitor-internal-ip-translate-to-which-ip-snat-in-pool
Example from that link is here.
rule myrule { when SERVER_CONNECTED { log local0. "" log local0. "cs client [IP::client_addr]:[TCP::client_port]" log local0. "cs server [clientside {IP::local_addr}]:[clientside {TCP::local_port}]" log local0. "ss client [IP::local_addr]:[TCP::local_port]" log local0. "ss server [IP::remote_addr]:[TCP::remote_port]" } }
Jason_40733Cirrocumulus
Here is a good question/answer on writing irules for logging connections.
https://devcentral.f5.com/questions/writing-an-irule-to-log-all-traffic
It includes examples for logging TCP and UDP traffic. Though it does not show you how to log the SNAT'd IP address.
Jason
- Jason_40733
Here's another link with an example of logging the entire connection.. client, client(snat) and server for TCP.
https://devcentral.f5.com/questions/how-to-monitor-internal-ip-translate-to-which-ip-snat-in-pool
Example from that link is here.
rule myrule { when SERVER_CONNECTED { log local0. "" log local0. "cs client [IP::client_addr]:[TCP::client_port]" log local0. "cs server [clientside {IP::local_addr}]:[clientside {TCP::local_port}]" log local0. "ss client [IP::local_addr]:[TCP::local_port]" log local0. "ss server [IP::remote_addr]:[TCP::remote_port]" } }
kong5_153476Thanks, for your method, I have succeed to log the SNAT‘s IP with TCP type connections to the /var/log/ltm.