Forum Discussion
kong5_153476
Nimbostratus
NimbostratusA irule of source IP and IP after SNAT
After the SNAT config used SNAT pool, Customer requested that record the correspondence of source IP and IP after SNAT to file /var/log/ltm. Request every connections, such as TCP、UDP etc.
Anyon...
Here's another link with an example of logging the entire connection.. client, client(snat) and server for TCP.
https://devcentral.f5.com/questions/how-to-monitor-internal-ip-translate-to-which-ip-snat-in-pool
Example from that link is here.
rule myrule { when SERVER_CONNECTED { log local0. "" log local0. "cs client [IP::client_addr]:[TCP::client_port]" log local0. "cs server [clientside {IP::local_addr}]:[clientside {TCP::local_port}]" log local0. "ss client [IP::local_addr]:[TCP::local_port]" log local0. "ss server [IP::remote_addr]:[TCP::remote_port]" } }
Jason_40733
Cirrocumulus
CirrocumulusHere's another link with an example of logging the entire connection.. client, client(snat) and server for TCP.
https://devcentral.f5.com/questions/how-to-monitor-internal-ip-translate-to-which-ip-snat-in-pool
Example from that link is here.
rule myrule { when SERVER_CONNECTED { log local0. "" log local0. "cs client [IP::client_addr]:[TCP::client_port]" log local0. "cs server [clientside {IP::local_addr}]:[clientside {TCP::local_port}]" log local0. "ss client [IP::local_addr]:[TCP::local_port]" log local0. "ss server [IP::remote_addr]:[TCP::remote_port]" } }
kong5_153476Thanks, for your method, I have succeed to log the SNAT‘s IP with TCP type connections to the /var/log/ltm.