Forum Discussion

Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Mar 04, 2014

The real issue is going to be when you collect the username. The original article assumes you're getting it from an initial HTTP Basic authentication prompt. But since in this case you're probably getting it from an APM logon page, the following code may be more appropriate:

 

when ACCESS_ACL_ALLOWED {
    set http_request "\"[HTTP::method] [HTTP::uri] HTTP/[HTTP::version]\""
    set http_request_time [clock clicks -milliseconds]
    set http_user_agent "\"[HTTP::header User-Agent]]\""
    set http_host [HTTP::host]
    set http_username [ACCESS::session data get session.logon.last.username]
    set client_ip [IP::remote_addr]
    set client_port [TCP::remote_port]
    set http_request_uri [HTTP::uri]
    set referer [HTTP::header value referer]
}
when HTTP_RESPONSE {
    set response_time [expr [clock clicks -milliseconds] - $http_request_time]
    set virtual [virtual]
    set content_length 0
    if { [HTTP::header exists "Content-Length"] } {
        set content_length [HTTP::header "Content-Length"]
    }
    set lb_server "[LB::server addr]:[LB::server port]"
    if { [string compare "$lb_server" ""] == 0 } {
        set lb_server ""
    }
    set status_code [HTTP::status]
    set content_type [HTTP::header "Content-type"]
    set log_msg ""
    append log_msg "virtual=$virtual "
    append log_msg "client_ip=$client_ip "
    append log_msg "client_port=$client_port "
    append log_msg "lb_server=$lb_server "
    append log_msg "host=$http_host "
    append log_msg "username=$http_username "
    append log_msg "$http_request_uri "
    append log_msg "request=$http_request "
    append log_msg "server_status=$status_code "
    append log_msg "content_type=$content_type "
    append log_msg "content_length=$content_length "
    append log_msg "resp_time=$response_time "
    append log_msg "user_agent=$http_user_agent "
    append log_msg "referer=$referer"
       log  local0. $log_msg
    log local0. $log_msg
}

Notice this version is basically swapping the HTTP_REQUEST event for the ACCESS_ACL_ALLOWED event, and collecting the username in the session.logon.last.username APM session variable.