Forum Discussion
TJ_Vreugdenhil
Cirrus
CirrusAPM W3C Local Logging iRule
Hi
We are using the local logging irule found here on devcentral:
https://devcentral.f5.com/wiki/irules.FormattedLoggingForW3c.ashx
Everything seems to populate correctly, except for the H...
TJ_VreugdenhilCirrus
CirrusHi Kevin - In using the iRule above and I get a TCL error that it doesn't recognize the http_request_time in the HTTP_RESPONSE.
So what I did was move everything out of the ACCESS_ACL_ALLOWED event except for the username variable and I again get a TCL error in the HTTP_RESPONSE but now just for the http_username.
It looks like the ACCESS events and the HTTP events do not play nice together.
Would something like this work:
when HTTP_REQUEST {
set http_request "\"[HTTP::method] [HTTP::uri] HTTP/[HTTP::version]\""
set http_request_time [clock clicks -milliseconds]
set http_host [HTTP::host]
set client_ip [IP::remote_addr]
set client_port [TCP::remote_port]
set http_request_uri [HTTP::uri]
set referer [HTTP::header value referer]
}
when ACCESS_SESSION_STARTED {
set userid [ACCESS::session data get "session.logon.last.username"]
set userip [ACCESS::session data get "session.user.clientip"]
set useragent [ACCESS::session data get "session.user.agent"]"
}
when ACCESS_POLICY_COMPLETED {
set log_msg ""
append log_msg "userid=$userid "
append log_msg "userip=$userip "
append log_msg "useragent=$useragent "
log local0. $log_msg
}
when HTTP_RESPONSE {
set response_time [expr [clock clicks -milliseconds] - $http_request_time]
set virtual [virtual]
set content_length 0
if { [HTTP::header exists "Content-Length"] } {
set content_length [HTTP::header "Content-Length"]
}
set lb_server "[LB::server addr]:[LB::server port]"
if { [string compare "$lb_server" ""] == 0 } {
set lb_server ""
}
set status_code [HTTP::status]
set content_type [HTTP::header "Content-type"]
append log_msg "virtual=$virtual "
append log_msg "client_ip=$client_ip "
append log_msg "client_port=$client_port "
append log_msg "lb_server=$lb_server "
append log_msg "host=$http_host "
append log_msg "$http_request_uri "
append log_msg "request=$http_request "
append log_msg "server_status=$status_code "
append log_msg "content_length=$content_length "
append log_msg "content_type=$content_type "
append log_msg "resp_time=$response_time "
append log_msg "referer=$referer"
log local0. $log_msg
log local0. $log_msg
}
or how about putting the username in a HTTP header like this:
when ACCESS_ACL_ALLOWED {
set user [ACCESS::session data get "session.logon.last.username"]
HTTP::header insert "X-USERNAME" $user
}
when HTTP_RESPONSE {
set log_msg ""
append log_msg "user=$user "
log local0. $log_msg
}
I would also like to know where I can find a list of ACCESS:session data get variables? Also would it be easier to log this data by using ASM?
Thanks!
