Forum Discussion
Arnaud_Ciron_12
Jan 18, 2008Nimbostratus
For a start, just a simple logging would be enough :
How can I log successul SSL connections ?
How can I log failed connections ?
I've tried some code to log HTTP connection which is working fine :
when CLIENT_ACCEPTED {
log local0. "client: [IP::remote_addr]:[TCP::remote_port] -> dest: [IP::local_addr]:[TCP::local_port]"
}
But I use HTTP only for testing purpose. When setup will be complete I will have to monitor SSL connections only.
Second problem : As far as I known logging to local0.* is written in /etc/var/tmm. We'll have thousand of connections going to that bigip and I wouldn't like to have not enough disk space. Instead I use a remote syslog server with this part of code inside syslog-ng.conf :
Send messages to localhost through udp port 514
destination d_remoteLogTunnel {
udp ("x.x.x.x" port (514));
};
Performing logging
log {
source (local);
filter (f_catchall);
destination (d_remoteLogTunnel);
};
How can I send connections logging only to remote server ?