Forum Discussion

Nimbostratus

15 years ago

Client IP Logging with F5 & Splunk

I was wondering if anyone has written an iRule that strips down HTTP header/data and log it as a syslog? I have Webseals behind F5's and the F5's run with Auto SNAT. This is making life miserable sin...

Nimbostratus

15 years ago

Hi Hari,

If you set up your Syslog-ng then you can virtually use the irules to send all different types to yoru syslog

For example


when HTTP_REQUEST {
     log local0 "Client IP address:{IP:client_addr]"
}

There are many permutations on how you want to log

Here are some links that will help you

http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1084377/Writing-to-and-rotating-custom-log-files.aspx

http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=190

http://devcentral.f5.com/wiki/default.aspx/iRules/session.html

http://devcentral.f5.com/wiki/default.aspx/iRules/HTTP__header.html

I hope this helps

Bhattman

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Client IP Logging with F5 & Splunk

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

How to Verify config before loading to F5

Logical Disk Full to Migrate rSeries

HSL - Local TimeZone - in syslog server

VIP control across data centers - how to ensure only 1 VIP is up at a time?

Related Content

routing to splunk for asm logging

Setting up F5 Telemetry Streaming with Splunk Cloud

Log client to vip connections

Logging/Blocking possible prompt injection

Get actual client ips in splunk

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS