Forum Discussion

Nimbostratus

Jun 07, 2010

Client IP Logging with F5 & Splunk

I was wondering if anyone has written an iRule that strips down HTTP header/data and log it as a syslog? I have Webseals behind F5's and the F5's run with Auto SNAT. This is making life miserable sin...

Nimbostratus

Jun 08, 2010

Hi Hari,

If you set up your Syslog-ng then you can virtually use the irules to send all different types to yoru syslog

For example


when HTTP_REQUEST {
     log local0 "Client IP address:{IP:client_addr]"
}

There are many permutations on how you want to log

Here are some links that will help you

http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1084377/Writing-to-and-rotating-custom-log-files.aspx

http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=190

http://devcentral.f5.com/wiki/default.aspx/iRules/session.html

http://devcentral.f5.com/wiki/default.aspx/iRules/HTTP__header.html

I hope this helps

Bhattman

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Client IP Logging with F5 & Splunk

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 object groups in AFM

Round-robin method not load balanced

F5 ASM with fortisandbox

Disabling signature for a URL

Expired client-certificate

Related Content

routing to splunk for asm logging

Setting up F5 Telemetry Streaming with Splunk Cloud

Get actual client ips in splunk

Log client to vip connections

F5 Distributed Cloud Telemetry (Logs) - Loki

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS