Forum Discussion
krishans_52349
Jan 25, 2011Nimbostratus
Configure syslog server in F5 with an irule to see actual internet IP in syslog server
Hi,
we are using Big IP 3900 version 10.2 , We had network topolgy in this way that we need to enable SNAT as AutoMap , For this reason we are not been able to see the actual Internet IP / Client IP , in the servers .
We want configure an irule in such a way that it will log the actual Internet/Client IP and send it to the syslog server . For that should we need to configure syslog server in F5 , or it can be configured or forward through irule itself.
Our mail Aim is to see only the Actual Internet/Client IP.
Please help
Thanks in Advance for the help
- Chris_MillerAltostratusAre you just using HTTP? If so, you can insert it in an X-Forwarded-For header and have your web server parse for that. Otherwise, you can use an iRule to log the client's ip address and send it to whatever logging facility you want. As long as your F5 box is configured to pass the data to the syslog server, that should be plenty easy.
- krishans_52349NimbostratusHi Chris ,
- Chris_MillerAltostratusHere's a good doc on configuring syslog:
when CLIENT_ACCEPTED { log local0. "Client's IP Address was [IP::client_addr]" }
- Chris_MillerAltostratusHere's an absolutely perfect example for you:
- krishans_52349NimbostratusHi Chris ,
- Colin_Walker_12Historic F5 AccountYes, in 10.2 you should be able to log directly to your syslog server via the log command.
- hooleylistCirrostratusHSL in 10.1 and higher would be more efficient than the older log command. If you're on 9.4.0 - 10.0.x, you could use 'log -remote':
- krishans_52349NimbostratusHi ,
- Colin_Walker_12Historic F5 AccountThe log statement actually uses the same HSL exit point on the LTM if you supply an IP address post 10.1, so log and HSL should be equally efficient, last I checked.
- krishans_52349NimbostratusHi Colin ,
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects