Forum Discussion
krishans_52349
Jan 25, 2011Nimbostratus
Configure syslog server in F5 with an irule to see actual internet IP in syslog server
Hi,
we are using Big IP 3900 version 10.2 , We had network topolgy in this way that we need to enable SNAT as AutoMap , For this reason we are not been able to see the actual Internet IP / Client IP , in the servers .
We want configure an irule in such a way that it will log the actual Internet/Client IP and send it to the syslog server . For that should we need to configure syslog server in F5 , or it can be configured or forward through irule itself.
Our mail Aim is to see only the Actual Internet/Client IP.
Please help
Thanks in Advance for the help
- Colin_Walker_12Historic F5 AccountIt depends on what you're trying to log. If all you want is the client /pool info, then the three SERVER_CONNECTED lines should be just fine.
- krishans_52349Nimbostratus
- Colin_Walker_12Historic F5 AccountAhh, that's a bit of an issue actually. Your iRule won't be able to send traffic out the management port. That'd be a heinous security risk. You'll need to make sure the syslog server you want to send traffic to is routable from a non management interface on the system.
- Chris_MillerAltostratusYou can read about management interface routing here. It's a very powerful tool, I use it constantly.
This is an interesting situation though since the traffic is being handled by TMM. Any thoughts guys?
- Colin_Walker_12Historic F5 AccountI guess I'd have to try it out, but my understanding is (always has been) that you can't traverse from TMM to management for good reason. The article you linked says:
- krishans_52349NimbostratusHi Collin ,
- Chris_MillerAltostratusPosted By Colin Walker on 01/26/2011 07:21 AM
- Colin_Walker_12Historic F5 AccountIt's considered one transaction because the TMM is the one dumping the log to the wire if you configure iRules to send the log directly. If you think about it that way, it makes total sense, I think.
- krishans_52349NimbostratusHi Colin ,
- Colin_Walker_12Historic F5 AccountThe iRule will be the exact same syntax minus the IP address:
when SERVER_CONNECTED { log local0.info "Client: [IP::client_addr], Pool member [IP::server_addr]:[TCP::server_port]" }
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects