Forum Discussion

Rodrigo_Mori_13's avatar
Rodrigo_Mori_13
Icon for Cirrus rankCirrus
Oct 03, 2017

Configuring Syslog Server for a Specific Virtual Server

Hi, guys   I have an application in BIG IP, according to the image.   I need all the IPs that have accessed VS_APP1 to be registered on the syslog server.   Someone could help me set this up...
application delivery
BIG-IP
LTM
  • Kevin_K_51432's avatar
    Kevin_K_51432
    Oct 03, 2017

    Greetings,

    I haven't used the virtual server's Request Logging profile much, but was able to create a profile that logs the source IP address of the connecting client:

    https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-11-5-0/1.html

    In the Request profile Template section, I simply entered:

    Client IP is: ${CLIENT_IP}

    And it was sent to the remote syslog:

    14:10:53.969588 IP 10.12.23.120.48392 > 10.12.23.27.514: [|syslog]
        0x0000:  4500 0037 cb69 4000 ff11 6da1 0a0c 1778  E..7.i@...m....x
        0x0010:  0a0c 171b bd08 0202 0023 7989 436c 6965  .........y.Clie
        0x0020:  6e74 2049 5020 6973 3a20 3130 2e31 322e  nt.IP.is:.10.12.
        0x0030:  3235 302e 3133 30                        250.130

    Hope this is useful!

    Kevin

Snl's avatar
Snl
Icon for Cirrostratus rankCirrostratus
Oct 05, 2017

one more option is to use HSL irule for this , create pool name POOL_SYSLOG

refer below 

POOL_SYSLOG-create a pool with syslog server ip address

    when HTTP_REQUEST {

set http_request_time [clock clicks -milliseconds]
set timestamp [clock format [clock seconds] -format {%d/%b/%Y:%H:%M:%S %z}] 
set remote [IP::remote_addr]
set client [IP::client_addr]:[TCP::client_port]
set url [HTTP::host][HTTP::uri]
set referer [HTTP::header "Referer"]
set vip [IP::local_addr]:[TCP::local_port]
set httpMethod [HTTP::method]
set httpVersion [HTTP::version]
set xforwardfor [HTTP::header X-Forwarded-For]
set url [string map " x" $url]
set referer [string map " x" $referer] 
set hsl [HSL::open -proto UDP -pool POOL_SYSLOG]

 Limit the url variable to 300 characters
if {[string length $url] > 300} {
  set url "[string range $url 0 300]..."   
}

 Limit the referer variable to 300 characters
if {[string length $referer] > 300} {
  set referer "[string range $referer 0 300]..."   
}

 Build the Request log line
set request_log_line " $timestamp  [virtual name]  $client  $remote  $vip  $url  $referer  $httpMethod  $httpVersion" 
log local0.info "Request - $request_log_line"
}

when HTTP_RESPONSE {

 VARIABLES
 Initialize local variables used in this rule

set http_response_time [ clock clicks -milliseconds ]
set client [IP::client_addr]:[TCP::client_port]
set node [IP::server_addr]:[TCP::server_port]
set nodeResp [HTTP::status]
set payloadLength [HTTP::payload length]
set responseTime [expr $http_response_time - $http_request_time]

  Build the Response log line
 set response_log_line "$client  $node  $nodeResp  $payloadLength  $responseTime  $http_request_time  $xforwardfor" 
log local0.info "Response - $response_log_line"

 Write Request and Response log lines to the LTM log
HSL::send $hsl "IRULE_COMMON_LOG : $request_log_line  -  $response_log_line"
 }
}