Forum Discussion
Rodrigo_Mori_13
Cirrus
CirrusConfiguring Syslog Server for a Specific Virtual Server
Hi, guys
I have an application in BIG IP, according to the image.
I need all the IPs that have accessed VS_APP1 to be registered on the syslog server.
Someone could help me set this up...
Greetings,
I haven't used the virtual server's Request Logging profile much, but was able to create a profile that logs the source IP address of the connecting client:
In the Request profile Template section, I simply entered:
Client IP is: ${CLIENT_IP}
And it was sent to the remote syslog:
14:10:53.969588 IP 10.12.23.120.48392 > 10.12.23.27.514: [|syslog] 0x0000: 4500 0037 cb69 4000 ff11 6da1 0a0c 1778 E..7.i@...m....x 0x0010: 0a0c 171b bd08 0202 0023 7989 436c 6965 .........y.Clie 0x0020: 6e74 2049 5020 6973 3a20 3130 2e31 322e nt.IP.is:.10.12. 0x0030: 3235 302e 3133 30 250.130Hope this is useful!
Kevin
bogdanalexandru
Nimbostratus
NimbostratusIt's all about the default syslog message format as it turns out.
Here's what worked for me:
- Request Logging Template = $DATE_MON $DATE_DD $TIME_HMS slot1/NNORM3-LB002V01 notice msg[HTTP-REQ-LOG] src-ip=$CLIENT_IP method=$HTTP_METHOD uri=$HTTP_URI* everything that is not preceded by $ (text in bold) is just simple text i entered that appears "as is" in logs
- syslog-ng filter = host("NNORM3-LB002V01" ) and match("HTTP-REQ-LOG" value("MESSAGE"))
- log message example = Jun 29 01:28:27 slot1/NNORM3-LB002V01 notice msg[HTTP-REQ-LOG] src-ip=10.250.158.188 method=GET uri=/dsa-claims
Enjoy