Forum Discussion
TFleming
Nimbostratus
NimbostratusFind connection attempts via source IP
Hey guys, I'm fairly new to F5. We have one configured before I started working here. We have a windows terminal server virtual server in our F5 that load balances between 18 different back end termi...
when CLIENT_ACCEPTED { set LogString "Client [IP::client_addr]" log local0. "==== $LogString (request) =====" } when SERVER_CONNECTED { log local0. "==== $LogString (server connected) - server: [LB::server addr]:[LB::server port] ====" }I have tested that this works
Beaker
Cirrus
CirrusYou can accomplish this with an Irule on the VIP that would log the connections and output them into the ltm log.
Something like this should help with troubleshooting. But I would only use while troubleshooting not as a permanent addition:
when HTTP_REQUEST {
set LogString "Client [IP::client_addr]:[TCP::client_port] -> Requested Host[HTTP::host][HTTP::uri]"
log local0. "==== $LogString (request) ====="
}
when SERVER_CONNECTED {
log local0. "==== $LogString (server connected) - server: [LB::server addr]:[LB::server port] ===="
}
when HTTP_RESPONSE {
log local0. "==== $LogString (response) - status: [HTTP::status] ===="
}
TFlemingGreat thank you! One quick question because I don't want to make any assumptions, will this cause an outage of any kind? Will I need to restart anything to have he iRule work?
- Beaker
This should no impact on actual traffic as all that is happening is the F5 is logging details of the connection. Depending on the traffic load it could lead to a lot of entries in the ltm log but that is why it is recommended for troubleshooting not permanent use.
- TFleming
Great thank you!
- TFleming
One slight hickup, it's not an http request, but using RDP so a port 3389 request maybe? So I get an error when I try to apply the iRUle.
- TFleming
Here is a screencap of our virtual server overview if it helps.