Forum Discussion
hoangnv
Nimbostratus
NimbostratusForward the output of command tmsh show sys connection to External Server Logs
Hi guys, I want to config forward logs of the output of command " tmsh show sys connnection" to External Server Logs to monitor traffic on F5. How can I do this.? Thanks for you help.
Lucas_Thompson
Employee
EmployeeIf your goal is to monitor all connection flows, like *every single connection* that's established, you can do this using iRules or LTM Policies. But you have to pick exactly what data is important to you. BIG-IP is a full 2-sided L7 proxy so you can log almost any piece of data that you want on either the serverside or clientside in Ethernet, VLAN, IP, TCP, SSL, HTTP, etc, as long as it's not encrypted. If you can give a specific list of data items you want to log, we can provide an example config to do that.
If you want to know periodically what is the count of connections, zamroni777's solution is awesome. BIG-IP also keeps track of this (connflow count) and other important things internally in the RRD graphs:
https://my.f5.com/manage/s/article/K50425247
hoangnvHow can I use iRules or LTM Policies to monitor all connection flows.
Please share me guide. Thanks
- Lucas_Thompson
Sure. BIG-IP can definitely log data about all connection flows.
If you don't know what data you need to monitor, you'd probably start with a generic one. We do have such generic article here:
Log client to vip connections | DevCentral
- hoangnv
I want to monitor output of command "tmsh show sys connection cs-client-addr".
Maybe like this :
tmsh show sys connection cs-client-addr 10.10.10.77
Sys::Connections
10.10.10.77:55130 10.10.10.69:22 10.10.10.60:55130 10.10.10.71:22 tcp 241 (tmm: 1) none none
Total records returned: 1