High Speed Logging (HSL:: commands)

 

Sorry it took so long. I just noticed this question...

 

 

HSL::send $hsl "$LogString [HTTP::status] pool_info: [LB::server] (ResponseTime: [expr [clock clicks -milliseconds] - $http_request_time]ms)\n"

 

 

Notice the \n in the string... Standard unix EOL character... (LineFeed)

 

 

H

The examples show the HSL::open command being run in the CLIENT_ACCEPTED event. So, will every new connection grab a new handle for HSL logging? Could the HSL::open command go inside RULE_INIT, and if so, is it likely to improve performance?

 

 

I'm just trying to figure out if the LTM could "run out" of available handles for HSL under load.

 

 

thanks for any reply

How and where do we apply this iRule, have a confusion about this. I am trying to setup a remote syslog server and dont want any of the logs collected locally on the F5 device, LTM in this case. How to set this up.Please help me with this.

You would create an iRule which initiates the HSL connection and sends messages to the pool. You'd then associate the iRule with any virtual server which you want the iRule to run on.

 

 

Aaron

SYSLOG-NG.CONF file

 

==================

 

 

I need help in understanding the functionality of the syslog-ng.conf file in the folder /etc/syslog-ng. Can any of you kindly direct me to the document which explains this file in detail. I see that this file when tweaked can help determine the logging, just want to understand the way it functions. Thanks for any help will be much appreciated. Thanks

 

sprashanthac

the HSL is not based on syslog-ng. it is basic TCP/UDP.

 

 

syslog-ng, if you wish to use that, is a not an F5 feature - you should be able to google it.

Yeah right , think this question should be posted on the syslog-ng section not in the HSL one

 

As Simon said, the syslog-ng configuration is standard. You can look up the available options for your specific version (retrieved by running syslog-ng -V on the unit) on these sites:

 

 

http://www.syslog.org/syslog-ng/v2/

 

http://www.balabit.com/support/documentation

 

http://www.balabit.com/support/documentation/syslog-ng-v2.0-guide-admin-en.pdf

 

 

One significant difference with using syslog-ng on the LTM platform is that you need to modify the syslog-ng configuration that LTM loads using the bigip_sys.conf or bpsh utility. Deb wrote a great article on this:

 

 

LTM 9.4.2+: Custom Syslog Configuration

 

http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=155

 

 

Aaron

Posted By sirwin on 06/08/2010 09:10 AM

 

The examples show the HSL::open command being run in the CLIENT_ACCEPTED event. So, will every new connection grab a new handle for HSL logging? Could the HSL::open command go inside RULE_INIT, and if so, is it likely to improve performance?

 

 

I'm just trying to figure out if the LTM could "run out" of available handles for HSL under load.

 

 

thanks for any reply

 

I was informed that there isn't actually any gain in trying to use a shared handle for HSL as HSL internally caches and garbage-collects message queues and connections.

 

 

Aaron