Forum Discussion

andrew_deackes_'s avatar
andrew_deackes_
Icon for Nimbostratus rankNimbostratus
Jul 13, 2009

How log only specific source IP's?

Hi,

 

 

I did a little research and found the following i-Rule which seems to be exactly what I want for logging response times.

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/LogTcpAndHttpRequestResponseInfo.html

 

 

However, I'd like to be able to only log specific source IP's. I tried adding a data list of ips and using a line to match that list. So instead of:

 

 

when CLIENT_ACCEPTED {

 

Get time for start of TCP connection in milleseconds

 

set tcp_start_time [clock clicks -milliseconds]

 

 

the i-Rule starts:

 

 

when CLIENT_ACCEPTED {

 

if { [matchclass [IP::remote_addr] equals $::REQ_IP] }{

 

Get time for start of TCP connection in milleseconds

 

set tcp_start_time [clock clicks -milliseconds]

 

 

but I get errors when I try to install that. Can someone please advise how I change this i-Rule to only log for traffic from a specific IP?

 

 

Thanks

 

 

Andy
application delivery
dev
devops
iRules
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jul 13, 2009
    Hi Andy,

    That looks like a good start. Can you try something like this and reply with the error message/symptoms if you see a problem? 

     
 when CLIENT_ACCEPTED { 
  
     Check the REQ_IP datagroup to see whether this is a client IP address we want to log for 
    if { [matchclass [IP::remote_addr] equals $::REQ_IP] }{ 
  
       set log_connection 1 
  
        Get time for start of TCP connection in milleseconds 
       set tcp_start_time [clock clicks -milliseconds] 
  
        Log the start of a new TCP connection 
       log "New TCP connection from [IP::client_addr]:[TCP::client_port] to [IP::local_addr]:[TCP::local_port]" 
    } else { 
       set log_connection 0 
    } 
 } 
 when HTTP_REQUEST { 
  
     If we're not logging for this client IP, exit this event in this iRule 
    if {$log_connection != 1}{ return } 
  
     Get time for start of HTTP request 
    set http_request_time [clock clicks -milliseconds] 
  
     Log the start of a new HTTP request 
    set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]" 
    log local0. "$LogString (request)" 
 } 
  
 when HTTP_RESPONSE { 
     If we're not logging for this client IP, exit this event in this iRule 
    if {$log_connection != 1}{ return } 
  
     Received the response headers from the server.  Log the pool name, IP and port, status and time delta 
    log local0. "$LogString (response) - pool info: [LB::server] - status: [HTTP::status] (request/response delta: [expr [clock clicks -milliseconds] - $http_request_time]ms)" 
 } 
 when CLIENT_CLOSED { 
     If we're not logging for this client IP, exit this event in this iRule 
    if {$log_connection != 1}{ return } 
  
     Log the end time of the TCP connection 
    log "Closed TCP connection from [IP::client_addr]:[TCP::client_port] to [IP::local_addr]:[TCP::local_port] (open for: [expr [clock clicks -milliseconds] - $tcp_start_time]ms)" 
 }

    Aaron
  • andrew_deackes_'s avatar
    andrew_deackes_
    Icon for Nimbostratus rankNimbostratus
    Jul 13, 2009
    Hi Aaron,

     

     

    thanks for you help, I've just tried that on a test LTM and it seems to have done the trick! Only did a quick test but certainly seems to be working how I wanted, will play around a bit more to ensure its working as expected.

     

     

    Thanks very much :-)