How to detect RST timeouts and http timeouts through irules

For the TCP RST do you really need an iRule to detect this as there are global variables https://support.f5.com/csp/article/K13223 ? Also if the irule is causing the RST because of a config error look in the /var/log/ltm for "TCL error:" messages or for "reject" in the irule.

https://support.f5.com/csp/article/K13905

https://support.f5.com/csp/article/K9812

https://support.f5.com/csp/article/K10191

 If you TCL Errors google the error and solve it (also check the F5 ihealth if it detected issue with the irule and check the error in F5 bug tracker https://support.f5.com/csp/bug-tracker) and if needed use the "Catch" command to escape the error.

https://devcentral.f5.com/s/articles/irules-101-07-catch

For HTTP request timeout because the F5 HTTP profiles or TCP connection timeout because the TCP profiles the TCP RST variables should log this.

Another hint is when writting an iRule to set variables that log at the Client_Accepted , HTTP_REQUEST etc. events and then to log the variables in /var/log/ltm or for example in splunk and then to compare when TCP handshake was done and after what time the HTTP_REQUEST event was triggered maybe at its end or start etc.

See the Splunk iRule and for example the variables:

set tcp_start_time [clock clicks -milliseconds]

set req_start_time [clock format [clock seconds] -format "%Y/%m/%d %H:%M:%S"]

https://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Setup

You can modify the Irule to log to /var/log/ltm if needed but I don't recommend logging much data locally. Read:

https://support.f5.com/csp/article/K55131641

https://devcentral.f5.com/s/articles/the101-irules-101-logging-amp-comments

https://clouddocs.f5.com/api/irules/HSL.html