Forum Discussion
How to detect RST timeouts and http timeouts through irules
How to detect http request timeout and tcp rst through irules and log to ltm log
1 Reply
For the TCP RST do you really need an iRule to detect this as there are global variables https://support.f5.com/csp/article/K13223 ? Also if the irule is causing the RST because of a config error look in the /var/log/ltm for "TCL error:" messages or for "reject" in the irule.
https://support.f5.com/csp/article/K13905
https://support.f5.com/csp/article/K9812
https://support.f5.com/csp/article/K10191
If you TCL Errors google the error and solve it (also check the F5 ihealth if it detected issue with the irule and check the error in F5 bug tracker https://support.f5.com/csp/bug-tracker) and if needed use the "Catch" command to escape the error.
https://devcentral.f5.com/s/articles/irules-101-07-catch
For HTTP request timeout because the F5 HTTP profiles or TCP connection timeout because the TCP profiles the TCP RST variables should log this.
Another hint is when writting an iRule to set variables that log at the Client_Accepted , HTTP_REQUEST etc. events and then to log the variables in /var/log/ltm or for example in splunk and then to compare when TCP handshake was done and after what time the HTTP_REQUEST event was triggered maybe at its end or start etc.
See the Splunk iRule and for example the variables:
set tcp_start_time [clock clicks -milliseconds]
set req_start_time [clock format [clock seconds] -format "%Y/%m/%d %H:%M:%S"]
https://docs.splunk.com/Documentation/AddOns/released/F5BIGIP/Setup
You can modify the Irule to log to /var/log/ltm if needed but I don't recommend logging much data locally. Read:
https://support.f5.com/csp/article/K55131641
https://devcentral.f5.com/s/articles/the101-irules-101-logging-amp-comments
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com