Hi,
I am implementig something similar. For security reasons, our client whants to log all the snat conections of the clients. They want to know what snat ip was assigned to which client at what time, and the time that connection was clossed.
For the start of the session I have used SERVER_CONNECTED event, and for the close of the session: SERVER_CLOSED event.
This is the first rule I am testing (quite simple):
when SERVER_CONNECTED {
set snat [IP::local_addr]
log local0. $snat
log local0. "[IP::client_addr], [IP::local_addr], [IP::server_addr]"
}
when SERVER_CLOSED {
set snat [IP::local_addr]
log local0. $snat
log local0. "[IP::local_addr], [IP::server_addr]"
}
I have been making some tests using the virtual to http navigation, and I have seen that lots of messages are being logged in ltm.log, and i afraid in production, the log will be hugh. I expected virtual should make some kind of persistence, and once a client has oppened a connection, it will stay for a while. But in the test, lots of sessions are being stablished and clossed in a few secconds continusly.
Do you think that behaviour is normal??? Or perhaps I am not using events correctly??
Scott, Do you remember having problems with log size with that irule?? I think there is a maximum size of the log (not remember how much exactly), and I´m afraid system to go down due to the irule...
In other kind of issue, always I add a log in an irule, it is written in ltm.log. Now I am thincking in the possibility of using an especific file for this irule, not ltm.log. Do you know if it is possible to write log on a diferent file ??? (for example in /var/tmp/snat.log) Or it is not possible via iRule??
Thank you very much in advance.
Best regards.