Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Nandhi's avatar
Nandhi
Icon for Cirrus rankCirrus
Oct 18, 2022

HSL iRule to log http status error output to syslog server

All, I am new to irule. Looking for experts suggestion one of the iRule while will log an output to a syslog server directly. The iRule should check the http status code of the connection and send t...
application delivery
H55Matz's avatar
H55Matz
Icon for Nimbostratus rankNimbostratus
Oct 19, 2022

((this spam has been removed by admins, but the comment left so that Kevin's reply below doesn't get nuked))

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 19, 2022

    Try removing HTTP::has_responded.

    when CLIENT_ACCEPTED {
   set hsl [HSL::open -proto UDP -pool syslog_server_pool] 
}
when HTTP_RESPONSE {
   set status_code [HTTP::STATUS]
   set log_msg ""
   append log_msg "$Client_ip" 
   append log_msg "$status_code"
   HSL::send $hsl"<190> $log_msg"
}
    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      Oct 26, 2022

      Nandhi did this work for you? if so please flag the question as answered.

    • Nandhi's avatar
      Nandhi
      Icon for Cirrus rankCirrus
      Oct 27, 2022

      Thanks Kevin for the response.

      Can you please help to brief what will fetch or not captured if remove the statement "when HTTP_RESPONSE {if {HTTP::has_responded]} {return}" in the rule.

      Thanks.

      • Kevin_Stewart's avatar
        Kevin_Stewart
        Icon for Employee rankEmployee
        Oct 28, 2022

        I'm not entirely sure that removing HTTP::has_responded would work here. But that statement is basically triggering on the presence of preceding iRule logic. You mentioned in the initial post that the 500 response was being logged by another iRule.