Benjamin_8557
Apr 22, 2016Altostratus
[HSL] log iRule events with HSL
Hi,
I try to send logs events in iRule with HSL but I don't see any logs on my syslog servers (2 members in my pool). I'm logging with de command 'log'. I can see it in my /var/log/ltm but not in the syslog servers.
thank you, regards,
Ben
The
command uses syslog-ng on the box, and by default,log
sends messages to the facility local0. Also, by default, local0 is delivered to (and only to) /var/log/ltm.log
To use High Speed Logging, you need to utilize the
primitives:HSL::
The best approach is to create a Log Publisher, the reference that from the HSL commands. Here is an example, including the configuration for the publisher:
ltm pool pool-hsl-logging { members { syslog-server-01:514 { address 10.10.10.100 session monitor-enabled state down } syslog-server-02:514 { address 10.10.10.200 session monitor-enabled state down } } monitor gateway_icmp } sys log-config destination remote-high-speed-log dest-hsl-logging { pool-name pool-hsl-logging protocol udp } sys log-config destination remote-syslog dest-syslog { format rfc5424 remote-high-speed-log dest-hsl-logging } sys log-config publisher publisher-remote-syslog { destinations { dest-syslog { } } }
An iRule using this might look like:
when RULE_INIT { set static::general_remote_syslog_publisher "publisher-remote-syslog" } when CLIENT_ACCEPTED { set hsl [HSL::open -publisher $static::general_remote_syslog_publisher] HSL::send $hsl "Client connect from [IP::client_addr]:[TCP::client_port]" } when HTTP_REQUEST { if { [HTTP::header exists X-Forwarded-For] } { HSL::send $hsl "Client has X-Forwarded-For: [HTTP::header X-Forwarded-For]" } else { HSL::send $hsl "Client has no X-Forwarded-For" } }