Forum Discussion
4 Replies
- Cory_50405Noctilucent
We do something similar. I'm sure it could be optimized, but it works:
when SERVER_CONNECTED { set client_remote "[IP::client_addr]:[TCP::client_port]" set client_local "[IP::local_addr clientside]:[TCP::local_port clientside]" set server_local "[IP::local_addr]:[TCP::local_port]" set server_remote "[IP::server_addr]:[TCP::server_port]" log local0. "Got connection: Client($client_remote)<->($client_local)LTM($server_local)<->($server_remote)Server" }
- Jeffrey_Silver1Nimbostratus
Thanks Cory. I'm going to give this a try.
- Mohamed_LrhaziAltocumulus
In the HTTP profile you can also enable the injection of response header "X-FORWADED-FOR" which the backend server can then log too.
- Kevin_StewartEmployee
I take it you're looking for a logging function - sending the data to Splunk. The X-Forwarded-For option is for inserting an HTTP header in the request to the application server. You can certainly use the [IP::client_addr] command in mostly any of the client side events (ie. CLIENT_ACCEPTED, HTTP_REQUEST, etc.), and you'll most likely also want to do this with High Speed Logging in lieu of standard "log local" functions:
https://devcentral.f5.com/wiki/iRules.HSL__send.ashx
If you can move up to (at least) 11.1, you can also just build a request logging profile and completely skip the iRules: