Forum Discussion

Matt_59095's avatar
Matt_59095
Icon for Nimbostratus rankNimbostratus
Aug 18, 2011

IP to DNS reverse lookup + Geo location? Delimitted format?

LTM 1500 9.4.8     Hi - we'd like to see where our website traffic is coming from, and by which companies. I'd prefer to log that into a format that i can read into a database table, so that i ...
application delivery
dev
devops
iRules
Matt_59095's avatar
Matt_59095
Icon for Nimbostratus rankNimbostratus
Sep 21, 2011
Hi Aaron,

Here is the exact rule, copied from my LTM. I haven't even checked logging yet - i'm just testing to see if my webpage comes up after i apply the irule, and it does not. I get the "no data received" message in my chrome browser - error 324 ERR_EMPTY_RESPONSE. As i said, i have this irule, and a default pool - i wasn't sure if i maybe need to add the pool into the irule itself somewhere for this to all process correctly? I'm content with logging this locally, since traffic load will be really light, and this will just process one log entry per session, so there shouldn't be a whole lot of data being logged. 

 
 when CLIENT_ACCEPTED {  
  Add some logic for determining which clients to log for  
 if {[matchclass [IP::client_addr] equals $::filteredAddresses]}{  
  Get time for start of TCP connection in milleseconds  
 set tcp_start_time [clock clicks -milliseconds]  
  Log the start of a new TCP connection  
 log "New TCP connection from [IP::client_addr]:[TCP::client_port] to [IP::local_addr]:[TCP::local_port]"  
 } else {  
  Disable all events for this rule and any other rule for this connection  
 event disable all  
 }  
 }  
 when HTTP_REQUEST {  
  Get time for start of HTTP request  
 set http_request_time [clock clicks -milliseconds]  
  Log the start of a new HTTP request  
 set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]"  
 log local0. "$LogString (request)"  
 }  
 when HTTP_RESPONSE {  
  Received the response headers from the server. Log the pool name, IP and port, status and time delta  
 log local0. "$LogString (response) - pool info: [LB::server] - status: [HTTP::status] (request/response\  
 delta: [expr [clock clicks -milliseconds] - $http_request_time]ms)"  
 }  
 when CLIENT_CLOSED {  
  Log the end time of the TCP connection  
 log "Closed TCP connection from [IP::client_addr]:[TCP::client_port] to [IP::local_addr]:[TCP::local_port]\  
 (open for: [expr [clock clicks -milliseconds] - $tcp_start_time]ms)"  
 }