Forum Discussion
NimbostratusIRULE -Caused Errors
I am VERY new to irules. I added the irule below to the my virtual server and 10 minutes later the team notified me that their application was getting errors. I need an irule that will send client IP, VS, Pool memeber information to a syslog (for my VS that are using SNAT).
when CLIENT_ACCEPTED { log 10.1.1.1 local0.info "Client Connected, IP: [IP::client_addr]" } when SERVER_CONNECTED { log 10.1.1.1 local0.info "Client: [IP::client_addr], Pool member [IP::server_addr]:[TCP::server_port]" }
Thanks, EC7
6 Replies
- Walter_Kacynski
Cirrostratus
Are there any errors reported in your ltm log?
Stanislas_Piro2Cumulonimbus
Hi,
This irule does nothing except logging... if it cause issues, it may write error with "TCL error" pattern in /var/log/ltm. find it to be sure what is wrong in your irule.
I'm not sure it is a good idea to specify a remote address in log command (I never used it).
Maybe it is the cause of the issue. I suggest to remove IP from log commands and configure remote logging on the system. another way is to use HSL (high speed logging).
Vijay_ECirrus
Try this to see if simple logging on the F5 works & if there are no application issues:
when CLIENT_ACCEPTED { log local0.info "Client Connected, IP: [IP::client_addr]" } when SERVER_CONNECTED { log local0.info "Client: [IP::client_addr], Pool member [IP::server_addr]:[TCP::server_port]" }If there are no issues with the application, then try adding the "log 10.1.1.1" statement. This is to rule out any issues with specific logging to the syslog server.
I think you need to use something like this - basically, swap the position of the address and the "local0.info" statement:
log local0.info 10.1.1.1 "Client Connected, IP: [IP::client_addr]"https://devcentral.f5.com/articles/the101-irules-101-logging-amp-comments
- EC7
Thank you all for the information.
Odaah, I tested your suggestion (log local0....) with the Application's team and everything tested successfully. Using the local0...does that mean I am now sending information to the local sys log (var/log/ltm)? If so how can I send it to the remote sys logs?
Stanislas, You suggested using HSL would it work in a VCMP (with two guests) setup. Do you have any links to documentation for a HSL?
- Vijay_ECheck the last 3-4 lines of my last comment.
- VernonWells
Employee
HSL logging info is here: https://devcentral.f5.com/wiki/iRules.HSL.ashx.
Yes, it will work with vCMP guests. You should create a Log Publisher:
Then, to use it:
when CLIENT_ACCEPTED { assuming you created the publisher in the /Common partition... set hsl [HSL::open -publisher /Common/your_publisher_name] this logs using facility local0 with level info (that's what the "134" means)... HSL::send $hsl "<134> your log message here..." }
