Forum Discussion

Mike_73765's avatar
Mike_73765
Icon for Nimbostratus rankNimbostratus
Nov 17, 2010

Irule for remote logging

Hey guys,       I have a one are configuration, and I want to log each connection to a syslog server. I want to log client ip address along with node ip address. I'm assuming I'll have to us...
application delivery
dev
devops
iRules
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Nov 17, 2010
Hi Mike,

If you're on 10.1+ you could use the HSL commands and log a single entry in SERVER_CONNECTED when LTM establishes a connection with the pool member. Here's an untested example: 


when CLIENT_ACCEPTED {
   set hsl [HSL::open -proto UDP -pool syslog_server_pool]
}
when SERVER_CONNECTED {
    Log HTTP request via syslog protocol as local7.info; see RFC 3164 for more info
   HSL::send $hsl "<190> Client: [IP::client_addr]:[TCP::client_port], VS: [clientside {IP::local_addr}][clientside {TCP::local_port}], SNAT: [IP::local_addr]:[TCP::local_port], Pool member [IP::server_addr]:[TCP::server_port]"
}

Else, if you're on 9.4.0 - 10.0.x, you could use log -remote to send the messages to a remote syslog server without going through the local syslog-ng daemon:

log command wiki page:

http://devcentral.f5.com/wiki/default.aspx/iRules/log

iRules Update: New options for the "log" command

http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=190

Aaron