Forum Discussion

martin1's avatar
martin1
Icon for Altostratus rankAltostratus
Oct 08, 2020

iRule HSL logging question with user specified text

I wish to log via HSL a mesage that contains some repeatable text as well as some user generated text. so one of two ways to get text generated I can see. But I some issues with each method. #1: Use a loggin profile template, but when you do how to you add some text to the end (or access via a variable text you feed it? i.e the vIP has a template assignmed, iRule has an HSL::open call, then the iRule later calls say HSL::send $hsl "and does this then get appended to the end?". And all you get is what is specified in the template. How can I pass my string body (value or reference) into the template.

#2 Use all text generation in the iRule, but then how do I get at dynamic values that I want but that are only available when you log via the profile/template. For example: $DATE_MON $DATE_DD $TIME_HMS $BIGIP_HOSTNAME and so on.

  • Hello Martin.

    With a request-logging profile you can set any kind of format in the template field.

    An example of CEF format:

    CEF:0|F5|MyEnv|1|sip=$CLIENT_IP sprt=$CLIENT_PORT snatip=$SNAT_IP snatprt=$SNAT_PORT dstip=$SERVER_IP dstprt=$SERVER_PORT dhost=$BIGIP_HOSTNAME apm=$X_APM

    Where 'X_APM can be configured injecting an HTTP header:

    when HTTP_REQUEST {
    	HTTP::header replace X_APM [ACCESS::session data get session.custom.name]
    }
    when HTTP_REQUEST_RELEASE {
    	HTTP::header remove X_APM
    }

    ---

    In case you still want to use an iRule, you can get those parameters with:

    1) Hostname

    $static::tcl_platform(machine)

    2) Time

    set curtime [clock seconds]
    set formattedtime [clock format $curtime]
    log "$curtime seconds since epoch, $formattedtime"

    Output: 1129552706 seconds since epoch, Mon Oct 17 07:38:26 CDT 2005

    Regards,

    Dario.

6 Replies

  • Hello Martin.

     

    It's better to use a request logging profile.

    https://support.f5.com/csp/article/K00847516

     

    You can add extra variables injecting HTTP headers into the HTTP_REQUEST and referencing them with the same name of the header:

    $BIGIP_HOSTNAME $Host ${X-Forwarded-For} ...

     

    If you want to avoid sending those headers to the backend server, you can remove them again using this event:

    https://clouddocs.f5.com/api/irules/HTTP-REQUEST-RELEASE.html

     

    Regards,

    Dario.

    • martin1's avatar
      martin1
      Icon for Altostratus rankAltostratus
      Thanks, Not sure that would work in this case. What I need to simulate is the CEF logging format and that is not available from a native profile format choice, plus the data I need to pass in (some arbitrary data). If in effect I am manually writing the CEF formatted message out by a number of profile objects/variables and as well a HTTP header variable(s) or two as data place holders I pretty much may as well just manually create the whole thing via HSL as I am currently. However some (most) of the data that I want is matched from data available in a logging profile, This I am currently getting it from TCL calls, Should they have too great a performance hit I may well see if your proposal would alleviate that. I also didn't know of (think of) using HTTP_REQUEST like that. Interesting and devious I will file that one away, thank you. Martyn Roberts Vodafone/IBM Venture Swindon ISC 07881846887
      • Hello Martin.

        With a request-logging profile you can set any kind of format in the template field.

        An example of CEF format:

        CEF:0|F5|MyEnv|1|sip=$CLIENT_IP sprt=$CLIENT_PORT snatip=$SNAT_IP snatprt=$SNAT_PORT dstip=$SERVER_IP dstprt=$SERVER_PORT dhost=$BIGIP_HOSTNAME apm=$X_APM

        Where 'X_APM can be configured injecting an HTTP header:

        when HTTP_REQUEST {
        	HTTP::header replace X_APM [ACCESS::session data get session.custom.name]
        }
        when HTTP_REQUEST_RELEASE {
        	HTTP::header remove X_APM
        }

        ---

        In case you still want to use an iRule, you can get those parameters with:

        1) Hostname

        $static::tcl_platform(machine)

        2) Time

        set curtime [clock seconds]
        set formattedtime [clock format $curtime]
        log "$curtime seconds since epoch, $formattedtime"

        Output: 1129552706 seconds since epoch, Mon Oct 17 07:38:26 CDT 2005

        Regards,

        Dario.