Forum Discussion
AltostratusiRule HSL logging question with user specified text
I wish to log via HSL a mesage that contains some repeatable text as well as some user generated text. so one of two ways to get text generated I can see. But I some issues with each method. #1: Use a loggin profile template, but when you do how to you add some text to the end (or access via a variable text you feed it? i.e the vIP has a template assignmed, iRule has an HSL::open call, then the iRule later calls say HSL::send $hsl "and does this then get appended to the end?". And all you get is what is specified in the template. How can I pass my string body (value or reference) into the template.
#2 Use all text generation in the iRule, but then how do I get at dynamic values that I want but that are only available when you log via the profile/template. For example: $DATE_MON $DATE_DD $TIME_HMS $BIGIP_HOSTNAME and so on.
Hello Martin.
With a request-logging profile you can set any kind of format in the template field.
An example of CEF format:
CEF:0|F5|MyEnv|1|sip=$CLIENT_IP sprt=$CLIENT_PORT snatip=$SNAT_IP snatprt=$SNAT_PORT dstip=$SERVER_IP dstprt=$SERVER_PORT dhost=$BIGIP_HOSTNAME apm=$X_APMWhere 'X_APM can be configured injecting an HTTP header:
when HTTP_REQUEST { HTTP::header replace X_APM [ACCESS::session data get session.custom.name] } when HTTP_REQUEST_RELEASE { HTTP::header remove X_APM }---
In case you still want to use an iRule, you can get those parameters with:
1) Hostname
$static::tcl_platform(machine)2) Time
set curtime [clock seconds] set formattedtime [clock format $curtime] log "$curtime seconds since epoch, $formattedtime"Output: 1129552706 seconds since epoch, Mon Oct 17 07:38:26 CDT 2005
Regards,
Dario.
Dario_GarridoNoctilucent
Hello Martin.
It's better to use a request logging profile.
https://support.f5.com/csp/article/K00847516
You can add extra variables injecting HTTP headers into the HTTP_REQUEST and referencing them with the same name of the header:
$BIGIP_HOSTNAME $Host ${X-Forwarded-For} ...
If you want to avoid sending those headers to the backend server, you can remove them again using this event:
https://clouddocs.f5.com/api/irules/HTTP-REQUEST-RELEASE.html
Regards,
Dario.
martin1Thanks, Not sure that would work in this case. What I need to simulate is the CEF logging format and that is not available from a native profile format choice, plus the data I need to pass in (some arbitrary data). If in effect I am manually writing the CEF formatted message out by a number of profile objects/variables and as well a HTTP header variable(s) or two as data place holders I pretty much may as well just manually create the whole thing via HSL as I am currently. However some (most) of the data that I want is matched from data available in a logging profile, This I am currently getting it from TCL calls, Should they have too great a performance hit I may well see if your proposal would alleviate that. I also didn't know of (think of) using HTTP_REQUEST like that. Interesting and devious I will file that one away, thank you. Martyn Roberts Vodafone/IBM Venture Swindon ISC 07881846887- Dario_Garrido
Hello Martin.
With a request-logging profile you can set any kind of format in the template field.
An example of CEF format:
CEF:0|F5|MyEnv|1|sip=$CLIENT_IP sprt=$CLIENT_PORT snatip=$SNAT_IP snatprt=$SNAT_PORT dstip=$SERVER_IP dstprt=$SERVER_PORT dhost=$BIGIP_HOSTNAME apm=$X_APMWhere 'X_APM can be configured injecting an HTTP header:
when HTTP_REQUEST { HTTP::header replace X_APM [ACCESS::session data get session.custom.name] } when HTTP_REQUEST_RELEASE { HTTP::header remove X_APM }---
In case you still want to use an iRule, you can get those parameters with:
1) Hostname
$static::tcl_platform(machine)2) Time
set curtime [clock seconds] set formattedtime [clock format $curtime] log "$curtime seconds since epoch, $formattedtime"Output: 1129552706 seconds since epoch, Mon Oct 17 07:38:26 CDT 2005
Regards,
Dario.