irule logging?

Sure, just add the following statement to your rule:

log local0. "[IP::client_addr] blocked due to blacklisting"

This will be logged to /var/log/ltm.

will this log fill up quickly? could it log to remote locations and can it be accessed in the gui? :) thanks

is there any danger of this log filling up and causing the appliance to fall over?

Have implemented the logging and it appears to be loggin even successful connections (may be wrong??):

Wed Aug 26 14:43:17 BST 2015 info lb1 tmm[10908] Rule /Common/blacklisted-ips : 1.2.3.4 blocked due to blacklisting

Can we change logging so only blocked clients on the data lists attempting to connect are logged?

It shouldn't do that if you add the log statement inside the if clause like that:

when CLIENT_ACCEPTED { 
  if { [class match [IP::client_addr] equals ip-blacklist] } { 
    log local0. "[IP::client_addr] blocked due to blacklisting"
    reject 
  }
}

ahh my bad maybe I added like this:

when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals ip-blacklist] } { reject } log local0. "[IP::client_addr] blocked due to blacklisting" }

would this be why?

ahhhh, thank you once again!

sorry to resurrect this! is there any way to add logging that would cover which virtual server this is triggered on? We are basically using this on virtual server(s) that we use for host header redirection on some public sites so if the domain that is requested could be logged this would be great too? thank you

great, thank you - so like this:

log local0. "[IP::client_addr] blocked due to blacklisting on [virtual]"

what about the domain name requested too? sorry..

any chance of an example if it can be written quickly? :)