Forum Discussion
al_kabeer_2905
Nimbostratus
NimbostratusIRule Syslog web application
Hi, I have web application which i want to log all connection going to it.
I have LTM 3600, which is configure to do SNAT " at the web server i can only see the self IP of F5", so i want to configure irule to send syslog messages,
I have searched and found this:
when HTTP_REQUEST {
Save Request Side Information
set http_request "\"[HTTP::method] [HTTP::uri] HTTP/[HTTP::version]\""
set http_request_time [clock clicks -milliseconds]
set http_user_agent "\"[HTTP::header User-Agent]]\""
set http_host [HTTP::host]
set http_username [HTTP::username]
set client_ip [IP::remote_addr]
set client_port [TCP::remote_port]
set http_request_uri [HTTP::uri]
set referer [HTTP::header value referer]
}
when HTTP_RESPONSE {
set response_time [expr [clock clicks -milliseconds] - $http_request_time]
set virtual [virtual]
set content_length 0
if { [HTTP::header exists "Content-Length"] } {
set content_length [HTTP::header "Content-Length"]
}
set lb_server "[LB::server addr]:[LB::server port]"
if { [string compare "$lb_server" ""] == 0 } {
set lb_server ""
}
set status_code [HTTP::status]
set content_type [HTTP::header "Content-type"]
set log_msg ""
append log_msg "virtual=$virtual "
append log_msg "client_ip=$client_ip "
append log_msg "client_port=$client_port "
append log_msg "lb_server=$lb_server "
append log_msg "host=$http_host "
append log_msg "username=$http_username "
append log_msg "$http_request_uri "
append log_msg "request=$http_request "
append log_msg "server_status=$status_code "
append log_msg "content_type=$content_type "
append log_msg "content_length=$content_length "
append log_msg "resp_time=$response_time "
append log_msg "user_agent=$http_user_agent "
append log_msg "referer=$referer"
log 10.10.10.10 local0. $log_msg
log local0. $log_msg
}
which is working for me, since this is http (not https) i added the password, but i can't see any password ?? also why i should add request and response, why not only the request ??
thanks
3 Replies
- nitass
Employee
i added the password, but i can't see any password ?? do you mean HTTP::password? i understand it will return if it is basic authenticaton. are you using basic authentication?
HTTP::password wiki
https://devcentral.f5.com/wiki/iRules.HTTP__password.ashx
also why i should add request and response, why not only the request ??you mean the irule, don't you? it uses HTTP_RESPONSE because some information, such as http status code, server ip and port, is not available during request (HTTP_REQUEST). 
al_kabeer_2905yes http password, it is http (not https) so can i see the password in clear text, i am using active directory authentiation.
thanks i got it for the second question (HTTP response and request)
Mike_MaherSo I am not sure if this will work for you but something simple we do to get the real IP, is use an iRule to insert it into the Header.
Here is the iRule
when HTTP_REQUEST {
HTTP::header insert x-remote-host [IP::client_addr]
HTTP::header insert x-user-agent [HTTP::header User-Agent]
}
