Forum Discussion

N__197982

Nimbostratus

Jan 11, 2019

iRule to log an output to syslog server.

Folks, I am looking for some changes to an iRule while will log an output to a syslog server directly. My iRule check if the connection is on TLS1.0 and if yes logs the client IP address. The c...

application delivery

iRules

PeteWhite

Employee

Jan 11, 2019

You want to use HSL - high-speed logging. You can do that either to a pool ( of log servers ) or via a publisher. Below is an example to a pool but i'm sure you can work out how to send it to a publisher.

when HTTP_REQUEST { 
    if { [SSL::cipher version] eq "TLSv1" } { 
        set hsl [HSL::open -proto UDP -pool syslog_server_pool]
        HSL::send $hsl "Webmail Client Source IP: [IP::client_addr]" 
    } 
}

Take a look here for details of the HSL commands

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

iRule to log an output to syslog server.

Introducing the F5 Application Study Tool (AST)

Displaying Application Study Tool (AST) Dashboards in Your Own Grafana Instance

Recent Discussions

Change Content-Type from application/octet-stream to multipart/form-data

f5 AI Gateway pii-redactor not working

Terraform apply failures - loadbalancer_type.https.port_choice

F5 BigIP APM VPN some LDAP field are base64 encoded

Problem with sending BotDefense logs to remote server

Related Content

Load Balancing TCP TLS Encrypted Syslog Messages

AI Security : Prompt Injection and Insecure Output Handling.

Parsing tmsh command output with Python TextFSM module and some Lessons learned

F5 Sending syslogs with two hostname to remote syslog server

BIG-IP to Process TLS Syslog Traffic

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS