Forum Discussion

N__197982's avatar
N__197982
Icon for Nimbostratus rankNimbostratus
Jan 11, 2019

iRule to log an output to syslog server.

Folks, I am looking for some changes to an iRule while will log an output to a syslog server directly. My iRule check if the connection is on TLS1.0 and if yes logs the client IP address.   The c...
application delivery
iRules
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Jan 11, 2019

Hi N.,

you may take a look to the 

[HSL]
(High Speed Logging) iRule command. The command will bypass the local SYSLOG-NG environment and directly open a connection to your SYSLOG out of an iRule...

https://devcentral.f5.com/wiki/iRules.HSL.ashx

when CLIENT_ACCEPTED {
     Open a UDP based SYSLOG connection to your syslog server pool.
    set hsl [HSL::open -proto UDP -pool syslog_server_pool]
}
when HTTP_REQUEST { 
    if { [SSL::cipher version] eq "TLSv1" } then {
         Log client IP as local7.info over the just created connection...
        HSL::send $hsl "<190> Webmail Client Source IP: [IP::client_addr]" 
    } 
}

Cheers, Kai