Forum Discussion
Jeremy_Lanzarot
Nimbostratus
NimbostratusIrule to log client source IP
I am trying to log the source IP address of every request that hits a VIP on a 4.2 BigIP to a file, /var/log/ldap_clients.log on the Bigip. Right now there is no irule on the VIP, it is just using a pool.
rule log_client_address {
if ( client_addr != 0.0.0.0 ) {
use pool corp_ldap_3895
log (dont know how from here)
}
else {
use pool corp_ldap_3895
}
}
Any help with syntax and logic is greatly appreciated.
10 Replies
hoolioCirrostratus
You shouldn't need to test the IP address, you can just log it:rule log_client_address { log local0. "Client IP: " + client_addr }
You can modify the facility in the log statement to something other than local0. and/or syslog configuration to change where the log output is written.
Aaron
Jeremy_LanzarotThank you very much for your reply. Are you saying that I do not have to the use pool commands in there, I just need the log statement? I thought I had to include the use pool commands since you can only either assign an irule or a pool...- hoolioThe GUI's wizard might limit what you can specify in an iRule in 4.x, but you don't need to use a pool command in a free-text iRule. If you only want to log the client IP address, the rule I listed should work fine.
Aaron - Jeremy_LanzarotIf I do not specifiy a pool in the irule won't the functionality of the VIP be compromised? In 4.x you can either assign a pool for all traffic to use or use an irule. If I set the irule and do not specify a pool to use what will happen to the requests going to that VIP?
- hoolioSorry for the bad advice. I didn't remember that you could only specify an iRule or a pool, but not both in 4.x (it's been too long...). How about this then:
rule log_client_address { log local0. "Client IP: " + client_addr use pool corp_ldap_3895 }
Aaron 
Claret_CarvalhoI can confirm this also works. Is there also a way to log the virtual ip being accessed in this release- Jeremy_LanzarotHi, I tried to paste this into my 4.2 PTF 10 box:
rule log_client_address {
log local0. "Client IP: " + client_addr
use pool corp_ldap_3895
}
I am getting this error:
Error 331835 -- Rule string to tree failed. - syntax error at 'rule'
line 1: rule log_client_address {
Any ideas? Claretian, you said you were able to get the above to work? - hoolionhoh0ft, I don't have a 4.x unit to test on. claretian, you should be able to log server_addr to get the VIP address:
rule log_client_address { log local0. "Client IP: " + client_addr + ", Server IP: " + server_addr use pool corp_ldap_3895 }
Aaron - Claret_CarvalhoHi,
Actually, this was on a v4.5.13 instance but two things
1) Can you do this from the CLI rather than GUI? Vi this part into a text file and then merge the config ( b merge). For some reason, the GUI would not take it but the CLI did.
2) Even from the CLI, you need to specify, severity level
log local0.info "Client IP:" + client_addr
to get it to work.
If this still doesnt work, then its down to a version difference. Let me know if that helps. - Claret_CarvalhoHi,
You need not use 'b merge' only. Just vi the /config/bigip.conf file, paste the code snippet, save the file and reload using 'b load'.
