Forum Discussion
Nimbostratusirule to send to syslog and not write to log file
I would like an irule that sends to a syslog server rather than write the log to any logfile locally. So far I can get my log in /var/log/ltm and the syslog server that the box has set as the remote logging server. But I cannot get it to just send to the server listed in the irule and not appear in the local log. I left just the IP of the log server and removed local0. I dont get anything in either place after that. Any Suggestions?
when SERVER_CONNECTED {
set snat [IP::local_addr]
log 10.X.X.X local0. "[IP::client_addr], [IP::local_addr], [IP::server_addr]"
}
when SERVER_CLOSED {
set snat [IP::local_addr]
log 10.X.X.X local0. "[IP::local_addr], [IP::server_addr]"
}
15 Replies
Brad_ParkerCirrus
Don't write to the local
with the log command. Use HSL, https://devcentral.f5.com/wiki/iRules.HSL.ashxlogwhen SERVER_CONNECTED { set hsl [HSL::open -proto UDP -pool ] HSL::send $hsl "[IP::client_addr], [IP::local_addr], [IP::server_addr]" } when SERVER_CLOSED { HSL::send $hsl "[IP::local_addr], [IP::server_addr]" }
adam_rothschildIs there any dependency for the syslog server set in the pool above to accept HSL? Reason I ask is that I see my irule taking hits in statistics, but never see the log in syslog.- Brad_ParkerYour syslog pool should contain a syslog server that is setup to receive syslogs on the configured port with the proto in HSL::open(UDP or TCP). Also, TMM needs to have a route or L2 access to that syslog server.
- adam_rothschildOk, i have a mgmt route and i see the connection. It doesnt feel correct being that the soruorce (10.32.92.6) is a self IP of the device and not sure about the any6.any. Maybe I'm not correct about that. any6.any any6.any 10.32.92.6:39519 10.17.56.14:514 udp 11 (slot/tmm: 1/1) none sys management-route 10.17.56.14/32 { gateway 10.32.92.1 network 10.17.56.14/32 }
Brad_Parker_139Nacreous
Don't write to the local
with the log command. Use HSL, https://devcentral.f5.com/wiki/iRules.HSL.ashxlogwhen SERVER_CONNECTED { set hsl [HSL::open -proto UDP -pool ] HSL::send $hsl "[IP::client_addr], [IP::local_addr], [IP::server_addr]" } when SERVER_CLOSED { HSL::send $hsl "[IP::local_addr], [IP::server_addr]" }- adam_rothschildIs there any dependency for the syslog server set in the pool above to accept HSL? Reason I ask is that I see my irule taking hits in statistics, but never see the log in syslog.
- Brad_Parker_139Your syslog pool should contain a syslog server that is setup to receive syslogs on the configured port with the proto in HSL::open(UDP or TCP). Also, TMM needs to have a route or L2 access to that syslog server.
- adam_rothschildOk, i have a mgmt route and i see the connection. It doesnt feel correct being that the soruorce (10.32.92.6) is a self IP of the device and not sure about the any6.any. Maybe I'm not correct about that. any6.any any6.any 10.32.92.6:39519 10.17.56.14:514 udp 11 (slot/tmm: 1/1) none sys management-route 10.17.56.14/32 { gateway 10.32.92.1 network 10.17.56.14/32 }
dvalle6Hi guys,
I have a limit connection in pools. I need send a log when the maximum connection limit reached.
