For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Guillaume_Nourr's avatar
Guillaume_Nourr
Icon for Altostratus rankAltostratus
May 22, 2015

Irules Using Proc to handle unified logging for different events

Hi,

 

I'm trying to build an Irule procedure to replace the dumb log.local0 statement, where I'll be able to format logs to my liking, while building unique keys to match LTM to APM logs.

 

That procedure will be called from within any when EVENTS statement, and therefore, I need to know which objects and variables are available. I'm unable to determine how to know the calling EVENT name.

 

I tried many things, none successful, including :

 

  1. verifying every local vars available at execution time
  2. Getting the stacktrace
  3. Trying to access the TCL event command (which is not available in F5)
  4. Verifying command/object/namespace existance (wasn't able to properly build a checking method)
  5. Surrounding any variable request (like HTTP::cookie value MRHSession) in a catch statement. This ended up crashing my TMM process (bug open).

Anybody has an idea to suggest? My goal is to determine the EVENT that triggered the proc call to determine which variable and namespace are available.

 

Here's the code sample I'm trying to put in place

 

LTM Virtual Server associated to irule test_1

rule test_1 {
    when HTTP_REQUEST priority 769 {
        call DEBUG::logging "test_HTTP_REQUEST"
    }

    when HTTP_RESPONSE priority 769 {
        call DEBUG::logging "test_HTTP_RESPONSE"
    }

    when ACCESS_SESSION_STARTED priority 769 {
        call DEBUG::logging "test_ACCESS_SESSION_STARTED"
    }
    when SERVER_CONNECTED priority 769 {
        call DEBUG::logging "test_SERVER_CONNECTED"
    }
}

rule DEBUG {
    proc logging {message} {
        set id "[IP::client_addr][TCP::client_port][IP::local_addr][TCP::local_port]"
        set mySessionID [ACCESS::session sid] 
        if {[info exists IP::server_addr]} {
            log local0. "IP_server_addr=[IP::server_addr]"
        }
        if { [catch {eval "set mySslID [SSL::sessionid]"} fid] } { 
            set mySslID "" 
        }
        set message "m=$message"
        if { $mySessionID != "" }{set message [concat "ssid=$mySessionID " $message ] }
        if { $username != "" }{set message [concat "u=$username " $message ] }


        log local0. "id=$id $message"
        return $mySessionID    

    }
}
application delivery
devops
iRules
LTM
No RepliesBe the first to reply