Forum Discussion
Is it possible to Log Virtual server connectivity information remotely?
Hi,
I was wondering if it is possible to log connectivity details from a VS.
For example External connection -> VS -> Backend.
Is there a way I can pull that infromation and send it to a remote syslog server like Splunk?
Stuff like:
- Source IP
- Destination IP
- Connection time
- connection status
and what ever else we can record from the connection ?
I have read about HSL but I feel like I am not getting the information I want, I don't even know if its working.
I tried following the steps from this link:
https://community.f5.com/t5/technical-forum/virtual-server-log-forward-to-splunk/m-p/301473#M261897
1 Reply
oscarnetAltocumulus
HI Kalido:
Is it like this? But you have to set it carefully.
If it is applied to a VS with high traffic,
it may cause the system to be overloaded. Please use it carefully.Or you can refer to this KB K55131641 and K20241153 and K50040950
#
K55131641: iRule logging and debugging
#
K20241153: How to log pool selection result by iRule
#
K50040950:Configuring the BIG-IP system to send high-speed logs through the management interface
example 1 :
when CLIENT_ACCEPTED { set hsl [HSL::open -publisher /Common/syslog_server_pool] set tcp_start_time [clock clicks -milliseconds] } when HTTP_REQUEST { HSL::send $hsl "<190> Start_time : $tcp_start_time [IP::client_addr]:[TCP::client_port]->[IP::local_addr]:[TCP::local_port]; [HTTP::host][HTTP::uri]" } when LB_SELECTED { HSL::send $hsl "<190> Start_time : $tcp_start_time, Pool: [LB::server]\n" }example 2 :
when CLIENT_ACCEPTED { set hsl [HSL::open -publisher /Common/syslog_server_pool] set tcp_start_time [clock clicks -milliseconds] set remote [IP::remote_addr]:[TCP::remote_port] set vip [IP::local_addr]:[TCP::local_port] } when LB_SELECTED { HSL::send $hsl "<190> Start_time : $tcp_start_time, Client: $remote to vip $vip, Pool: [LB::server]\n" }Have a Nice Day!!!
