Forum Discussion
SSL Configuration Using IIS 6
The workaround is (if your base rate is less than 296bps), pass in the ceiling rate in the create method and then set the base rate after that to the lower value you desire (in your case 0).
-Joe
- Kevin_StewartMar 04, 2014
Employee
Selectively choosing a Syslog server would be the easier option I believe. The HSL::open command takes a pool as its destination, so you'd necessarily have to create a separate pool (of one) for each Syslog server, and then switch between them accordingly. As for sending the data to all of the Syslog servers, that's not something the HSL process will natively do. You could create a separate connection for each and rapid fire log to all of them (sounds like a good idea for a proc), or perhaps send the data to a single Syslog instance that then replicates the data to the rest.
- TJ_VreugdenhilMar 05, 2014
Cirrus
Thanks Kevin - I ended up using the following and believe it's working.
From: W3C Extended Log File Examples (IIS 6.0) http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ffdd7079-47be-4277-921f-7a3a6e610dcb.mspx?mfr=true Fields: date time c-ip cs-username s-ip cs-method cs-uri-stem cs-uri-query sc-status sc-bytes cs-bytes time-taken cs-version cs(User-Agent) cs(Cookie) cs(Referrer) This iRule will open up to connections to two syslog pools. The desire is to put one syslog server in each pool, so you can send the same syslog data to two pools. when CLIENT_ACCEPTED { Open a new high speed logging connection to the syslog pool named syslog_server_pool set hsl1 [HSL::open -proto UDP -pool syslog_server_pool] set hsl2 [HSL::open -proto UDP -pool syslog_server_pool2] } when HTTP_REQUEST priority 999 { Save request variables that are not accessible in HTTP_RESPONSE, like the URI, request method, etc set req_start [clock clicks -milliseconds] set cs_username [HTTP::username] set cs_uri_stem [HTTP::path] set cs_uri_query [HTTP::query] set cs_bytes [HTTP::header Content-Length] set ua [HTTP::header User-Agent] set cookies [HTTP::header values Cookie] set referer [HTTP::header Referer] } when HTTP_RESPONSE { Send the syslog message with a syslog facility of 134 (local0.info) See the HSL wiki page for details on the facilties: https://devcentral.f5.com/wiki/iRules.HSL__send.ashx Replace null values with a hyphen: Use string map to replace a "tab space tab" with "tab hyphen tab" HSL::send $hsl1 "[string map [list "\t \t" "\t-\t"]\ "<134>\t\ [info hostname]\t\ [IP::local_addr]\t\ [clock format [clock seconds] -format "%d/%m/%Y %H:%M:%S %z"]\t\ [IP::client_addr]\t\ $cs_username\t\ [clientside {IP::local_addr}]\t\ $cs_uri_stem\t\ $cs_uri_query\t\ [HTTP::status]\t\ [HTTP::header Content-Length]\t\ [expr {[clock clicks -milliseconds] - $req_start}]\t\ [HTTP::version]\t\ \"$ua\"\t\ $cookies\t\ $referer\ "]\n" HSL::send $hsl2 "[string map [list "\t \t" "\t-\t"]\ "<134>\t\ [info hostname]\t\ [IP::local_addr]\t\ [clock format [clock seconds] -format "%d/%m/%Y %H:%M:%S %z"]\t\ [IP::client_addr]\t\ $cs_username\t\ [clientside {IP::local_addr}]\t\ $cs_uri_stem\t\ $cs_uri_query\t\ [HTTP::status]\t\ [HTTP::header Content-Length]\t\ [expr {[clock clicks -milliseconds] - $req_start}]\t\ [HTTP::version]\t\ \"$ua\"\t\ $cookies\t\ $referer\ "]\n" }
- TJ_VreugdenhilNov 11, 2014
Cirrus
Hi Marvin - I think when I used this for a client, they had solarwinds Orion setup, but I am not sure. But I don't see why any type of syslog would not work for W3C. I would assume it is something to do with your syslog display filters, or something like that. For testing, just setup basic syslog on the F5 itself under the system > Log > Remote Logging menu. And see if you can see 'regular' syslog messages on your kiwi server.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com