Logging based in IP

There is a very useful irule in the codeshare section for logging tcp and http response information.

 

 

when CLIENT_ACCEPTED {

 

Get time for start of TCP connection in milleseconds

 

set tcp_start_time [clock clicks -milliseconds]

 

 

Log the start of a new TCP connection

 

log "New TCP connection from [IP::client_addr]:[TCP::client_port] to [IP::local_addr]:[TCP::local_port]"

 

}

 

when HTTP_REQUEST {

 

Get time for start of HTTP request

 

set http_request_time [clock clicks -milliseconds]

 

 

Log the start of a new HTTP request

 

set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]"

 

log local0. "$LogString (request)"

 

}

 

 

when HTTP_RESPONSE {

 

Received the response headers from the server. Log the pool name, IP and port, status and time delta

 

log local0. "$LogString (response) - pool info: [LB::server] - status: [HTTP::status] (request/response delta: [expr [clock clicks -milliseconds] - $http_request_time]ms)"

 

}

 

when CLIENT_CLOSED {

 

Log the end time of the TCP connection

 

log "Closed TCP connection from [IP::client_addr]:[TCP::client_port] to [IP::local_addr]:[TCP::local_port] (open for: [expr [clock clicks -milliseconds] - $tcp_start_time]ms)"

 

}

 

 

 

 

However you would get a lot of logging on a production site if you applied this rule on all client IP addresses. I was wondering how I could incorporate a filter on IP address so that it only logs from a praticluar client IP. Would using matchclass work?

 

 

if {([matchclass [IP::client_addr] equals $::filteredAddresses])}{

 

 

Where would I put this in the exiting code. I assume I would need to put it in multiple section?

 

 

Thanks

 

 

Jon