Forum Discussion
Brian_Gibson_30
Nimbostratus
NimbostratusLogging client connections to syslog
Hey all. New to the community but I have been managing numerous LTMs for a few years now. Due to a network design requirement, we are required to source-nat all connections to our LTMs. Because o...
nitass
Employee
Employee[root@edelweiss:Active] config b version|grep -iA 1 version
BIG-IP Version 10.2.1 511.0
Hotfix HF3 Edition
[root@edelweiss:Active] config b virtual bar list
virtual bar {
snat automap
pool foo
destination 172.28.17.77:http
ip protocol tcp
rules myrule
}
[root@edelweiss:Active] config b rule myrule list
rule myrule {
when CLIENT_ACCEPTED {
set hsl [HSL::open -proto UDP -pool syslogpool]
}
when SERVER_CONNECTED {
set log_line "[IP::client_addr]:[TCP::client_port] <-> [clientside {IP::local_addr}]:[clientside {TCP::local_port}] [IP::local_addr]:[TCP::local_port] <-> [IP::server_addr]:[TCP::server_port]"
}
when CLIENT_CLOSED {
Log connection details as local7.info; see RFC 3164 Section 4.1.1 - "PRI Part" for more info
HSL::send $hsl "<190> $log_line"
}
}
[root@edelweiss:Active] config tail -f /var/log/ltm
[root@edelweiss:Active] config
C:\>nc -l -u -p 514
<190> 192.168.206.96:51759 <-> 172.28.17.77:80 10.10.72.70:51759 <-> 10.10.70.110:80
is it possible that your client connection closed before server_connect was triggered?
iRules HTTP Event Order Update
http://devcentral.f5.com/weblogs/jason/archive/2011/02/01/irules-http-event-order-update.aspx
