Forum Discussion

JCMATTOS_41723's avatar
JCMATTOS_41723
Icon for Nimbostratus rankNimbostratus
Nov 07, 2007

Logging Connections?

We have 2 LTM 9.4 and would like to log all loadbalanced connections going thru the F5 (mostly IP info). I have an external syslog setup monitoring (warning...emerg) what level should i set to see these connnections occuring? And is there a way to just filter on these connections?

 

 

Best Regards,

 

 

JC
management
monitoring
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 07, 2007
    To log all client connections through the BIG-IP, you can use an iRule and modify the syslog-ng configuration. You could trim down this rule to just log the client and server IP's (Click here)

     

     

    Within the log statement, you can specify the syslog facility and severity:

     

     

    log facility.severity "log text"

     

     

    example:

     

     

    log local0.info "some text"

     

     

    There are examples of how to configure syslog-ng to log to a remote syslog server as well (Click here).

     

     

    Aaron
  • JCMATTOS_41723's avatar
    JCMATTOS_41723
    Icon for Nimbostratus rankNimbostratus
    Nov 07, 2007
    Thx Hoolio! I tried applying this TCP/HTTP irule to our external VIP. Will this still work if our VIP is only available for HTTPS? Or do I need to create a separate HTTPS policy?

     

     

    Best Regards,

     

     

    JC
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 07, 2007
    If you're decrypting the HTTPS on the BIG-IP using a client SSL profile, you can use the HTTP logging rule. If you're not decrypting the HTTPS, then you can't inspect the HTTP headers or data--you could log IP, port and SSL info (cipher levels, etc), but not HTTP.

     

     

    Aaron