Forum Discussion
Ah_Fat_2262
Mar 31, 2012Nimbostratus
Logging Of Traffic Logs For HTTP Connection
Hi,
I would like to log the traffic log of a certain IP HTTP connection. Can iRule achieve that?. If yes, please advice.
Thks and Rgds
6 Replies
Sort By
- Ah_Fat_2262NimbostratusHi,
- hoolioCirrostratusHi Ah Fat,
- Ah_Fat_2262NimbostratusHi Aaron,
- hoolioCirrostratusYou could use the second example exactly as it is. Or if you want to log just on the HTTP response you could use this:
when RULE_INIT { Save the name of the BIG-IP set static::bigip [info hostname] Set the log facility Ex: <191> = local7.debug See RFC 3164 Section 4.1.1 - "PRI Part" or https://devcentral.f5.com/wiki/iRules.HSL__send.ashx for more info set static::facility <191> Add the facility and hostname to the log prefix set static::hsl_prefix "$static::facility|host=$static::bigip" } when CLIENT_ACCEPTED { Open a new high speed logging connection to the syslog pool named syslog_server_pool set hsl [HSL::open -proto UDP -pool syslog_server_pool] Append the client IP:port to a local copy of the log prefix so we can log it in SERVER_CLOSED set hsl_prefix "${static::hsl_prefix}|client=[IP::client_addr]:[TCP::client_port]" } when HTTP_REQUEST { Get time for start of HTTP request set http_request_time [clock clicks -milliseconds] set url "[HTTP::host][HTTP::uri]" } when HTTP_RESPONSE { Received the response headers from the server. Log the pool name, IP and port, status and time delta between HTTP request headers received from client and respnse headers recieved from server HSL::send $hsl "$hsl_prefix|event=HTTP_RESPONSE|url=$url|vs=[clientside {IP::local_addr}]:[clientside {TCP::local_port}]\ |http_status=[HTTP::status]|http_request_response_delta_ms=\ [expr {[clock clicks -milliseconds] - $http_request_time}]|desc=HTTP response|\n" }
- Ah_Fat_2262NimbostratusHi Aaron,
- hoolioCirrostratusAll you should need to do is define your syslog server in a pool named syslog_server_pool:
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects