For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Angelo's avatar
Angelo
Icon for Nimbostratus rankNimbostratus
Dec 04, 2012

Logging on VS

Hi

 

I need to write a irule that will tell me which backend node the traffic is being sent to. i have a irule that tells me which pool the traffic is going to and which URL it's calling.

 

 

when HTTP_REQUEST {

 

log local0. "[IP::client_addr]:[TCP::client_port] -> [clientside {IP::local_addr}]:[clientside {TCP::local_port}] -> [IP::remote_addr]:[TCP::remote_port] | pool: [LB::server pool] | URI: [HTTP::uri]"

 

}

 

application delivery
dev
devops
iRules

2 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Dec 04, 2012
    Log Http Tcp Udp To Syslogng

     

    https://devcentral.f5.com/wiki/iRules.LogHttpTcpUdpToSyslogng.ashx

     

     

    hope this helps.
  • Brian_Deitch_11's avatar
    Brian_Deitch_11
    Historic F5 Account
    Dec 04, 2012

    If you are using cookie persistence you could always decode the cookie hash..

    Google around for decode bigip cookie or read below

    Actual python script: 
    !/usr/bin/env python

 example string: 110536896.20480.0000

import struct
import sys

if len(sys.argv) != 2:
        print "Usage: %s encoded_string" % sys.argv[0]
        exit(1)

encoded_string = sys.argv[1]
print "\n[*] String to decode: %s\n" % encoded_string

(host, port, end) = encoded_string.split('.')

(a, b, c, d) = [ord(i) for i in struct.pack("
 
Running the script:
 root@bt:~/bigip python bigip.py 110536896.20480.0000 

[*] String to decode: 110536896.20480.0000 
[*]Decoded IP: 192.168.150.6. 

root@bt:~/bigip 


I've passed this script down to developers and they love it.