For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

fkw's avatar
fkw
Icon for Nimbostratus rankNimbostratus
Oct 06, 2020

Logging response data

I already know about HTTP::collect and HTTP:payload. My current iRule looks like this:

when HTTP_REQUEST_DATA {
    set request_payload [HTTP::payload]
}


when HTTP_RESPONSE_DATA {
    set response_payload [HTTP::payload]
    HSL::send [HSL::open -proto UDP -pool syslog_server] "HSL TEST: BLA"
}


when HTTP_REQUEST {
    set request_payload ""
    set response_payload ""
    set client_ip [getfield [IP::remote_addr] "%" 1]
    set http_method [HTTP::method]
    set port [TCP::local_port]
    
    if { $http_method eq "POST" } {
        if { [HTTP::header Content-Length] != "" } {
            HTTP::collect [HTTP::header Content-Length]
        } else {
            HTTP::collect 1048576
        }
    }
}


when HTTP_RESPONSE
{
    if { $http_method eq "POST" } {
        if { [HTTP::header Content-Length] != "" } {
            HTTP::collect [HTTP::header Content-Length]
        } else {
            HTTP::collect 1048576
        }
        
        HSL::send [HSL::open -proto UDP -pool syslog_server] "HSL TEST:\n\nClient: $client_ip\n\nRequest Data: $request_payload\n\nResponse Data: $response_payload"
    }
}

The problem is that the "HSL TEST: BLA" will never be logged because the event HTTP_RESPONSE_DATA gets never called (thats what I think).

It actually makes no difference if HTTP::collect is used in HTTP_RESPONSE or not.

Any idea anyone?

BIG-IP
devops
iRules

2 Replies

  • fkw's avatar
    fkw
    Icon for Nimbostratus rankNimbostratus
    Oct 29, 2020

    Thank you for your response.

    I modified my iRule but this doesn't work either

    when HTTP_REQUEST_DATA {
    set request_payload [HTTP::payload]
    HTTP::release
}
 
when HTTP_RESPONSE_DATA {
    set response_payload [HTTP::payload]
    HTTP::release
}
 
when HTTP_REQUEST {
    set request_payload ""
    set response_payload ""
    set client_ip [getfield [IP::remote_addr] "%" 1]
    set http_method [HTTP::method]
    set port [TCP::local_port]
    
    if { $http_method eq "POST" } {
        if { [HTTP::header Content-Length] != "" } {
            HTTP::collect [HTTP::header Content-Length]
        } else {
            HTTP::collect 1048576
        }
    }
}
 
when HTTP_RESPONSE
{
    if { $http_method eq "POST" } {
        if { [HTTP::header Content-Length] != "" } {
            HTTP::collect [HTTP::header Content-Length]
        } else {
            HTTP::collect 1048576
        }
        
        HSL::send [HSL::open -proto UDP -pool syslog_server] "HSL TEST:\n\nClient: $client_ip\n\nRequest Data: $request_payload\n\nResponse Data: $response_payload"
    }
}