Forum Discussion

Agathe_309970's avatar
Agathe_309970
Icon for Altocumulus rankAltocumulus
Apr 02, 2019

Logging some log on a remote syslog and not on the log file

Hi, I try to do something via iRules but it's not working. Our F5 BIG-IP is a reverse proxy and I want to log the public client IP to know who was connected to which URL. But it represents a lot ...
application delivery
BIG-IP
devops
iRules
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Apr 02, 2019

Hi,

I think that the best way to fix your problem is first to investigate why HSL don't work.

First.

Create a pool with the following "syslog_server_pool"

int this pool set your syslog server with the right port.

Create this irule and attached it to your VS 

when CLIENT_ACCEPTED {
   set hsl [HSL::open -proto UDP -pool syslog_server_pool]
}
when HTTP_REQUEST {
    Log HTTP request via syslog protocol as local7.info; see RFC 3164 for more info
   HSL::send $hsl "IP: [IP::local_addr] - URI: [HTTP::uri]\n"
}

Once your Irule is attached, validate that F5 send logs using TCPDUMP:

tcpdump -nni 0.0 host syslog-server-ip1 or host syslog-server-ip2

You can validate that logs degress by the right interface ...

Regards,