Forum Discussion
MR_RJ
Cirrus
Nov 21, 2011Logging when there are multiple threads from one host
Hi,
I got a question from the development team that I doubt I can solve with a LTM but why not ask here, maybe anyone got a idea if it's possible at all.
We have a application (web service) on port 443. The SSL is terminated at the LTM/BIGIP (v10.2.x).
They wonder if I can somehow log if there is multiple threads from a single source IP.
Not sure how this is possible, how do i count threads? is it equal to two simultaneous connections from one single IP? or is it possible to have several threads within 1 current/open connection?
If I should log two or more simultaneous connections from a single IP I guess it's possible with a iRule, check if the source/client IP is in some table and then log it to syslog.
But... still not sure if that will do. Anyone in here that got similar situations that you have solved?
//Robert
10 Replies
Sort By
- hoolio
Cirrostratus
Hi Robert, - MR_RJ
Cirrus
Hi Hoolio, - MR_RJ
Cirrus
Hi again Aaron, - MR_RJ
Cirrus
removing, the code didnt look good in formating - MR_RJ
Cirrus
when RULE_INIT { array set ::customer_sourceip { } } when HTTP_REQUEST { if { [HTTP::request_num] > 1 } then { if { ([info exists ::customer_sourceip([IP::client_addr])]) } { incr ::customer_sourceip([IP::client_addr]) log local0. "SourceIP - [IP::remote_addr] - _Threads_high [HTTP::request_num]" } else { set ::customer_sourceip([IP::client_addr]) 1 } log local0. "SourceIP - [IP::remote_addr] - _Threads_high [HTTP::request_num]" } if { [HTTP::uri] starts_with "/ROB" } { HTTP::respond 200 content [array get ::customer_sourceip] set td_html "" foreach {SRC_IPS} [array get ::customer_sourceip] { append td_html "$SRC_IPS$SRC_IPS" } append td_html "" HTTP::respond 200 content $td_html } } I have some issues with the html page... Found this post that you are were active in: http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/1172718/showtab/groupforums/Default.aspx Seems to be the same problem in 10.2.1 :( //Robert
- Michael_Yates
Nimbostratus
Hi Mr_RJ, - nitass
Employee
I have some issues with the html page... - MR_RJ
Cirrus
when RULE_INIT { array set ::customer_sourceip { } } when HTTP_REQUEST { if { [HTTP::request_num] > 20 } then { if { ([info exists ::customer_sourceip([IP::client_addr])]) } { incr ::customer_sourceip([IP::client_addr]) log local0. "SourceIP - [IP::remote_addr] - SYSNAME_Threads_high [HTTP::request_num]" } else { set ::customer_sourceip([IP::client_addr]) 1 } log local0. "SourceIP - [IP::remote_addr] - SYSNAME_Threads_high [HTTP::request_num]" } if { [HTTP::uri] starts_with "/ROB" } { HTTP::respond 200 content [array get ::customer_sourceip] set td_html "" foreach {SRC_IPS CNT_HITS} [array get ::customer_sourceip] { append td_html "$SRC_IPS$CNT_HITS" } append td_html "" log local0. "ROOOOOOOOOOOOOOOB $td_html" HTTP::respond 200 content $td_html } }
- nitass
Employee
Bug 226119 is fixed in 10.2.1 HF1. i tested in 10.2.3 and it seems to be okay. - MR_RJ
Cirrus
Ah nice, might be the new ID causing me not to get any hits in my search.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects