Forum Discussion
rb1980_75708
Oct 28, 2010Nimbostratus
logging X-Forwarded-For in WA hit logs
I already asked this question over a year ago [here] and never got any answer, so i'm asking again.
I want to log the value of an X-Forwarded-For header in my WA access logs.
There are plenty of examples on DC of how to do this on your origin server but none that talk about the WA hit logs.
We have this mysterious "Custom Request Information" option available but I cannot find it documented anywere.
Someone, please!
- Chris_MillerAltostratusLooks like you want to log to /var/log/wa? iRules log to /var/log/ltm. I'll look around and see if I can come up with an option.
- Chris_MillerAltostratussmp wrote a tech tip that might work. You'll need to edit syslog though.
when HTTP_REQUEST { if { [HTTP::header exists "X-Forwarded-For"] } { log local0. "X-Forwarded-For was [HTTP::header X-Forwarded-For]" } }
tmsh modify sys syslog include '" filter f_local0 { facility(local0) and not match(\": \"); }; filter f_local0_customwa { facility(local0) and match(\": \"); }; destination d_customwa { file(\"/var/log/wa\" create_dirs(yes)); }; log { source(local); filter(f_local0_customlog); destination(d_customlog); }; "' save the configuration change: tmsh save / sys config and restarting the syslog-ng service: tmsh restart sys service syslog-ng
- Drew_Kane_23142Historic F5 AccountThe %f field was introduced in 9.4.7 for this. See SOL10563 (http://support.f5.com/kb/en-us/solutions/public/10000/500/sol10563.html).
- rb1980_75708NimbostratusYay! That's the answer I was looking for! Thanks, Drew.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects