Logs of traffic to /tophat/tophat.js for the past week?

Question

I was tasked with finding out information about traffic to a few hosts we have that hit a Virtual IP on the BIG-IP F5.  They're trying to figure out who's still using the original Tophat and hasn't switched over to tophat2.  I'm not entirely sure of where to start on this.  Is there a way to capture this information from the last 7 days from Analytics in BIG-IP or other logs?

simon_blakely · Answer

Unless you have an existing Analytics profile applied to the virtual server, the answer is no.

The LTM (by default) does not log information on traffic passing through a virtual server.

You can collect data with an Analytics profile (if AVR is provisioned), or apply a Request Logging profile - preferably to an off-box logging solution (like Splunk/ArcSight).

Otherwise, you need to write an iRule to do this logging.

Can this data be extracted from the pool member logs using X-Forwarded-For headers to identify incoming IP addresses?

Forum Discussion

Logs of traffic to /tophat/tophat.js for the past week?

1 Reply

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

APM Access Policy|SSLVPN | SAML auth questionnaires

Azure Virtual Machine Scale Set (VMSS) with F5 LTM

F5 DNS Generic Host

Which encyrtion algorithm is used when making Kerberos ticket encyrtion.

F5 Reporting Options

Related Content

A long week of breaches - Jan 7th - 13th, 2023, F5 SIRT - This Week in Security

Community Highlights, Week 15 '23

Community Highlights, Week 45, '22

Community Highlights, Week 7 '23

Community Highlights, Week 34, '22

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS