looking for Irule that will log unique source ip one time

Unique over what sort of period? Unique ever? Last 5 minutes? Since the TMM was restarted?

 

The iRule itself is easy. It's where the lookup is performed to verify whether the IP is unique or not is the harder (And possibly very performance impacting) problem.

 

If you need to make it external, I'd do a combination of a local table of fixed size, and send a log message externally every time it adds a new IP to the table. Then if you want longer-term unique, use a separate external DN and program to further filter that list down.

 

Sorry, lack of time prohibits me writing the iRule for you... But look at the CLIENT_ACCEPT event, tables (For holding the previously seen IP's) and HSL (High Speed Logging).

 

H

 

Thanks for the reply. Unique over a couple of days.

 

If it becomes performance impacting can it auto stop itself, probably not. TMM interface has 127.1.1.1, I read that causes problem using HSL. The logging will not happen for all Client Accept, I will be looking to log only source IP's of customer with specific ciphers. So should not be alot of traffic.

 

How to create table for Irule to update and review/compare ??

 

How to create table for Irule to update and review/compare ??

 

in CLIENT_ACCEPTED, you can lookup client ip in table (i.e. table lookup). if it is not existing, add it into the table (i.e. table set) and send log using hsl. when adding table, you can set lifetime (e.g. a couple of days).

 

table

 

https://devcentral.f5.com/wiki/irules.table.ashx