Forum Discussion
CirrusLTM log suppressing messages
MVPHi! This is an interesting question that's a little tricky to answer properly ..
iRules are event-driven language, and this means that your code will be executed once every time that the trigger condition (called the iRule event, ie. HTTP_REQUEST) is triggered.
The way that these events fire is usually largely dependent on the traffic/network flow across the BIG-IP: the F5 proxy architecture is made up of a series of filters, designed to perform specific functions; and each of these filters has an associated set of iRules events that fire at that point in the session’s life cycle as well, when the connection is being interrogated or affected by the particular filter in question. As the connection is passed up the chain more and more specific filters fire, along with events to match.
Regarding your statement,
But each client side request should be a new request for F5 (at least that's what I think).
This isn't always the case. For instance, some content could be cached, or the HTML code that loads the page might reference some external CSS <link>-elements, or external JS <script>-elements.
In my opinion, wireshark is a better tool to perform this type of analysis, since every packet captured on the BIG-IP will represent a session that has been handed over from the client side of the proxy to the server side (and vice versa), meaning it should have passed its way down the filter chain on each side.
