Forum Discussion

Amr_Ali's avatar
Jul 15, 2023

LTM Logs


is there any way to see the ip of the client on LTM , i just can see an statistic on pool or VS , i need to find the source IP of the clint 

5 Replies

  • Amr_Ali This depends on where the client is coming from and if you are using a CDN. When using a CDN will have to look at the HTTP header to find the X-Forwarded-For header field. If we are talking about basic configuration you can go to the following link and it's right at the top of the page.

    • Amr_Ali's avatar
      Icon for MVP rankMVP

      Thanks, Paulius for this info, if I make this irule i will be apple to see the users IP on the pool or just on the VS, 

      and if not, is there any way to find the IP of the client reached to which server on the pool, 

  • As Paulius described, clients behind NATs may seen limited information, so for http traffic, don't forget to look for the appropriat forwarded headers. 

    Aside from that there are a couple of ways to get the details your looking for;

    1. an iRule to log the connection details (see example below)

    2. Local Traffic policy

    3. CLI

    This article talks about how client connection details are not logged by default and provide some methods to find them:

    K54934387: Collect client connections details:

    This article described the process for creating and iRule or Local Traffic Policy to capture client connection details
    K33126241: Log client IP addresses for new TCP sessions on a virtual server

    I also use VSCode CoPilot to write the following example iRule

    # create an irule to log all client and server side connections details
    cat <<EOF > /config/connection_logging.irule
        log local0. "client accepted: [IP::client_addr]:[TCP::client_port]"
    when CLIENT_CLOSED {
        log local0. "client closed: [IP::client_addr]:[TCP::client_port]"
        log local0. "server connected: [IP::server_addr]:[TCP::server_port]"
    when SERVER_CLOSED {
        log local0. "server closed: [IP::server_addr]:[TCP::server_port]"
    when HTTP_REQUEST {
        log local0. "http request: [IP::client_addr]:[TCP::client_port] -> [IP::server_addr]:[TCP::server_port] [HTTP::method] [HTTP::host][HTTP::uri]"
    when HTTP_RESPONSE {
        log local0. "http response: [IP::server_addr]:[TCP::server_port] -> [IP::client_addr]:[TCP::client_port] [HTTP::status] [HTTP::reason]"


    • Ben_Novak's avatar
      Icon for Employee rankEmployee

      Since I leaned on VSCode CoPilot to write this irule for me ( just typed the comment), I wanted to see if it would actually load. 

      Remote the "[HTTP::reason]" from the last log statement and it will load/log traffic.  

      Additional tweaking may be needed for your specific use case.