Forum Discussion
Shruti_Malik_84
Nimbostratus
NimbostratusNeed an i-Rule for logging purposes
Can we make an i-Rule for logging the following details?
The following properties can be logged and their format can be configured in IIS.
-Date
-Time
-Client IP Address
-User Name
-Method
-URI Stem
-URI Query
-Protocol Status
-Bytes Sent
-Bytes Received
-Time Taken
-User Agent
-Cookie
-Referrer
I want similar logging in F5
Can these properties be read from https_headers or from some other location and finally logged in a text file?
How to write an i-Rule for logging and also reading and writing into a file?
6 Replies
hoolioCirrostratus
You can use a rule to log information about requests and responses. You can then configure syslog-ng to process the log events to a file or to a remote syslog server.
Check this post (Click here) for examples of how to log all requests with syslog-ng.
Aaron
Shruti_Malik_84Hi Aaron,
Thanx for giving the i-Rule
I had tried just detting the IP address of the client using this i-Rule:
when CLIENT_ACCEPTED {
set vip [IP::local_addr]:[TCP::local_port]
}
when SERVER_CONNECTED {
set client "[IP::client_addr]:[TCP::client_port]"
set node "[IP::server_addr]:[TCP::server_port]"
}
when CLIENT_CLOSED {
log connection info
log local0.info "Client $client -> VIP: $vip -> Node: $node"
}
Now can u help me out by telling where would this information be present...path of the file!!- hoolioBy default, events logged to the local0 syslog-ng facility are recorded in the /var/log/ltm log file.
You can access the log via the GUI under 'System | Logs | Local Traffic' or by running 'tail -f /var/log/ltm' from the command line.
Aaron - tungsten_112959when CLIENT_ACCEPTED {
set vip [IP::local_addr]:[TCP::local_port]
}
when SERVER_CONNECTED {
set client "[IP::client_addr]:[TCP::client_port]"
set node "[IP::server_addr]:[TCP::server_port]"
}
when CLIENT_CLOSED {
log connection info
log local0.info "Client $client -> VIP: $vip -> Node: $node"
}
===================================================================
when I create this iRule, seems like my web had stop responding
viewing the ltm logs show as below
=============================================================================
Apr 25 13:23:16 tmm tmm[725]: 01220001:3: TCL error: Rule http_logger - can't read "nodePort": no such variable
while executing "log local0.info "Client: $client -> VIP:$vip$url -> Node: $node:$nodePort with response $nodeResp""
=============================================================================
So what do we need to replace the "nodePort" variable with? Thanks - hoolioSorry about that. I had changed the example so that the node IP address and port were saved to $node. You can remove the $nodePort variable from the log statement. I updated the other thread with this:
when HTTP_REQUEST { set the URL here, log it on the response set url [HTTP::header Host][HTTP::uri] set vip [IP::local_addr]:[TCP::local_port] } when HTTP_RESPONSE { set client [IP::client_addr]:[TCP::client_port] set node [IP::server_addr]:[TCP::server_port] set nodeResp [HTTP::status] log connection info log local0.info "Client: $client -> VIP:$vip$url -> Node: $node with response $nodeResp" }
Aaron - tungsten_112959millions thanks Aaron
