Need to Transfer Server Connection log to a Syslog Server

Do you have a TMM route to the server?

 

https://devcentral.f5.com/wiki/irules.log.ashx

 

" must be a TMM-routed address. If you must route specific messages to a remote address via the management interface, you must log locally. syslog-ng is able to route messages via both TMM and management interfaces using the standard syntax. You can define an appropriate filter and remote log destination in LTM's syslog-ng service."

 

Hello,

it's not working like that, your irule must seem to :

when SERVER_CONNECTED { 

log local0.info "Client: [IP::client_addr], Pool member [IP::server_addr]:[TCP::server_port]"

}

But in this case you logs information in /var/log/ltm, if you want to transfer this logs to your syslog server you have to set sylog server in LTM conf: System ›› Logs : Configuration : Remote Logging.

But in all case I advise you to use HSL for performance reason...

Regards,

HSL Logging should be something like below,

(tmos) create ltm pool syslog-pool members add { 1.1.1.1:514 } monitor udp

when SERVER_CONNECTED {
set hsl [HSL::open -proto UDP -pool syslog-pool]
HSL::send $hsl "HSL LOGGING --> Client: [IP::client_addr], Pool member [IP::server_addr]:[TCP::server_port]" 
}