Forum Discussion

Debu_Majhi_3356's avatar
Debu_Majhi_3356
Icon for Nimbostratus rankNimbostratus
Apr 25, 2018

Need to Transfer Server Connection log to a Syslog Server

I have configured the following iRule to transfer the Server connection log to a syslog server.When I am configuring with VIP with this iRule ,the web page is not loading but when I am removing the IP address of syslog server the web page is loading properly and also we can see the log of all details in local LTM log.

 

Can any one please help me to resolver the issue The LTM in Active and Standby mode .IOS-F5 vCMP Version: 12.1.1HF2

 

when SERVER_CONNECTED { log 192.168.0.1 local0.info "Client: [IP::client_addr], Pool member [IP::server_addr]:[TCP::server_port]" }

 

ERROR

 

Apr 25 17:21:35 slot1/ABC-IOC1-LB02 err tmm[18012]: 01220001:3: TCL error: /Common/Syslog_Transfer - Traffic rejected (line 1) (line 1) invoked from within "log 192.168.0.1 local0.info "Client: [IP::client_addr], Pool member [IP::server_addr]:[TCP::server_port]""

 

  • Do you have a TMM route to the server?

     

    https://devcentral.f5.com/wiki/irules.log.ashx

     

    " must be a TMM-routed address. If you must route specific messages to a remote address via the management interface, you must log locally. syslog-ng is able to route messages via both TMM and management interfaces using the standard syntax. You can define an appropriate filter and remote log destination in LTM's syslog-ng service."

     

  • Hello,

    it's not working like that, your irule must seem to :

    when SERVER_CONNECTED { 
    
    log local0.info "Client: [IP::client_addr], Pool member [IP::server_addr]:[TCP::server_port]"
    
    }
    

    But in this case you logs information in /var/log/ltm, if you want to transfer this logs to your syslog server you have to set sylog server in LTM conf: System ›› Logs : Configuration : Remote Logging.

    But in all case I advise you to use HSL for performance reason...

    Regards,

  • HSL Logging should be something like below,

    (tmos) create ltm pool syslog-pool members add { 1.1.1.1:514 } monitor udp

    when SERVER_CONNECTED {
    set hsl [HSL::open -proto UDP -pool syslog-pool]
    HSL::send $hsl "HSL LOGGING --> Client: [IP::client_addr], Pool member [IP::server_addr]:[TCP::server_port]" 
    }