Forum Discussion
Passing log statement to F5 device using iControl
Is there any way to tell an F5 device to log a certain string using iControl?
The specific iControl application provides a layer of abstraction for users that do not have an account on the F5 ...
hoolio
Cirrostratus
CirrostratusUsing one VIP makes for less configuration, but it also leaves you with fewer and more complicated options if you want to manipulate the traffic. That, said, this should be pretty simple to do. If you want to add an HTTP based event to a rule, you need to use an HTTP profile on the VIP. If you have non-HTTP traffic going through the VIP, you'd want to disable the profile for it. It looks like you can determine whether it's an HTTP request or not based on the port the client makes the request to. So something like this should work:
when CLIENT_ACCEPTED {
log local0. "[IP::client_addr]:[TCP::client_port]: new TCP connection to [IP::local_addr]:[TCP::local_port]"
Check the port the client requested
switch [TCP::local_port] {
"2500" {
Client request is SSH, use SSH node
log local0. "[IP::client_addr]:[TCP::client_port]: SSH request. Using node and disabling HTTP"
node 172.16.1.33 22
Disable HTTP profile
HTTP::disable
}
"80" {
Client request is HTTP do nothing
log local0. "[IP::client_addr]:[TCP::client_port]: HTTP request"
}
default {
Client request is to an undefined port, so drop the packets
log local0. "[IP::client_addr]:[TCP::client_port]: undefined port. Dropping"
drop
}
}
}
when HTTP_REQUEST {
This event will only be triggered if the HTTP profile is enabled
and the HTTP headers are parsed
log local0. "[IP::client_addr]:[TCP::client_port]: new HTTP request to [HTTP::host][HTTP::uri]"
}
Aaron
- This is certainly something that's possible via iRules.
It would look something like:when HTTP_REQUEST { if { [HTTP::header exists header1] } { persist uie [HTTP::header header1] } pool http_pool }
This would set the persistence record to use the value from the header1 header if it exists, regadless of client IP information or anything else. Otherwise, it would just send the request along to the pool as a normal, non persistent request.
HTH,
-Colin 
Ganesh_RamamoorNimbostratus
Thanks!
I tried that but it doesn't work for me. But now I think I know why, but I want to confirm this: I have two virtual servers, one with an external address and one with an internal address. Though both the virtual servers have the same iRule (with the persistence logic) assigned to them, I guess the persistence will be restricted to a virtual server? Meaning, there would be individual persistence tables for each virtual server, right?
If that's the case, is there a way to do this? My requirement basically is as follows: Client comes in with header1 thru' external-virtual-server and goes to server1. Client then contacts server2 thru' external-virtual-server. Now server2 uses header1 and needs to contact server1 thru' internal-virtual-server (this is where the persistence is used to contact the same server1)
Thanks- Ganesh_Ramamoor
Can anyone shed some light on this?
Thanks - Try adding the persist universal profile to the virtual servers and enable the "across virtuals" option.
- Ganesh_Ramamoor
That did it!
Thank you.
![\"F5](\"https://www.f5.com/content/dam/f5/f5-logo.svg\"){kind=logo}
