For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

John_Lennon_457's avatar
John_Lennon_457
Icon for Nimbostratus rankNimbostratus
Oct 07, 2010

ProxyPass and common logging

I'm in the process of converting a few sites from other technologies to F5 LTM using ProxyPass v10 on TMOS 10.2. Currently each site relies on the Reverse Proxy logs to be collected for analysis and p...
application delivery
dev
devops
iRules
JRahm's avatar
JRahm
Icon for Admin rankAdmin
Oct 19, 2010
Have you considered HSL (Click Here)? This logs on the wire to a pool defined locally on the LTM so you can have a log farm to handle the load in the event you lose a single server. Alternatively, you can create special log files if you have a particular string in the log message for syslog to key off of and send to alternate file. You could use the virtual name command to specific the appropriate virtual server in the log message from the iRule, then create your files in syslog as such (virtualserver1 as an example):

 

 


tmsh modify sys syslog include '"
filter f_local0 {
    facility(local0) and not match(\": virtualserver1-\");
};
 
filter f_local0_virtualserver1 {
    facility(local0) and match(\": virtualserver1-\");
};
 
destination d_virtualserver1 {
    file(\"/var/log/virtualserver1\" create_dirs(yes));
};
 
log {
    source(local);
    filter(f_local0_virtualserver1);
    destination(d_virtualserver1);
};
"'

tmsh save / sys config
tmsh restart sys service syslog-ng

 

 

Just in case the code gets garbled above, smp wrote a tech tip on custom syslog files and rotation: http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1084377/Writing-to-and-rotating-custom-log-files.aspx Click Here

 

 

HTH....Jason