Forum Discussion
0_60009
Nimbostratus
NimbostratusReplace Isa Server with F5 Ltm
Hi All,
I'm new to the community, but i work with F5 ltm from few years. A customer of mine want replace an ISA server (reverse proxy) with an LTM. I'm trying to reproduce the session log of the isa server using HSL, but I' need to understand how to write a very detailed i rules comprensive of: GMT Log Time,log Time,Original Client IP,Client Agent ecc ecc I cant find a detailed manual where i can have all the info I need.
Does someone have a detailed i'rule manual?
Thanks in advance for any advice.
4 Replies
Yann_DesmarestCirrus
hello,
here is an example of a working irule
From: W3C Extended Log File Examples (IIS 6.0) http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ffdd7079-47be-4277-921f-7a3a6e610dcb.mspx?mfr=true Fields: date time c-ip cs-username s-ip cs-method cs-uri-stem cs-uri-query sc-status sc-bytes cs-bytes time-taken cs-version cs(User-Agent) cs(Cookie) cs(Referrer) This iRule will open up to connections to two syslog pools. The desire is to put one syslog server in each pool, so you can send the same syslog data to two pools. when CLIENT_ACCEPTED { Open a new high speed logging connection to the syslog pool named syslog_server_pool set hsl1 [HSL::open -proto UDP -pool syslog_server_pool] set hsl2 [HSL::open -proto UDP -pool syslog_server_pool2] } when HTTP_REQUEST priority 999 { Save request variables that are not accessible in HTTP_RESPONSE, like the URI, request method, etc set req_start [clock clicks -milliseconds] set cs_username [HTTP::username] set cs_uri_stem [HTTP::path] set cs_uri_query [HTTP::query] set cs_bytes [HTTP::header Content-Length] set ua [HTTP::header User-Agent] set cookies [HTTP::header values Cookie] set referer [HTTP::header Referer] } when HTTP_RESPONSE { Send the syslog message with a syslog facility of 134 (local0.info) See the HSL wiki page for details on the facilties: https://devcentral.f5.com/wiki/iRules.HSL__send.ashx Replace null values with a hyphen: Use string map to replace a "tab space tab" with "tab hyphen tab" HSL::send $hsl1 "[string map [list "\t \t" "\t-\t"]\ "<134>\t\ [info hostname]\t\ [IP::local_addr]\t\ [clock format [clock seconds] -format "%d/%m/%Y %H:%M:%S %z"]\t\ [IP::client_addr]\t\ $cs_username\t\ [clientside {IP::local_addr}]\t\ $cs_uri_stem\t\ $cs_uri_query\t\ [HTTP::status]\t\ [HTTP::header Content-Length]\t\ [expr {[clock clicks -milliseconds] - $req_start}]\t\ [HTTP::version]\t\ \"$ua\"\t\ $cookies\t\ $referer\ "]\n" HSL::send $hsl2 "[string map [list "\t \t" "\t-\t"]\ "<134>\t\ [info hostname]\t\ [IP::local_addr]\t\ [clock format [clock seconds] -format "%d/%m/%Y %H:%M:%S %z"]\t\ [IP::client_addr]\t\ $cs_username\t\ [clientside {IP::local_addr}]\t\ $cs_uri_stem\t\ $cs_uri_query\t\ [HTTP::status]\t\ [HTTP::header Content-Length]\t\ [expr {[clock clicks -milliseconds] - $req_start}]\t\ [HTTP::version]\t\ \"$ua\"\t\ $cookies\t\ $referer\ "]\n" }
0_60009Thank you very much, it is exactly what I was looking for
Carlos_AlperinWhat are you using? I mean what version on the LTM? 11.4.x? or 11.5.x or 11.6.x? We 're implementing it but F5 seems to recomend use APM and SWG that was not on our plan.- nitass
Employee
i do not see any version-specific command there, so i think any 11.x should work.
