Forum Discussion
Deee-blue_14536
Nimbostratus
NimbostratusRequest logging IRule blocking connection
Hi All,
I have an IRule, not created by myself, which works in one enviornment and blocks all connections in the second environment. For the blocked session the SSL handshake is perfomred successfully and then the connection is blocked. My knowledge of IRules is basic and I'm not able to see where the fault might be so I'd appreciate it if someone might have a look and provide some idea of where the issue is or even find the fault. I'm not able to replicate the setup on the 'working' deployment as we have moved to SAN certs so we now have multiple VIPs, i.e. the client hits the front VIP, performs SSL hand shake and is then forwarded to a secondary VIP based on a forwading policy. The IRule, which is intended to logg client details, is placed on the secondary Virtual server.
Author: xxxxxxx
Modified By: xxxxxxxx
Ticket : xxxxxx
Created : xxxxxxx
modified: xxxxxx
Name : HTTP_xxx_Logging
Purpose: This rule is to send syslogs to both Monities and CC using HSL. This rule is applied to the xxx virtual servers with route domain id 01
when CLIENT_ACCEPTED {
set hsl_mon [HSL::open -proto UDP -pool /Common/xxxxxxxxxxx]
set hsl_cc [HSL::open -proto UDP -pool /LTM/xxxxxxx]
}
when HTTP_REQUEST {
set tcp_start_time [clock seconds]
set milli_start [clock clicks -milliseconds]
set xfor [HTTP::header value "X-Forwarded-For"]
set xfor [IP::remote_addr]
set mth [HTTP::method]
set ua [HTTP::header value "User-Agent"]
set host [HTTP::host]
set uri [HTTP::uri]
set vs [LB::server]
set ver [HTTP::version]
set jsess [HTTP::cookie value JSESSIONID]
set path [HTTP::path]
}
when HTTP_RESPONSE {
set http_end_time [clock seconds]
set elapsed_time [expr {[clock clicks -milliseconds] - $milli_start}]
set contenttype [HTTP::header value "content-type"]
set svr [getfield [IP::server_addr] "%" 1]
set stat [HTTP::status]
HSL::send $hsl_cc "Status=$stat Methods=$mth XFF=$xfor UA=\"$ua\"RequestTime=[clock format $tcp_start_time -format {%d/%m/%Y %H:%M:%S %z}] ResponseTime=[clock format $http_end_time -format {%d/%m/%Y %H:%M:%S %z}] TotalTime=$elapsed_time URL=$host$uri Version=$ver JSESSIONID=$jsess Path=$path MIME=$contenttype VS=$vs APP=$svr\n"
HSL::send $hsl_mon "Status=$stat Methods=$mth XFF=$xfor UA=\"$ua\"RequestTime=[clock format $tcp_start_time -format {%d/%m/%Y %H:%M:%S %z}] ResponseTime=[clock format $http_end_time -format {%d/%m/%Y %H:%M:%S %z}] TotalTime=$elapsed_time URL=$host$uri Version=$ver JSESSIONID=$jsess Path=$path MIME=$contenttype VS=$vs APP=$svr\n"
}
@Deee-blue: you asked about template examples. These two articles should be of assistance:
- https://devcentral.f5.com/questions/configuring-a-request-logging-profile
- https://devcentral.f5.com/questions/request-logging-profile
Here is a small subset of the things you are trying to log in an appropriate template format (on the response side):
Status=$HTTP_STATUS Method=$HTTP_METHOD XFF=${X-Forwarded-For} Total-Time=$RESPONSE_MSECS
VernonWellsEmployee
I recommend looking in
/var/log/ltm. My first guess would be that you are getting an HSL exception. Naturally, for this to work, the associated Virtual Server must have an http profile attached.I will also say that, depending on which version of BIG-IP you are running, you can likely replace this iRule with a Request Logging Profile (which is more efficient). For example, with 11.5.x:
Deee-blue_14536Thnaks vernon, I have been looking at the Request-logging profile but I'm not sure of the format used to add multiple elements into the template. do you know of any examples?
I recommend looking in
/var/log/ltm. My first guess would be that you are getting an HSL exception. Naturally, for this to work, the associated Virtual Server must have an http profile attached.I will also say that, depending on which version of BIG-IP you are running, you can likely replace this iRule with a Request Logging Profile (which is more efficient). For example, with 11.5.x:
- Deee-blue_14536Thnaks vernon, I have been looking at the Request-logging profile but I'm not sure of the format used to add multiple elements into the template. do you know of any examples?
Brad_Parker_139Nacreous
Ensure you have an HTTP profile attached to your Virtual Server since you are using HTTP events in your iRule.
- Deee-blue_14536Hi Brad, I have a http profile attached to the VIP.
Brad_ParkerCirrus
Ensure you have an HTTP profile attached to your Virtual Server since you are using HTTP events in your iRule.
- Deee-blue_14536Hi Brad, I have a http profile attached to the VIP.
- Deee-blue_14536
I have found the cause of the issue, the script using 'HSL::send $hsl_cc' refers to a server pool which in the original IRule I had hashed out so there was no pool to send the logs to. I'm surprised this caused the VIP to fail.
Thanks for all your help.
@Deee-blue: you asked about template examples. These two articles should be of assistance:
- https://devcentral.f5.com/questions/configuring-a-request-logging-profile
- https://devcentral.f5.com/questions/request-logging-profile
Here is a small subset of the things you are trying to log in an appropriate template format (on the response side):
Status=$HTTP_STATUS Method=$HTTP_METHOD XFF=${X-Forwarded-For} Total-Time=$RESPONSE_MSECS- Deee-blue_14536Thanks Vernon, much appreciated.
- VernonWells
@Deee-blue: you asked about template examples. These two articles should be of assistance:
- https://devcentral.f5.com/questions/configuring-a-request-logging-profile
- https://devcentral.f5.com/questions/request-logging-profile
Here is a small subset of the things you are trying to log in an appropriate template format (on the response side):
Status=$HTTP_STATUS Method=$HTTP_METHOD XFF=${X-Forwarded-For} Total-Time=$RESPONSE_MSECS- Deee-blue_14536Thanks Vernon, much appreciated.