Forum Discussion
JCaine
Altocumulus
AltocumulusRequest logging profile on non-HTTP traffic
Hello,
While writing an iRule to perform HTTP requests and responses logging via HSL commands, I discovered the Request (responses) logging profile which appears to be a better choice :)
Now, here my question : let's consider my VS Lab_VS which bears HTTP, DHCP and SMTP profiles. It's clear that the request logging will work on it as the HTTP profile is positionned. However, would it log(even if it is OSI-L4 infos : TCP/UDP) information on the time Lab_VS is shipping only non-HTTP (DHCPn SMTP) traffic on it?
To perform this L4 generic logging, do I have to write an iRule (prefered with HSL) or is there any other more suitable way I am missing?
Thank you
Hello JCaine.
Request-logging is only for HTTP traffic. If non-HTTP is your scenario, then forget the request-logging solution.
REF - https://support.f5.com/csp/article/K00847516
In you case the only solution is to use iRules (better with HSL than Remote logging)
F5 profiles work as OSI layer parsers. If you have an TCP VS, only TCP headers will be parsed (you are able to use any TCP::xxx command). If you assign an HTTP to this VS, app header will be also parsed (and you will be able to use HTTP::xxx commands), the same for any other profile: TLS, SMTP, DCHP.
What if you have a custom protocol which runs over TCP? Easy, you should use TCP::payload to capture the whole payload field and try to collect whatever bytes you would need from this field.
REF - https://clouddocs.f5.com/api/irules/TCP__payload.html
Regards,
Dario.
Hello JCaine.
Request-logging is only for HTTP traffic. If non-HTTP is your scenario, then forget the request-logging solution.
REF - https://support.f5.com/csp/article/K00847516
In you case the only solution is to use iRules (better with HSL than Remote logging)
F5 profiles work as OSI layer parsers. If you have an TCP VS, only TCP headers will be parsed (you are able to use any TCP::xxx command). If you assign an HTTP to this VS, app header will be also parsed (and you will be able to use HTTP::xxx commands), the same for any other profile: TLS, SMTP, DCHP.
What if you have a custom protocol which runs over TCP? Easy, you should use TCP::payload to capture the whole payload field and try to collect whatever bytes you would need from this field.
REF - https://clouddocs.f5.com/api/irules/TCP__payload.html
Regards,
Dario.
JCaineHello ,
Thank you verry much for your suitable and detailed answer; pretty satisfying.
Regards
