Forum Discussion

Ruggerfly1's avatar
Ruggerfly1
Icon for Nimbostratus rankNimbostratus
Jun 13, 2016

Request logging profile V11.5.3

Looking for best practices, or what's worked well on a logging profile: here's what I have in the template currently:

 

$DATE_NCSA F5=$BIGIP_HOSTNAME Source=$CLIENT_IP device=$User-Agent request=$HTTP_REQUEST Path=$HTTP_PATH Uri=$HTTP_URI query=$HTTP_QUERY status $HTTP_STATUS

 

Do I need he curly brackets around the variables? Ex request=${HTTP_REQUEST}

 

trying to grab all data in the URI/request, as well as status, user agent. Active sync is the goal and full URI string contains everything.

 

thanks

 

application delivery
LTM
  • Ryannnnnnnnn's avatar
    Ryannnnnnnnn
    Icon for Altocumulus rankAltocumulus
    Jun 14, 2016

    Here's an example of what we use for the majority of our http/https virtual servers

    client $CLIENT_IP:$CLIENT_PORT host.domain.com request $HTTP_REQUEST server $SERVER_IP:$SERVER_PORT
    • Ruggerfly1's avatar
      Ruggerfly1
      Icon for Nimbostratus rankNimbostratus
      Jun 14, 2016
      would this capture and log something like this? POST /Microsoft-Server-ActiveSync?Cmd=FolderSync&User=fakename&DeviceId=v140Device&DeviceType=SmartPhone HTTP/1.1 then in the Response Template I would log the HTTP_STATUS thanks!
    • Ruggerfly1's avatar
      Ruggerfly1
      Icon for Nimbostratus rankNimbostratus
      Jun 14, 2016
      Update - this captured the entire ActiveSync request with User, device, now waiting to see if the HTTP_STATUS from the response is correlated Request Template $DATE_NCSA ${Host} ${User-Agent} Source=$CLIENT_IP request=$HTTP_REQUEST Response Template $DATE_NCSA ${Host} Response HTTP_STATUS code HTTP_STATCODE
    • Ruggerfly1's avatar
      Ruggerfly1
      Icon for Nimbostratus rankNimbostratus
      Jun 14, 2016
      this is working well, but the separate lines to the logger is not correlating the request to the response. Is there a way to inject a session identifier so even on separate lines you can tie the response to the request? thanks
  • Ryan_80361's avatar
    Ryan_80361
    Icon for Cirrostratus rankCirrostratus
    Jun 14, 2016

    Here's an example of what we use for the majority of our http/https virtual servers

    client $CLIENT_IP:$CLIENT_PORT host.domain.com request $HTTP_REQUEST server $SERVER_IP:$SERVER_PORT
    • Ruggerfly1's avatar
      Ruggerfly1
      Icon for Nimbostratus rankNimbostratus
      Jun 14, 2016
      would this capture and log something like this? POST /Microsoft-Server-ActiveSync?Cmd=FolderSync&User=fakename&DeviceId=v140Device&DeviceType=SmartPhone HTTP/1.1 then in the Response Template I would log the HTTP_STATUS thanks!
    • Ruggerfly1's avatar
      Ruggerfly1
      Icon for Nimbostratus rankNimbostratus
      Jun 14, 2016
      Update - this captured the entire ActiveSync request with User, device, now waiting to see if the HTTP_STATUS from the response is correlated Request Template $DATE_NCSA ${Host} ${User-Agent} Source=$CLIENT_IP request=$HTTP_REQUEST Response Template $DATE_NCSA ${Host} Response HTTP_STATUS code HTTP_STATCODE
    • Ruggerfly1's avatar
      Ruggerfly1
      Icon for Nimbostratus rankNimbostratus
      Jun 14, 2016
      this is working well, but the separate lines to the logger is not correlating the request to the response. Is there a way to inject a session identifier so even on separate lines you can tie the response to the request? thanks