Forum Discussion
AltocumulusRequests with 307 responses not logged (missing) in ASM events
AltocumulusIf t is not sent by server, where are the HTTP 307 logs in ltm log coming from?
NacreousGood point, in which irule event do you log them?
- Emil_Tr
HTTP::RESPONSE of course
when HTTP_REQUEST {
set is_pelecard1 0
set path1var [HTTP::path]
set host1var [HTTP::host]
set cip1var [IP::client_addr]
if {($path1var contains "pelecard" )} {
set is_pelecard1 1
set uri1var [HTTP::uri]
set vs1var [IP::local_addr]
log local0. "client ip=$cip1var >> vs: $vs1var $host1var$uri1var [IP::client_addr] [IP::remote_addr] [IP::local_addr] "
}
}when HTTP_RESPONSE {
if {(($is_pelecard1 == 1 ) or ($cip1var == "99.99.99.8"))} {
log local0. "HTTP Status = [HTTP::status] [IP::client_addr] [IP::remote_addr] [IP::local_addr] [IP::server_addr]"
}
}LTM log:
May 21 07:41:19 f5_ASM01 info tmm2[10293]: Rule /Common/_Troubleshoot-iRule <HTTP_RESPONSE>: HTTP Status = 307 99.99.99.8 10.20.3.36 51.51.51.50 10.20.3.36
- Injeyan_Kostas
In that case, 307 is definetely coming from server
But ASM is logging only security event logs by default
307 is not considered security event
Have you adjust logging to log all requests?- Emil_Tr
As I mentioned at the beginning: "logging profile configured to log all requests"
