Forum Discussion

vvskaladhar_488's avatar
vvskaladhar_488
Icon for Nimbostratus rankNimbostratus
Jan 12, 2015

Sending source IP details to syslog servers

HI All, can you help me or guide me for an irule that i can use for sending source IPs of users accessing VIP to syslog servers configured in F5. for ur information we are using Https and offloading to 80

 

application delivery
cisco
devops
iRules
LTM
management

3 Replies

  • LyonsG_85618's avatar
    LyonsG_85618
    Icon for Cirrostratus rankCirrostratus
    Jan 13, 2015

    Here is one we use. Does more than IP address though!

     when HTTP_REQUEST {

set http_request_time [clock clicks -milliseconds]
set timestamp [clock format [clock seconds] -format {%d/%b/%Y:%H:%M:%S %z}] 
set remote [IP::remote_addr]
set client [IP::client_addr]:[TCP::client_port]
set url [HTTP::host][HTTP::uri]
set referer [HTTP::header "Referer"]
set vip [IP::local_addr]:[TCP::local_port]
set httpMethod [HTTP::method]
set httpVersion [HTTP::version]
set xforwardfor [HTTP::header X-Forwarded-For]
set url [string map " x" $url]
set referer [string map " x" $referer] 
set hsl [HSL::open -proto UDP -pool POOL_SYSLOG]

 Limit the url variable to 300 characters
if {[string length $url] > 300} {
  set url "[string range $url 0 300]..."   
}

 Limit the referer variable to 300 characters
if {[string length $referer] > 300} {
  set referer "[string range $referer 0 300]..."   
}

 Build the Request log line
set request_log_line " $timestamp  [virtual name]  $client  $remote  $vip  $url  $referer  $httpMethod  $httpVersion" 
log local0.info "Request - $request_log_line"
}

when HTTP_RESPONSE {

 VARIABLES
 Initialize local variables used in this rule

set http_response_time [ clock clicks -milliseconds ]
set client [IP::client_addr]:[TCP::client_port]
set node [IP::server_addr]:[TCP::server_port]
set nodeResp [HTTP::status]
set payloadLength [HTTP::payload length]
set responseTime [expr $http_response_time - $http_request_time]

  Build the Response log line
 set response_log_line "$client  $node  $nodeResp  $payloadLength  $responseTime  $http_request_time  $xforwardfor" 
log local0.info "Response - $response_log_line"

 Write Request and Response log lines to the LTM log
HSL::send $hsl "IRULE_COMMON_LOG : $request_log_line  -  $response_log_line"
 }