Forum Discussion
NimbostratusSolution to capture traffic logs for specific VIP in LTM
Traffic logs wont store in F5 LTM so is there anyway to store the traffic logs from clients to specific VIP in syslog server in network. Please answer if there is any solution.
Samir_Jha_52506Noctilucent
Which kind of log you wanted to store?
Incoming source ip, port,etc? Yes- use hsl profile or iRule to capture all connection details n store in syslog/external log server...
Hope it will solve issue.... Paste if you have specific Questions.
GVR_Dinesh_1748I need to have the traffic with incoming source IP, destination and port. Can you give some idea on FSL profile or sample irule to capture logs.
youssef1Cumulonimbus
Hi,
you can try this irule:
when HTTP_REQUEST { set capture 0 if {[IP::addr [IP::local_addr] equals 1.1.1.195] } { set expert 1 set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]" log local0. "=============================================" log local0. "$LogString (request)" foreach aHeader [HTTP::header names] { log local0. "$aHeader: [HTTP::header value $aHeader]" } log local0. "=============================================" } } when HTTP_RESPONSE { if {$xpert} { log local0. "=============================================" log local0. "$LogString (response) - status: [HTTP::status]" foreach aHeader [HTTP::header names] { log local0. "$aHeader: [HTTP::header value $aHeader]" } log local0. "=============================================" } }If you want to store this logs you can use HSL in order to send it directly to your remote syslog.
You have an example of output logs here: https://devcentral.f5.com/codeshare/log-http-headers
Keep me in touch.
regards