Forum Discussion
Wally_Steadman_
Nimbostratus
Nimbostratusv11.2 High Speed Logging
Greetings all,
I am not sure if this is the correct forum, but since it pertains to logging I figured I would ask here.
We are trying to setup High Speed Logging just to test it out and what we are trying to see is the IP address of the client for now.
When I setup the Profile it looks like this:
ltm profile request-log HSL-http-public {
app-service none
defaults-from /Common/request-log
proxy-respond-on-logging-error no
request-log-pool HSL-pool
request-log-protocol mds-tcp
request-log-template CLIENT_IP
request-logging enabled
response-log-template CLIENT_IP
}When I review the Log Server I see the following:
Jul 30 11:52:05 1.2.3.4 CLIENT_IP
So I can tell that information is being sent to the log server, I am just not sure how to configure it so it will show the actual client IP address.
I would thinking that it should look something like this
Jul 30 11:52:05 1.2.3.4 6.7.8.9 where 6.7.8.9 is the Client IP. I believe I am seeing the available parameters but just not sure of the syntax t use for the response-log-template or the request-log-template. Any assistance would be appreciated.
Wally
hooleylistCirrostratus
Hi Wally,
This is the right forum for monitoring and management questions like this.
It's not very clear, but you need to prefix the variable names with a dollar sign in the request logging profile's template setting. If you want to print the actual variable name you can use two dollar signs. Here's a sample template as viewed in the GUI:
$$CLIENT_IP:$$CLIENT_PORT=$CLIENT_IP:$CLIENT_PORT
And here is the syslog output:
$CLIENT_IP:$CLIENT_PORT=10.1.0.115:47140
I'll submit a request to update the manual and online help to clarify this.
Aaron
JPV_131616Cirrus
where is this documented?
Mike_61663If you are just after the list of supported variables for request logging profiles you can go here (for 11.5): http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-11-5-0/1.htm but unfortunately it doesn't include any examples so no it doesn't appear that Aaron's excellent explanation above has yet made it in to the documentation (although I may be wrong and just haven't found it). I'll log another request to get this remedied.
- JPV_131616
thanks!
- JPV_131616
this isn't found on f5 site any more;
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-11-5-0/1.htm
- Mike_61663Strange. I can see it when I'm logged in. Just type the following into the AskF5 search engine "request logging template" and it should be first the document that pops up in the search results.
- JPV_131616
I assume vs logging profile on the vip I can just use irule and log via generic TCL variables like the following;
when CLIENT_ACCEPTED {
set hsl [HSL::open -proto UDP -pool syslog_server_pool] } when HTTP_REQUEST { HSL::send $hsl " Client Request: [IP::client_addr]:[TCP::client_port] To [IP::local_addr]:[TCP::local_port] Request: [HTTP::method] [HTTP::host][HTTP::path] Payload: [HTTP::payload]" }at least in interim.
cheers
- Mike_61663Yes you certainly can utilise HSL iRule commands to log generic TCL variables as you've described. Generally you wouldn't do this if you were using the Request Logging Profiles though as it's kind of the same thing (although you could). Request Logging Profile are really there to provide an alternative to having to use iRules for logging, but of course iRules will always be more flexible if there is something unique that you need to do.
- JPV_131616
I found out I cannot use mgmt interface for HSL, as my current logging profile doesn't do anything on 11.3 HF8 - also the irule HSL logging didn't work either.
Does every one of my traffic self-ips need to be able to talk to the syslog server, or can I just use one interface via a host route, etc.?
Thanks in advance.
thx
- Glauco_M_116936
Hello..
Any news about it ?
I have the same problem here using HSL Request-Logging profile.. !! Is really necessary my sel-ips talk to syslog server ? Why I canĀ“t use mgmt interface or some other (just one interface) to this task ?
THX.