Forum Discussion
VIP Client Logging "Not RFC1918"
- May 11, 2021
Thank you Alex for the response. I ended up going with this irule. Initially after applying the irule I was still logging the private networks. What I found is that I had to surround the private_net with quotes. After doing this I only saw public networks.
Now I need to send it to a remote syslog instead of logging local0. I just have to research how those lines of code will look like.
when HTTP_REQUEST { if { not ([class match [IP::client_addr] equals "private_net"])} { log local0. "clientIP:[IP::client_addr] accessed [HTTP::host][HTTP::uri]"} }
Thank you Alex for the response. I ended up going with this irule. Initially after applying the irule I was still logging the private networks. What I found is that I had to surround the private_net with quotes. After doing this I only saw public networks.
Now I need to send it to a remote syslog instead of logging local0. I just have to research how those lines of code will look like.
when HTTP_REQUEST {
if { not ([class match [IP::client_addr] equals "private_net"])} {
log local0. "clientIP:[IP::client_addr] accessed
[HTTP::host][HTTP::uri]"}
}
Ahyes, sorry I missed that.
Regarding sending to remote log, have a look at HSL logging; https://clouddocs.f5.com/api/irules/HSL__open.html
This is the most efficient way to send logs to remote servers.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com