wanna record user_agent from specific client ip

Hi Jucao,

That's close. You can set a variable in CLIENT_ACCEPTED to track whether to log the User-Agent header value in HTTP_REQUEST:

when CLIENT_ACCEPTED {
   if { [IP::addr [IP::client_addr] equals 174.76.19.40] } {
      set log_ua 1
   } else {
      set log_ua 0
   }
}
when HTTP_REQUEST {
   if { $log_ua == 1 } {
      log local0. " 174.76.19.40 uses [HTTP::header value user_agent]"
   }
}

Aaron

Aaron,

I know that Jucao was using the CLIENT_ACCEPTED event but is there any advantage to setting a variable in the CLIENT_ACCEPTED event in order to selectively log in the HTTP_REQUEST event as opposed to doing it all in one event? I am thinking something like:

when HTTP_REQUEST {
  if { [IP::client_addr] equals 174.76.19.40 } {
    log local0. "  174.76.19.40 uses [HTTP::header value user_agent]"
  }
}
 

Is there less overhead collecting the client IP in the CLIENT_ACCEPTED event?

Richard

Hi Richard,

 

 

Your version would definitely work and is less code. The advantage to doing the IP comparison in CLIENT_ACCEPTED is that you only do it once per TCP connection. If the client reuses the TCP connection for multiple HTTP requests, you save doing that lookup on every HTTP request.

 

 

Aaron

Hi Aaron,

 

 

Your last reply made me think - is there a guide on iRule efficiency in terms of what types of events are best suited for certain types of actions? For example, I have a ton of iRules where I am checking pool availability, redirects/pool selection based on URI substrings, etc. and they are nearly all within HTTP_REQUEST events. I've found a lot of documentation on improving the iRule code itself for efficiency... just curious if there was anything available at a more conceptual level.

 

 

Thanks,

 

Jen

Hi Jen, check out the optimization 101 articles, doesn't directly address event-specific command usage, but that's a good one to add to the list.

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/iRules101.html - Click Here

Hi Jen,

 

 

In addition to Jason's info...

 

 

The reason it makes sense to do IP and port checks in CLIENT_ACCEPTED is that that clientside info can't change over the course of a TCP connection. If you're inspecting layer 7 content it makes sense to do it on each HTTP request as it could change on each request. If you want specific feedback on some of your more important or heavily used iRules, feel free to post an anonymized copy of them. We can give you some tips that you might be able to apply to the rest of your rules.

 

 

Aaron

ok,thanks ,everyone

 

So it is more efficiency to use

 

when CLIENT_ACCEPTED {

 

if { [IP::addr [IP::client_addr] equals 174.76.19.40] } {

 

set log_ua 1

 

} else {

 

set log_ua 0

 

}

 

}

 

when HTTP_REQUEST {

 

if { $log_ua == 1 } {

 

log local0. " 174.76.19.40 uses [HTTP::header value user_agent]"

 

}

 

}

 

 

right?

 

I will delete

 

else {

 

set log_ua 0

 

}

 

because I only want to record these who belong to 174.76.19.40

 

.

 

it will be great help in my case

 

I will try this and post the reult here.

You should use the full iRule. If you removed the else clause, you'd get a runtime error for every other client IP when the log_ua variable doesn't exist. The iRule as I wrote it will do what you're looking for and just log the User-Agent header for that specific client IP address.

 

 

Aaron

oh,yes,hoolio

 

thanks very much

 

I tried to remove else clause,it has errors like this:

 

Jun 2 16:28:28 slot3/tmm err tmm[6309]: 01220001:3: TCL error: cjjtest - can't read "log_ua": no such variable while executing "if { $log_ua == 1 } { log local0. " 174.76.19.40 uses [HTTP::header value User-Agent]" }"

 

 

It means when execute

 

when HTTP_REQUEST {

 

if { $log_ua == 1 } ,bigip can't find log_ua with respect that some other ip ,right?

 

but it doesn't affect the whole process,right?

 

or can u tell me in which condition it will affect the process or performance?

I expect you'll get a TCP reset if the variable doesn't exist. If you use the full iRule I posted the iRule will function for that specific client IP and all other client IPs. It will only log for that specific client IP.

 

 

Aaron