Forum Discussion
swapnilbendekar
Nimbostratus
Nimbostratusway to get away with truncated syslog
Hi friends,
I have written iRule script as:
when HTTP_REQUEST {
if {[HTTP::header value Content-Type] contains "application/vnd.syncml+xml"}{
set secs [clock seconds]
set msec [clock clicks -milliseconds]
set base [expr { $secs * 1000 } ]
set fract [expr { $msec - $base }]
if { $fract >= 1000 } {
set diff [expr { $fract / 1000 }]
incr secs $diff
incr fract [expr { -1000 * $diff }]
}
log local0. " [clock format $secs -format {%H:%M:%S}].$fract HTTP::payload: [HTTP::payload]"
}
}
when HTTP_RESPONSE {
if {[HTTP::header value Content-Type] contains "application/vnd.syncml+xml"}{
set secs [clock seconds]
set msec [clock clicks -milliseconds]
set base [expr { $secs * 1000 } ]
set fract [expr { $msec - $base }]
if { $fract >= 1000 } {
set diff [expr { $fract / 1000 }]
incr secs $diff
incr fract [expr { -1000 * $diff }]
}
log local0. " [clock format $secs -format {%H:%M:%S}].$fract HTTP::payload: [HTTP::payload]"
}
}
and syslog-ng.conf file is like
CUSTOM LOGGING FOR Performance Optimization App =======
filter f_local0 {
facility(local0) and not match(": ");
};
filter f_local0_customlog {
facility(local0) and match(": ");
};
destination d_customlog {
file("/var/log/customlog" create_dirs(yes));
};
log {
source(local);
filter(f_local0_customlog);
destination(d_customlog);
};
CUSTOM LOGGING FOR Performance Optimization App =======
Since request, response are more than 1024 bytes (syslog max size ), logs are truncated.
I tried the logging onto remote machine using udp ("ip_address" port (514)) but there also same problem persists.
So friend, is there any way to get full logs to deal with such scenario?
Is there any way to redirect the logs to remote machine before going to syslog ?
Can we invoke any perl/shell script from irule script itself ?
Else is there method to break the request & response break (I know rechunk/unchunk is possible for HTTP_REQUEST only) ?
please help me out from this.
I have to parse these logs in order to get the request-response time required for each operation & its status.
Thanks in Advance.
2 Replies
hoolioCirrostratus
I'd look at High Speed Logging as this bypasses the local syslog daemon:
http://devcentral.f5.com/wiki/default.aspx/iRules/hsl
Also, if you want to capture the full HTTP payload, you'll need to call HTTP::collect and then use HTTP::payload to access the collected data:
http://devcentral.f5.com/wiki/default.aspx/iRules/http__collect
http://devcentral.f5.com/wiki/default.aspx/iRules/http__payload
Aaron
swapnilbendekarHi Aron,
Thanks for the response. Actually I am using the virtual edition.
I configured the VLAN's and Self IP's using the GUI.
My Management Port IP Address is 172.17.14.244 / 24
wheres Managaement Route is 172.17.14.1
AlsoInternal Network Configuration Self IP 172.17.4.96 / 24
But I am not able to create External VLAN with some error e.g.
01070354:3: Self IP 172.17.4.97 / 255.255.255.0: This network is defined on two vlans (external and internal)
01020066:3: The requested self IP address (172.17.4.96) already exists in partition Common.
So, everything in network map ( Nodes, Pool Members, Virtual Pool, Virtual Server) shows unknown.
Thats why I am not able to test the changes suggested by you.
Could you please let me know where I am getting wrong.
Also one query, the url mentioned by you suggest syntax for HTTP_REQUEST, will it work for HTTP_RESPONSE as well ?
Appreciate your help
Thanks & Regards,
Swapnil P. Bendekar
