For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tracy_Butler_90's avatar
Tracy_Butler_90
Icon for Nimbostratus rankNimbostratus
Jul 06, 2006

writing an irule to log all traffic

Need assistance with writing an irule to log all traffic flow. Support suggested that this should be done versus making changes to the syslog-ng file. I've tried making changes to syslog-ng file wit...
application delivery
dev
devops
iRules
Pav_70755's avatar
Pav_70755
Icon for Nimbostratus rankNimbostratus
Oct 18, 2011
Shoudl something like this work combining the two rules?

i guess i would need one to log http traffic under http_mx_log and one for tcp under tcp_mx_log? 

 when HTTP_REQUEST {
    set the URL here, log it on the response
   set url [HTTP::header Host][HTTP::uri]
   set vip [IP::local_addr]:[TCP::local_port]
}

when HTTP_RESPONSE {
   set client [IP::client_addr]:[TCP::client_port]
   set node [IP::server_addr]:[TCP::server_port]
   set nodeResp [HTTP::status]

     local0.* /var/log/ltm
filter f_local0 {
facility(local0) and level(info..emerg) and not match("http_mxa_log") and not match("http_mxb_log");
};

destination d_ltm {
file("/var/log/ltm" create_dirs(yes));
};

log {
source(local);
filter(f_local0);
destination(d_ltm);
}