Forum Discussion

Nimbostratus

Jul 06, 2006

writing an irule to log all traffic

Need assistance with writing an irule to log all traffic flow. Support suggested that this should be done versus making changes to the syslog-ng file. I've tried making changes to syslog-ng file wit...

Nimbostratus

Oct 30, 2015

I was getting a TCL error (TCL error: /Common/LogRule - can't read "client": no such variable while executing "log local0.info "Client $client -> VIP: $vip -> Node: $node"") when I created an iRule by copying/pasting the TCP logger rule in hoolio's first post and found I had to remove some quotation marks to properly set the variables. I'm running 11.6.0 Build 5.123.429. I also slightly modified it so it logs both when the connection is made and disconnected.

Here's what I used:

when CLIENT_ACCEPTED {  
   set vip [IP::local_addr]:[TCP::local_port]
}

when SERVER_CONNECTED {  
   set client [IP::client_addr]:[TCP::client_port]
   set node [IP::server_addr]:[TCP::server_port]
   log local0.info "Connected: Client $client -> VIP: $vip -> Node: $node"  
}  

when CLIENT_CLOSED {  
   log local0.info "Disconnected: Client $client -> VIP: $vip -> Node: $node" 
}

This was a super helpful thread, thanks hoolio!

aries22

Altocumulus

Feb 07, 2018

Hi everyone,

I applied sinamotamedi's revised script but still get TCL errors.

I even made adjustments in hopes to reduce errors:

when CLIENT_ACCEPTED {
   set vip [IP::local_addr]:[TCP::local_port]
   set client [IP::client_addr]:[TCP::client_port]
}
when SERVER_CONNECTED {
   set node [IP::server_addr]:[TCP::server_port]
   log local0.info "Connected: Client $client -> VIP: $vip -> Node: $node"
}
when CLIENT_CLOSED {
   log local0.info "Disconnected: Client $client -> VIP: $vip" 
}
when SERVER_CLOSED {
   log local0.info "A client has disconnected on Node: $node" 
}

The Client_CLOSED event does not generate error anymore but I'm still getting error for the SERVER_CLOSED event sometimes:

01220001:3: TCL error: /Common/TCP_Logger  - can't read "node": no such variable     while executing "log local0.info "A client has disconnected on Node: $node""

I'm assuming this is caused by a connection with established client-side but unestablished server-side. Is my assumption correct? How do I correct the SERVER_CLOSED event logging script so that it won;t generate errors?

sinamotamedi_15

Nimbostratus

Feb 07, 2018

It seems like the error is saying the "node" variable doesn't exist so what you could do is add an IF/ELSE statement that checks whether the variable exists before writing to the log. Here's an example given the script you posted:

when CLIENT_ACCEPTED {
   set vip [IP::local_addr]:[TCP::local_port]
   set client [IP::client_addr]:[TCP::client_port]
}
when SERVER_CONNECTED {
   set node [IP::server_addr]:[TCP::server_port]
   log local0.info "Connected: Client $client -> VIP: $vip -> Node: $node"
}
when CLIENT_CLOSED {
   log local0.info "Disconnected: Client $client -> VIP: $vip" 
}
when SERVER_CLOSED {
   if {[info exists node]} {
       log local0.info "A client has disconnected on Node: $node"
   } else {
       do nothing
   }
}

aries22

Altocumulus

Aug 30, 2018

thank you so much sinamotamedi for your help! i edited the rule you gave and tested below which did not generate errors:

 when CLIENT_ACCEPTED {
       set vip [IP::local_addr]:[TCP::local_port]
       set client [IP::client_addr]:[TCP::client_port]
    }
    when SERVER_CONNECTED {
       set node [IP::server_addr]:[TCP::server_port]
       log local0.info "Connected: Client $client -> VIP: $vip -> Node: $node"
    }
    when CLIENT_CLOSED {
       log local0.info "Disconnected: Client $client -> VIP: $vip" 
    }
    when SERVER_CLOSED {
       if {[info exists node] and [info exists client]} {
           log local0.info "Disconnected: Client $client -> VIP: $vip -> Node: $node"
       } else {
           do nothing
       }
    }

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)