Persistence Cookie Logging

Problem this snippet solves:

Cookie Persistence Logging Adapted and Simplified for TMOS 10.0.0 or greater cookie format. Extracts the cookie value from a persistence cookie inserted by LTM's "cookie insert" persistence method, logs cookie, logs virtual iRule is applied to, logs virtual's default pool iRule is applied to, decodes cookie to get pool member ip and destination port also including the requesting client's ip address and source port. If no cookie is found that's logged along with the virtual irule is applied to, virtual's default pool irule is applied to and pool member assignment ip and destination port. Useful for troubleshooting cookie persistence.

Explained Further - On the LB_SELECTED event automatically grabs the Virtual Name the iRule is applied to, Virtual Default Pool Name the iRule is applied to. Determines what the Cookies Name should be by Default and sets this information to varibles. Executes the guts TCL Script to query if a cookie exists & decodes the cookie if so while logging to via syslog-ng to /var/log/ltm; if no cookie exists logs that information also to /var/log/ltm.

Credit: deb for the idea and a very small portion of this code

sol6917: Overview of BIG-IP persistence cookie encoding

How to use this snippet:

This iRule requires LTM v10. or higher.

Example Logging Entries

Sep 28 11:43:14 local/tmm1 info tmm1[4875]: Rule persist_cookie_logger : Request from client: 172.20.66.224%10:53566 contains no persistence cookie on vip https-vip-12; request was assigned to pool https-pool-12 and member 10.11.101.211%10:443
Sep 28 11:47:10 local/tmm1 info tmm1[4875]: Rule persist_cookie_logger : Request from client:  172.20.66.224%10:53618 contains persistence cookie rd10o00000000000000000000ffff0a0b65d3o443 referencing vip https-vip-12; pool https-pool-12; member 10.11.101.211:443

Code :

# Cookie Persistance Logging Adapted and Simplified for TMOS Version 10.0.0 Cookies
# - RJ Wilke
when LB_SELECTED {
  # grab Virtual Server Name Servicing this Request
  set Virtual [virtual name]
  # grab Pool (Default Pool for the Virtual Server)
  set Pool [LB::server pool]
  # grab Version TMOS 10.0.0 or greater Cookie (includes Route Domain)
  set Cookie BIGipServer$Pool
  #  
   if {[HTTP::cookie exists $Cookie]}{
    scan [HTTP::cookie $Cookie] {%*[^\f]%*4x%2x%2x%2x%2xo%i} a b c d e
set Ip $a.$b.$c.$d
set Port $e
    # log results out to /var/log/ltm
    log local0.info "Request from client: \
      [IP::remote_addr]:[TCP::remote_port] contains persistence cookie [HTTP::cookie $Cookie]\
        referencing vip $Virtual; pool $Pool; member $Ip:$Port"
  } else {
    log local0.info "Request from client: [IP::remote_addr]:[TCP::remote_port] contains\
no persistence cookie on vip $Virtual; request was assigned to pool $Pool and member\
[LB::server addr]:[LB::server port]"
 }
}

Tested this on version:

10.0
Published Mar 17, 2015
Version 1.0
  • Hi! Did any of you guys tried this on v12? I'm getting error - "can't read "a": no such variable while executing "set Ip $a.$b.$c.$d"

  • I may have my slashes confused, it would really be BIGipServer/QA-SILO/QA-ECARE-LS-JBOSS-HTTP-8080=rd404o00000000000000000000ffffac15043ao8080 The key is that a tilde is used/observed instead of the forward slash separator.
  • so really BIGipServer~QA-SILO~QA-ECARE-LS-JBOSS-HTTP-8080=rd404o00000000000000000000ffffac15043ao8080 is actually BIGipServer\QA-SILO\QA-ECARE-LS-JBOSS-HTTP-8080=rd404o00000000000000000000ffffac15043ao8080
  • I've tried this iRule in v11.6 HF5 and I only get logs for "...contains not persistence cookie", yet the network traces show the BIGipServer cookie. However, the cookie contains tilde and not backslash for the partition separation. here is an example cookie as shown in wireshark : BIGipServer~QA-SILO~QA-ECARE-LS-JBOSS-HTTP-8080=rd404o00000000000000000000ffffac15043ao8080