Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
Historic F5 Account

Problem this snippet solves:

This iRule generates an entry in a log file whenever somebody connects to a virtual server. I haven't tested it extensively to find the exact meaning of CLIENT_ACCEPTED. Since the iRule gets connected to a VIP, it is not as universal as I would like it to be. You have to connect it to multiple VIPs if you want to log all of the traffic through your LTM.

The log messages show up in /var/log/ltm. You can pull them out of the log file easily by grepping for TCP_logging.

Code :

rule TCP_logging {
      set remote [IP::remote_addr]:[TCP::remote_port]
      set vip [IP::local_addr]:[TCP::local_port]
      log "Rule TCP_logging fired, from $remote to vip $vip"

I have a related question, I would like to log all CLIENT_CLOSED connection events. Is there a global place to put an IRULE as opposed to putting the IRULE on every virtual server ? Thanks, Tom


Version history
Last update:
‎18-Mar-2015 12:18
Updated by: