cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
Jeff_Silverman2
Historic F5 Account

Problem this snippet solves:

This iRule generates an entry in a log file whenever somebody connects to a virtual server. I haven't tested it extensively to find the exact meaning of CLIENT_ACCEPTED. Since the iRule gets connected to a VIP, it is not as universal as I would like it to be. You have to connect it to multiple VIPs if you want to log all of the traffic through your LTM.

The log messages show up in /var/log/ltm. You can pull them out of the log file easily by grepping for TCP_logging.

Code :

rule TCP_logging {
   when CLIENT_ACCEPTED {
      set remote [IP::remote_addr]:[TCP::remote_port]
      set vip [IP::local_addr]:[TCP::local_port]
      log "Rule TCP_logging fired, from $remote to vip $vip"
   }
}
Comments
Tom_K
Nimbostratus
Nimbostratus

I have a related question, I would like to log all CLIENT_CLOSED connection events. Is there a global place to put an IRULE as opposed to putting the IRULE on every virtual server ? Thanks, Tom

 

Version history
Last update:
‎18-Mar-2015 12:18
Updated by:
Contributors