Forum Discussion

rsacheen's avatar
rsacheen
Icon for Nimbostratus rankNimbostratus
Nov 24, 2017

BIG-IP request logging profiles

I want to keep track of all the access from the external I/F so that I am able to identify the access information when the backend pool members are down and take proper action later. To achieve this I am using [Request logging profile] feature of BIG-IP. When the pool members are up and running the request information defined in the profile template are trasferred to my syslog server. But, when the pool members are disabled, no any request logs are sent to the syslog server. I expected atleast the request logs. Why aren't the request logs generated when the servers are put to offline/disabled?

 

Is there any other ways to capture all the access logs and transfer it to remote syslog servers? I want to save the logs so that I can identify the ones that didn't get processed during the maintenance downtime.

 

I am using BIG-IP LTM 800 Ver. 12.1.0

 

application delivery
BIG-IP
LTM

3 Replies

Sort By
  • Andy_McGrath's avatar
    Andy_McGrath
    Icon for Cumulonimbus rankCumulonimbus
    Nov 24, 2017

    If your pool members are down is the Virtual Server not also down? If so then it will not be processing any traffic, i.e. not allowing the TCP connection so not going to get any HTTP requests.

     

    If your Virtual Server is up and accepting traffic then my guess is Request Logging only executes on successfully forwarded or returns traffic.

     

    Think an iRule would be required to log your missing requests but would only work if the Virtual Server is up and accepting traffic even with the pool members down.

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Nov 27, 2017

    Request logging occurs between HTTP_REQUEST_SEND and HTTP_REQUEST_RELEASE

     

    Response logging occurs between HTTP_RESPONSE_SEND and HTTP_RESPONSE_RELEASE

     

    So request logging occurs on server side and response logging occurs on client side.

     

    Request variable are captured in request event, so I guess this profile may not help you when pool down.

     

    You can try with layered virtual server for maintenance page. Host the maintenance page on another virtual server and forward requests to it when pool members are down.

     

  • rsacheen's avatar
    rsacheen
    Icon for Nimbostratus rankNimbostratus
    Dec 08, 2017

    Found my way out with following iRules. Thank you for the answers!

    -------------------------------------------------
 irule HSL
-------------------------------------------------

when CLIENT_ACCEPTED {
   set hsl [HSL::open -proto UDP -pool pool_remote_log_servers]
   set static::bigip [info hostname]
}

when HTTP_REQUEST {
   set ReqLogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]"
   set virtual [virtual]
   set virtual_ip "[IP::local_addr]:[TCP::local_port]"
   set http_request_time [clock format [clock seconds] -format "%Y/%m/%d %H:%M:%S"]
   set referer [HTTP::header value referer]
   HSL::send $hsl "$static::bigip $virtual ($virtual_ip) $ReqLogString (request) - $http_request_time $referer"
}

when HTTP_RESPONSE {
    set lb_server "[LB::server addr]:[LB::server port]"
    set ResLogString "ServerNode $lb_server -> Client [IP::client_addr]:[TCP::client_port]"
    set http_response_time [clock format [clock seconds] -format "%Y/%m/%d %H:%M:%S"]
    HSL::send $hsl "$static::bigip $ResLogString HTTP ResCode= [HTTP::status] (response) - $http_response_time"
}