18-Oct-2022 19:33
All,
I am new to irule. Looking for experts suggestion one of the iRule while will log an output to a syslog server directly. The iRule should check the http status code of the connection and send the logs with some details.
The irule looks below.
when CLIENT_ACCEPTED {set hsl [HSL::open -proto UDP -pool syslog_server_pool] }
when HTTP_RESPONSE {if {HTTP::has_responded]} {return} ###Some part excluded###
set status_code [HTTP::STATUS]
set log_msg""
append log_msg "$Client_ip"
append log_msg "$status_code"
HSL::send $hsl"<190> $log_msg"
}
The issue here is the syslog received the logs with status code 200, 302 but not getting 500. We can see LB ltm local logs found Internal server 500 status code error (Logged through another irule) but its not there in syslog server. Can somebody help if any changes required in the irule.
Thanks!
19-Oct-2022
04:01
- last edited on
24-Oct-2022
17:23
by
Leslie_Hubertus
((this spam has been removed by admins, but the comment left so that Kevin's reply below doesn't get nuked))
19-Oct-2022 11:19
Try removing HTTP::has_responded.
when CLIENT_ACCEPTED {
set hsl [HSL::open -proto UDP -pool syslog_server_pool]
}
when HTTP_RESPONSE {
set status_code [HTTP::STATUS]
set log_msg ""
append log_msg "$Client_ip"
append log_msg "$status_code"
HSL::send $hsl"<190> $log_msg"
}
26-Oct-2022 10:17
@Nandhi did this work for you? if so please flag the question as answered.
27-Oct-2022 23:35
Thanks Kevin for the response.
Can you please help to brief what will fetch or not captured if remove the statement "when HTTP_RESPONSE {if {HTTP::has_responded]} {return}" in the rule.
Thanks.
28-Oct-2022 04:32
I'm not entirely sure that removing HTTP::has_responded would work here. But that statement is basically triggering on the presence of preceding iRule logic. You mentioned in the initial post that the 500 response was being logged by another iRule.