Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

HSL iRule to log http status error output to syslog server

Nandhi
Cirrus
Cirrus

All,

I am new to irule. Looking for experts suggestion one of the iRule while will log an output to a syslog server directly. The iRule should check the http status code of the connection and send the logs with some details.

The irule looks below.
when CLIENT_ACCEPTED {set hsl [HSL::open -proto UDP -pool syslog_server_pool] }

when HTTP_RESPONSE {if {HTTP::has_responded]} {return}  ###Some part excluded###

set status_code [HTTP::STATUS]

set log_msg""

append log_msg "$Client_ip" 

append log_msg "$status_code"

HSL::send $hsl"<190> $log_msg"

}

The issue here is the syslog received the logs with status code 200, 302 but not getting 500. We can see LB ltm local logs found Internal server 500 status code error (Logged through another irule) but its not there in syslog server. Can somebody help if any changes required in the irule.

Thanks!

5 REPLIES 5

H55Matz
Nimbostratus
Nimbostratus

((this spam has been removed by admins, but the comment left so that Kevin's reply below doesn't get nuked))

Try removing HTTP::has_responded.

when CLIENT_ACCEPTED {
   set hsl [HSL::open -proto UDP -pool syslog_server_pool] 
}
when HTTP_RESPONSE {
   set status_code [HTTP::STATUS]
   set log_msg ""
   append log_msg "$Client_ip" 
   append log_msg "$status_code"
   HSL::send $hsl"<190> $log_msg"
}

@Nandhi did this work for you? if so please flag the question as answered.

Thanks Kevin for the response.

Can you please help to brief what will fetch or not captured if remove the statement "when HTTP_RESPONSE {if {HTTP::has_responded]} {return}" in the rule.

Thanks.

I'm not entirely sure that removing HTTP::has_responded would work here. But that statement is basically triggering on the presence of preceding iRule logic. You mentioned in the initial post that the 500 response was being logged by another iRule.