Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

HSL iRule to log http status error output to syslog server

Nandhi
Cirrus
Cirrus

‎18-Oct-2022 19:33

All,

I am new to irule. Looking for experts suggestion one of the iRule while will log an output to a syslog server directly. The iRule should check the http status code of the connection and send the logs with some details.

The irule looks below.
when CLIENT_ACCEPTED {set hsl [HSL::open -proto UDP -pool syslog_server_pool] }

when HTTP_RESPONSE {if {HTTP::has_responded]} {return}  ###Some part excluded###

set status_code [HTTP::STATUS]

set log_msg""

append log_msg "$Client_ip" 

append log_msg "$status_code"

HSL::send $hsl"<190> $log_msg"

}

The issue here is the syslog received the logs with status code 200, 302 but not getting 500. We can see LB ltm local logs found Internal server 500 status code error (Logged through another irule) but its not there in syslog server. Can somebody help if any changes required in the irule.

Thanks!

Labels:
0 Kudos
5 REPLIES 5

H55Matz
Nimbostratus
Nimbostratus

‎19-Oct-2022 04:01 - last edited on ‎24-Oct-2022 17:23 by Community Manager

((this spam has been removed by admins, but the comment left so that Kevin's reply below doesn't get nuked))

0 Kudos

Kevin_Stewart
F5 Employee
F5 Employee
In response to H55Matz

‎19-Oct-2022 11:19

Try removing HTTP::has_responded.

when CLIENT_ACCEPTED {
   set hsl [HSL::open -proto UDP -pool syslog_server_pool] 
}
when HTTP_RESPONSE {
   set status_code [HTTP::STATUS]
   set log_msg ""
   append log_msg "$Client_ip" 
   append log_msg "$status_code"
   HSL::send $hsl"<190> $log_msg"
}

boneyard
MVP
MVP
In response to Kevin_Stewart

‎26-Oct-2022 10:17

@Nandhi did this work for you? if so please flag the question as answered.

0 Kudos

Nandhi
Cirrus
Cirrus
In response to Kevin_Stewart

‎27-Oct-2022 23:35

Thanks Kevin for the response.

Can you please help to brief what will fetch or not captured if remove the statement "when HTTP_RESPONSE {if {HTTP::has_responded]} {return}" in the rule.

Thanks.

0 Kudos

Kevin_Stewart
F5 Employee
F5 Employee
In response to Nandhi

‎28-Oct-2022 04:32

I'm not entirely sure that removing HTTP::has_responded would work here. But that statement is basically triggering on the presence of preceding iRule logic. You mentioned in the initial post that the 500 response was being logged by another iRule.

0 Kudos
Copyright © 2023 Khoros, LLC