Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Investigate a policy using iRule

Moinul_Rony
Nimbostratus
Nimbostratus

Hi,

 

We had a firewall outage and since then our APM's are having split brain behaviour and taking a long time for resource assignment.

 

We dont know which step in the policy is hanging/waiting but wanted to understand so we can stop blaming the APM's.

 

Any handy idea if I can assign irule event on the policy steps to mark as they complete their steps ? I would like that iRule to log events in ltm/apm log.

 

Cheers,

Rony

1 REPLY 1

Hello Moinul.

There are several ideas that you could use to log info about your policy evaluation status:

  1. APM events (ACCESS_SESSION_STARTED, ACCESS_POLICY_COMPLETED, ACCESS_ACL_ALLOWED, ACCESS_ACL_DENIED), these events are executed in specific moments of the policy evaluation.
  2. ACCESS_POLICY_AGENT_EVENT, in this case, this event is executed in the moment that you specify during the policy evaluation (configuring an iRule Event box).
  3. Log Message, you can also log messages (and session variables) using a log message box.

There is a great article here that explains all your chances:

https://support.f5.com/csp/article/K80934060

Regards,

Dario.

Regards,
Dario.