I wish to log via HSL a mesage that contains some repeatable text as well as some user generated text. so one of two ways to get text generated I can see. But I some issues with each method. #1: Use a loggin profile template, but when you do how to you add some text to the end (or access via a variable text you feed it? i.e the vIP has a template assignmed, iRule has an HSL::open call, then the iRule later calls say HSL::send $hsl "and does this then get appended to the end?". And all you get is what is specified in the template. How can I pass my string body (value or reference) into the template.
#2 Use all text generation in the iRule, but then how do I get at dynamic values that I want but that are only available when you log via the profile/template. For example: $DATE_MON $DATE_DD $TIME_HMS $BIGIP_HOSTNAME and so on.
Where 'X_APM can be configured injecting an HTTP header:
when HTTP_REQUEST {
HTTP::header replace X_APM [ACCESS::session data get session.custom.name]
}
when HTTP_REQUEST_RELEASE {
HTTP::header remove X_APM
}
---
In case you still want to use an iRule, you can get those parameters with:
1) Hostname
$static::tcl_platform(machine)
2) Time
set curtime [clock seconds]
set formattedtime [clock format $curtime]
log "$curtime seconds since epoch, $formattedtime"
Output: 1129552706 seconds since epoch, Mon Oct 17 07:38:26 CDT 2005
Thanks,
Not sure that would work in this case. What I need to simulate is the CEF logging format and that is not available from a native profile format choice, plus the data I need to pass in (some arbitrary data). If in effect I am manually writing the CEF formatted message out by a number of profile objects/variables and as well a HTTP header variable(s) or two as data place holders I pretty much may as well just manually create the whole thing via HSL as I am currently.
However some (most) of the data that I want is matched from data available in a logging profile, This I am currently getting it from TCL calls, Should they have too great a performance hit I may well see if your proposal would alleviate that.
I also didn't know of (think of) using HTTP_REQUEST like that. Interesting and devious I will file that one away, thank you.
Martyn Roberts
Vodafone/IBM Venture
Swindon ISC
07881846887
Where 'X_APM can be configured injecting an HTTP header:
when HTTP_REQUEST {
HTTP::header replace X_APM [ACCESS::session data get session.custom.name]
}
when HTTP_REQUEST_RELEASE {
HTTP::header remove X_APM
}
---
In case you still want to use an iRule, you can get those parameters with:
1) Hostname
$static::tcl_platform(machine)
2) Time
set curtime [clock seconds]
set formattedtime [clock format $curtime]
log "$curtime seconds since epoch, $formattedtime"
Output: 1129552706 seconds since epoch, Mon Oct 17 07:38:26 CDT 2005
Dario,
Sure but whether I write the CEF format out once as a template or once doesn't make much difference. I was more contrasting it against the in built native ability to log to CEF that exists fro mthe AFM and ASM modules.
Why is using a template better than using an HSL handle in an iRule?
Is it a CPU or RAM usage item? I am not familiar enough with F5s and potential iRule overhead to know (yet).
At the moment my logging is of the form:
set hsl [HSL::open -proto UDP -pool MAR-syslog]
.
.
.
set curtime [clock seconds]
set formattedtime [clock format $curtime -format { %b %d %T } ]
HSL::send $hsl "$formattedtime $static::tcl_platform(machine) CEF:0|F5|BIG-IP|$static::tcl_platform(osVersion)|URIiRule|URI Blocking|Low| msg=Returning from irule---no match on URI or IP found"
Martyn Roberts
Vodafone/IBM Venture
Swindon ISC
07881846887
Dario,
No probs. Of course I will. The answer was reasonable, considered and properly related to the question.
It also included some very interesting and useful information. As I said I like the HTTP injection.
Martyn Roberts
Vodafone/IBM Venture
Swindon ISC
07881846887
