Forum Discussion

Kalido's avatar
Kalido
Icon for Altostratus rankAltostratus
Sep 22, 2022

Is it possible to Log Virtual server connectivity information remotely?

Hi,

I was wondering if it is possible to log connectivity details from a VS.

 

For example External connection -> VS -> Backend.

Is there a way I can pull that infromation and send it to a remote syslog server like Splunk?

 

Stuff like:

- Source IP

- Destination IP

- Connection time

- connection status

and what ever else we can record from the connection ?

 

I have read about HSL but I feel like I am not getting the information I want, I don't even know if its working.

 

I tried following the steps from this link:

 

https://community.f5.com/t5/technical-forum/virtual-server-log-forward-to-splunk/m-p/301473#M261897

devops
LTM logging Splunk

1 Reply

Sort By
  • oscarnet's avatar
    oscarnet
    Icon for Altocumulus rankAltocumulus
    Sep 22, 2022

    HI Kalido:

    Is it like this? But you have to set it carefully.
    If it is applied to a VS with high traffic,
    it may cause the system to be overloaded. Please use it carefully.

    Or you can refer to this KB K55131641 and K20241153 and K50040950

    #

    K55131641: iRule logging and debugging

    #

    K20241153: How to log pool selection result by iRule

    K50040950:Configuring the BIG-IP system to send high-speed logs through the management interface

     

    example 1 :

     

    when CLIENT_ACCEPTED {
    set hsl [HSL::open -publisher /Common/syslog_server_pool]
	set tcp_start_time [clock clicks -milliseconds]
}
when HTTP_REQUEST {
   HSL::send $hsl "<190> Start_time : $tcp_start_time [IP::client_addr]:[TCP::client_port]->[IP::local_addr]:[TCP::local_port]; [HTTP::host][HTTP::uri]"
}
when LB_SELECTED {
   HSL::send $hsl "<190>  Start_time : $tcp_start_time, Pool: [LB::server]\n"
}

     

    example 2 :

     

    when CLIENT_ACCEPTED {
	set hsl [HSL::open -publisher /Common/syslog_server_pool]
	set tcp_start_time [clock clicks -milliseconds]
	set remote [IP::remote_addr]:[TCP::remote_port]
	set vip [IP::local_addr]:[TCP::local_port]
}
when LB_SELECTED {
   HSL::send $hsl "<190> Start_time : $tcp_start_time, Client: $remote to vip $vip, Pool: [LB::server]\n"
}

     

    Have a Nice Day!!!