Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

log for iRules:Data Group List

muhammad_Tanvir
Nimbostratus
Nimbostratus

‎31-Aug-2021 22:43 - last edited on ‎05-Jun-2023 23:02 by Fog

Hi

  • Our exchange users connects to server through F5 Vitual server.
  • I have a data group list which has 172 IPs.
  • we have irule as follows
  • I want to enable an log file to find out which IPs are still connecting to exchange server. please help me as I am very new to F5
  • irule attached to virtual server

when CLIENT_ACCEPTED {
    set accepted_snat "172.16.0.174"
 
    if { [ class exists smtp_relay_allowed ] }
    {
        if { [class match [IP::client_addr] equals smtp_relay_allowed] }
        {
            snat $accepted_snat
        } else {
            snat automap
            log local0. "IP not allowed to relay: [IP::client_addr]"
        }
    } else {
        snat automap
        #log local0. "IP not allowed to relay: [IP::client_addr]"
    }
}
Labels:
0 Kudos
5 REPLIES 5

oguzy
Cirrostratus
Cirrostratus

‎01-Sep-2021 11:44 - last edited on ‎04-Jun-2023 19:19 by Fog

Hi Muhammad Tanvir,

I think your irule is almost correct. Did it not work as you expected? I assume that as you already have a data group list named as "smtp_relay_allowed", initial checking of existence of this data group is not necessary. For simplicity;

when CLIENT_ACCEPTED {
  set accepted_snat "172.16.0.174"
  if { [class match [IP::client_addr] equals smtp_relay_allowed] } {
    snat $accepted_snat
    log local0. "IP allowed to relay: [IP::client_addr]"
  } else {
      snat automap
      log local0. "IP not allowed to relay: [IP::client_addr]"
  }
}
0 Kudos

muhammad_Tanvir
Nimbostratus
Nimbostratus
In response to oguzy

‎01-Sep-2021 20:27

Thanks Oguzy for your kind reply.

I rule works fine.

 

I want to update the data group list which has 172 IPs. List is 4 years old and a lot of systems are gone now. Before I update the list I want to enable logs and find out which systems are still actively using the virtual server

 

Could you please help me out to find out which logs I need to configure to capture IPs. There are many types0691T00000DzGZuQAN.png Kind regarfds

Tanvir

 

0 Kudos

oguzy
Cirrostratus
Cirrostratus
In response to muhammad_Tanvir

‎01-Sep-2021 22:44 - last edited on ‎04-Jun-2023 19:19 by Fog

Hi Tanvir,

As we specify "log local 0.", you should check "Local Traffic" Log on GUI or /var/log/ltm file on CLI. You can use both GUI and CLI. If you use CLI, you can check rotated (old ltm) logs via regex.

If you login via ssh to your BIG-IP device, you can try the following command:

grep "IP allowed to relay" /var/log/ltm*

Then you can inspect the IP address requesting to your virtual server.

0 Kudos

oguzy
Cirrostratus
Cirrostratus
In response to muhammad_Tanvir

‎01-Sep-2021 22:46

Hi again,

A quick reference for iRule logging and debugging commands:

iRule logging and debugging (f5.com)

0 Kudos

muhammad_Tanvir
Nimbostratus
Nimbostratus

‎02-Sep-2021 17:30

Thank you Oguzy for kind help.

Have a good day sir.

0 Kudos
Copyright © 2023 Khoros, LLC