cancel
Showing results for 
Search instead for 
Did you mean: 

log for iRules:Data Group List

muhammad_Tanvir
Nimbostratus
Nimbostratus

Hi

 

  • Our exchange users connects to server through F5 Vitual server.
  • I have a data group list which has 172 IPs.
  • we have irule as follows
  • I want to enable an log file to find out which IPs are still connecting to exchange server. please help me as I am very new to F5
  • irule attached to virtual server

when CLIENT_ACCEPTED {     set accepted_snat "172.16.0.174"       if { [ class exists smtp_relay_allowed ] }     {         if { [class match [IP::client_addr] equals smtp_relay_allowed] }         {             snat $accepted_snat         } else {             snat automap             log local0. "IP not allowed to relay: [IP::client_addr]"         }     } else {         snat automap         #log local0. "IP not allowed to relay: [IP::client_addr]"     } }

 

5 REPLIES 5

oguzy
Cirrostratus
Cirrostratus

Hi Muhammad Tanvir,

 

I think your irule is almost correct. Did it not work as you expected? I assume that as you already have a data group list named as "smtp_relay_allowed", initial checking of existence of this data group is not necessary. For simplicity;

when CLIENT_ACCEPTED { set accepted_snat "172.16.0.174" if { [class match [IP::client_addr] equals smtp_relay_allowed] } { snat $accepted_snat log local0. "IP allowed to relay: [IP::client_addr]" } else { snat automap log local0. "IP not allowed to relay: [IP::client_addr]" } }

 

Thanks Oguzy for your kind reply.

I rule works fine.

 

I want to update the data group list which has 172 IPs. List is 4 years old and a lot of systems are gone now. Before I update the list I want to enable logs and find out which systems are still actively using the virtual server

 

Could you please help me out to find out which logs I need to configure to capture IPs. There are many types0691T00000DzGZuQAN.png Kind regarfds

Tanvir

 

Hi Tanvir,

 

As we specify "log local 0.", you should check "Local Traffic" Log on GUI or /var/log/ltm file on CLI. You can use both GUI and CLI. If you use CLI, you can check rotated (old ltm) logs via regex.

If you login via ssh to your BIG-IP device, you can try the following command:

grep "IP allowed to relay" /var/log/ltm*

Then you can inspect the IP address requesting to your virtual server.

Hi again,

A quick reference for iRule logging and debugging commands:

iRule logging and debugging (f5.com)

muhammad_Tanvir
Nimbostratus
Nimbostratus

Thank you Oguzy for kind help.

Have a good day sir.