LTM Connection Loggin
Hey guys,
We have recently migrated to F5 HA pairs using SNAT and one of the requirements that came from our Security Group is logging every connection that passes through the F5 Load Balancers. The idea is that they would like to have the original client IP and ports, as well as all mapped F5 SNAT Pool IP and port.
The goal being to see something similar to:
Built {inbound|outbound} TCP connection_id for interface : real-address / real-port ( mapped-address/mapped-port) [( idfw_user)] to interface : real-address / real-port ( mapped-address/mapped-port) [( idfw_user)] [( user)]
Teardown TCP connection id for interface : real-address / real-port [( idfw_user)] to interface : real-address / real-port [( idfw_user)] duration hh:mm:ss bytes bytes [ reason ] [( user)]
I have seen two approaches so far - Request Logging Profile (https://devcentral.f5.com/questions/big-ip-114-ltm-connection-logging) and iRule (https://devcentral.f5.com/questions/logging-outgoing-snat-list-connections). I have both of them working, but the issue is that this is not a Global Configuration and would have to be configured for every new Application defined. We have a custom HTTP iApp Tempplate, but still there is a possibility that our Administrators would forget to assign the iRule or Logging Profile to custom iApps built.
My Question - is there a way to enable global connection logging on LTM, hopefully including the SNAT mapping?
Thanks and appreciate your help.