Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

LTM Logs

Amr_Ali
Cirrostratus
Cirrostratus

‎15-Jul-2023 15:57

hello, 

is there any way to see the ip of the client on LTM , i just can see an statistic on pool or VS , i need to find the source IP of the clint 

Labels:
0 Kudos
5 REPLIES 5

Paulius
MVP
MVP

‎15-Jul-2023 19:29

@Amr_Ali This depends on where the client is coming from and if you are using a CDN. When using a CDN will have to look at the HTTP header to find the X-Forwarded-For header field. If we are talking about basic configuration you can go to the following link and it's right at the top of the page.

https://my.f5.com/manage/s/article/K33126241

0 Kudos

Amr_Ali
Cirrostratus
Cirrostratus
In response to Paulius

‎16-Jul-2023 00:04

Thanks, Paulius for this info, if I make this irule i will be apple to see the users IP on the pool or just on the VS, 

and if not, is there any way to find the IP of the client reached to which server on the pool, 

0 Kudos

Paulius
MVP
MVP
In response to Amr_Ali

‎16-Jul-2023 07:22

@Amr_Ali This depends on a few variables but take a look at @Ben_Novak comment below as it has some more detail.

0 Kudos

Ben_Novak
F5 Employee
F5 Employee

‎16-Jul-2023 07:15

As Paulius described, clients behind NATs may seen limited information, so for http traffic, don't forget to look for the appropriat forwarded headers. 

Aside from that there are a couple of ways to get the details your looking for;

1. an iRule to log the connection details (see example below)

2. Local Traffic policy

3. CLI

This article talks about how client connection details are not logged by default and provide some methods to find them:

K54934387: Collect client connections details:

https://my.f5.com/manage/s/article/K54934387

This article described the process for creating and iRule or Local Traffic Policy to capture client connection details
K33126241: Log client IP addresses for new TCP sessions on a virtual server

https://my.f5.com/manage/s/article/K33126241

I also use VSCode CoPilot to write the following example iRule


# create an irule to log all client and server side connections details
cat <<EOF > /config/connection_logging.irule
when CLIENT_ACCEPTED {
    log local0. "client accepted: [IP::client_addr]:[TCP::client_port]"
}

when CLIENT_CLOSED {
    log local0. "client closed: [IP::client_addr]:[TCP::client_port]"
}

when SERVER_CONNECTED {
    log local0. "server connected: [IP::server_addr]:[TCP::server_port]"
}

when SERVER_CLOSED {
    log local0. "server closed: [IP::server_addr]:[TCP::server_port]"
}

when HTTP_REQUEST {
    log local0. "http request: [IP::client_addr]:[TCP::client_port] -> [IP::server_addr]:[TCP::server_port] [HTTP::method] [HTTP::host][HTTP::uri]"
}

when HTTP_RESPONSE {
    log local0. "http response: [IP::server_addr]:[TCP::server_port] -> [IP::client_addr]:[TCP::client_port] [HTTP::status] [HTTP::reason]"
}

 

0 Kudos

Ben_Novak
F5 Employee
F5 Employee
In response to Ben_Novak

‎17-Jul-2023 07:54

Since I leaned on VSCode CoPilot to write this irule for me ( just typed the comment), I wanted to see if it would actually load. 

Remote the "[HTTP::reason]" from the last log statement and it will load/log traffic.  

Additional tweaking may be needed for your specific use case.

0 Kudos
Copyright © 2023 Khoros, LLC