Forum Discussion

JCaine's avatar
JCaine
Icon for Altocumulus rankAltocumulus
Aug 21, 2020
Solved

Request logging profile on non-HTTP traffic

Hello,

 

While writing an iRule to perform HTTP requests and responses logging via HSL commands, I discovered the Request (responses) logging profile which appears to be a better choice :)

Now, here my question : let's consider my VS Lab_VS which bears HTTP, DHCP and SMTP profiles. It's clear that the request logging will work on it as the HTTP profile is positionned. However, would it log(even if it is OSI-L4 infos : TCP/UDP) information on the time Lab_VS is shipping only non-HTTP (DHCPn SMTP) traffic on it?

To perform this L4 generic logging, do I have to write an iRule (prefered with HSL) or is there any other more suitable way I am missing?

 

Thank you

  • Hello JCaine.

     

    Request-logging is only for HTTP traffic. If non-HTTP is your scenario, then forget the request-logging solution.

    REF - https://support.f5.com/csp/article/K00847516

     

    In you case the only solution is to use iRules (better with HSL than Remote logging)

     

    F5 profiles work as OSI layer parsers. If you have an TCP VS, only TCP headers will be parsed (you are able to use any TCP::xxx command). If you assign an HTTP to this VS, app header will be also parsed (and you will be able to use HTTP::xxx commands), the same for any other profile: TLS, SMTP, DCHP.

     

    What if you have a custom protocol which runs over TCP? Easy, you should use TCP::payload to capture the whole payload field and try to collect whatever bytes you would need from this field.

    REF - https://clouddocs.f5.com/api/irules/TCP__payload.html

     

    Regards,

    Dario.

     

2 Replies

  • Hello JCaine.

     

    Request-logging is only for HTTP traffic. If non-HTTP is your scenario, then forget the request-logging solution.

    REF - https://support.f5.com/csp/article/K00847516

     

    In you case the only solution is to use iRules (better with HSL than Remote logging)

     

    F5 profiles work as OSI layer parsers. If you have an TCP VS, only TCP headers will be parsed (you are able to use any TCP::xxx command). If you assign an HTTP to this VS, app header will be also parsed (and you will be able to use HTTP::xxx commands), the same for any other profile: TLS, SMTP, DCHP.

     

    What if you have a custom protocol which runs over TCP? Easy, you should use TCP::payload to capture the whole payload field and try to collect whatever bytes you would need from this field.

    REF - https://clouddocs.f5.com/api/irules/TCP__payload.html

     

    Regards,

    Dario.

     

  • Hello  ,

     

    Thank you verry much for your suitable and detailed answer; pretty satisfying.

     

    Regards