Forum Discussion
ok Thanks Stephan, does that mean I dont have to configure XFF if I use this irule. will this irule send the client's original or true IP address to syslog server instead of SNAT IP address? Appreciate any help on this.
For a more detailled request logging you may consider this log statement in the context of HTTP_REQUEST:
log local0. "irule=\"requestlogging\",virtual=\"[getfield [virtual name] / 3]\",src=\"[IP::client_addr]\",geo_country=\"[whereis [IP::client_addr] country]\",http_host=\"[HTTP::host]\",http_uri=\"[HTTP::uri]\",http_method=\"[HTTP::method]\",payload_lenght=\"[string length $payload]\",content_type=\"[HTTP::header value Content-Type]\",http_referer_path=\"[URI::path [HTTP::header value Referer]]\""
It will also provide information about the virtual server, handling the request, geolocation information of the client, the referer header (how the client was directed to your site) and others.
Please note, that a local log entry is limited in size. So perhaps you may want to use
http_path=\"[HTTP::path]\"
instead of the http_uri and to avoid the logging of the http_referer_path.
- mohammed5370Jul 08, 2022Nimbostratus
I'm sorry stephan,I'm not that expert in linux logging,appreciate if you can guide me with the exact command to filter out when in var/log/ltm. I still couldn't find the IP address I'm looking for. Below are the steps which I configured to test it
1. Irule configured on f5
2. attached it to the Virtual server
3.tried access the virtual server through browser again, URL is accessible
4.connected into f5 CLI, then went to cd /var/log/ltm
5. saw too many logs, tried filtering using the grep command to see if it could worked.
6. command I used to filter the logs (cat ltm | grep 10.50.50.144), where 10.50.50.144 is the client's true IP address. and still couldn't find the output.WOuld be grateful if you could give me the exact command to filter out the logs when I'm in below path or log folder
[admin@test-device] log #