IPFIX Elements
Hello Everyone, I have created an iRule to query HTTP hostname, URI, and respose code and ship them along with other infoto Elsatic collectors through ipfix log publisher. but we came to an issue that the collectors were not able to decode the template with an error msg "unsupported field in template" I have been using the standard ipfix elements built into big-ip system in my iRule. below is a snippet of the iRule and the used ipfix elements: if { $static::http_rule1_tmplt == ""} { # if the template has not been created yet, create the template set static::http_rule1_tmplt [IPFIX::template create "flowStartMilliseconds \ sourceIPv4Address \ tcpSourcePort \ destinationIPv4Address \ tcpDestinationPort \ postNATDestinationIPv4Address \ postNAPTDestinationTransportPort \ httpHostname \ httpUrl \ httpResponseCode \ flowEndMilliseconds \ "] } When trying to analyze the traffic through wireshark, we noticed the HTTP elements are showing as [pen: F5 Networks Inc]; i wonder if this has to do with the collectors not able to decode the template? Thank you!
F5 Integration with Cisco Stealthwatch (Lacope) via IPFIX/SFLOW
Has anyone been able to integrate F5 with Cisco Stealthwatch (Lacope)? We are interested in collecting information about the client, virtual server and pool member IPs. I was trying this via an iRule for IPFIX, but ran into issues. Has anyone set this up with sflow as well? If you have any alternatives for logging this SNAT information via a different means, that would be helpful as well.Referencing flowEndSysUpTime (21) and flowStartSysUpTime (22) IPFIX Entities in iRule
I am trying to see if I can setup F5 to sent IPFIX data to Cisco Stealthwatch (Lancope). Two required IP Flow Information Export (IPFIX) Entities are flowEndSysUpTime (21) and flowStartSysUpTime (22). I have been following instructions from here to create the IPFIX template iRule. How do I reference relative timestamps in this iRule? IANA Documentation mentions that this is related to sysUpTime or systemInitTimeMilliseconds on the F5. I am guessing that I need to reference this at the beginning and end of flow, but I am not sure 100% how to do this. Thanks for your help.
