For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Altostratus rank

Altostratus

Sep 26, 2023

Solved

Is there a way to trace connections?

Is there a tool within the Big-IP that allows you to trace inbound connection to see which virtual server its being processed by?

application delivery

PSFletchTheTek
Sep 27, 2023
Hi,

A couple of people have asked very simular questions resently.
Try looking here
Solved: iRule to log traffic details - DevCentral (f5.com)

This page shows how to get the virtual server name
https://community.f5.com/t5/codeshare/example-of-static-variables-with-virtual-server-specific/ta-p/280350You may also find these to links useful for HTTP and IP info for the connection.

https://clouddocs.f5.com/api/irules/HTTP.html

https://clouddocs.f5.com/api/irules/IP.html

From the first example, plus the other references you should be able to pull together you want to see and either log this to file or to a remote server.

5 Replies

Paulius
MVP
Sep 27, 2023
TrainerBob I believe what you're looking for is at the following link.

https://my.f5.com/manage/s/article/K40033505

Once you have this information you should be able to easily tell which virtual server (VS) is being used based on destination IP, port, and protocol.
- TrainerBob
  Altostratus
  Sep 27, 2023
  This might be the solution. Can you explain what the "Slot" number and TMM instance is? Is this related to a virtual server?
  The goal I'm trying to get to is to identify which VS is processing a specific connection. This is for troubleshooting purposes.
PSFletchTheTek
Cumulonimbus
Sep 27, 2023
Not to sure what you are trying to find out here.
But you can amend your logging to send logs on a per connection basis and review and filter that using a policy or irule.

Or you could use telemetry or netflow with a suitable collector to filter it down at that level.

Depends on what you are looking for and the tools around you.

The cli option is more real-time but again might tell you want you want to know.
- TrainerBob
  Altostratus
  Sep 27, 2023
  Will the logs show which VS is processing a specific connection? I'm not seeing anything for my client IP when I grep /var/log/ltm for it. I'm guessing maybe I need to make a change to the log settings to get connections logged or they're in another log?
PSFletchTheTek
Cumulonimbus
Sep 27, 2023
Hi,

A couple of people have asked very simular questions resently.
Try looking here
Solved: iRule to log traffic details - DevCentral (f5.com)

This page shows how to get the virtual server name
https://community.f5.com/t5/codeshare/example-of-static-variables-with-virtual-server-specific/ta-p/280350You may also find these to links useful for HTTP and IP info for the connection.

https://clouddocs.f5.com/api/irules/HTTP.html

https://clouddocs.f5.com/api/irules/IP.html

From the first example, plus the other references you should be able to pull together you want to see and either log this to file or to a remote server.

Security Best Practices for F5 Products

Technical Articles

F5 AppWorld 2026 Registration - early bird pricing.

DevCentral News

Kostas Injeyan - October 2025 Featured Member

DevCentral News

featured member

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5