iRULE not working for ipfix log publisher.

Question

Hello All,
&nbsp;I have one iRULE created which is being used to publish ipfix to my vRNI Collector.
When I Check stastistics around iRULE I can see for RULE_INIT,CLIENT_ACCEPTED and SERVEr_CONNECTED Events there are data present and no failures are there.
But when I check for&nbsp;SERVER_CLOSED,CLIENT_CLOSED Events there are zero events present. Why is it happening. I am guessing because of this logs are not being published to my ipfix collector.
&nbsp;
Can someone please let me know how to debug this. I have pasted my iRULE here-&gt;
when RULE_INIT {
    set static::http_rule1_dest ""
    set static::http_rule1_tmplt ""
}

# CLIENT_ACCEPTED event to initiate IPFIX destination and template
when CLIENT_ACCEPTED {
    set start [clock clicks -milliseconds]
    if { $static::http_rule1_dest == ""} {
        # open the logging destination if it has not been opened yet
        set static::http_rule1_dest [IPFIX::destination open -publisher /Common/Netflow_Collector_LogPublisher]
    }
    if { $static::http_rule1_tmplt == ""} {
        # if the template has not been created yet, create the template
        set static::http_rule1_tmplt [IPFIX::template create "flowStartMilliseconds \
            sourceIPv4Address \
            sourceIPv6Address \
            destinationIPv4Address \
            destinationIPv6Address \
            sourceTransportPort \
            destinationTransportPort \
            protocolIdentifier \
            octetTotalCount \
            packetTotalCount \
            octetDeltaCount \
            packetDeltaCount \
            postNATSourceIPv4Address \
            postNATSourceIPv6Address \
            postNATDestinationIPv4Address \
            postNATDestinationIPv6Address \
            postNAPTSourceTransportPort \
            postNAPTDestinationTransportPort \
            postOctetTotalCount \
            postPacketTotalCount \
            postOctetDeltaCount \
            postPacketDeltaCount \
            flowEndMilliseconds \ "]
    }
    set rule1_msg1 [IPFIX::msg create $static::http_rule1_tmplt]
}

# SERVER_CONNECTED event to initiate flow data to VMware Aria Operations for Networks and populate 5 tuples
when SERVER_CONNECTED {
    set client_closed_flag 0
    set server_closed_flag 0
    IPFIX::msg set $rule1_msg1 flowStartMilliseconds $start
    IPFIX::msg set $rule1_msg1 protocolIdentifier [IP::protocol]

# Clientside
    if { [clientside {IP::version}] equals "4" } {
        # Client IPv4 address
        IPFIX::msg set $rule1_msg1 sourceIPv4Address [IP::client_addr]
        # BIG-IP IPv4 VIP address
        IPFIX::msg set $rule1_msg1 destinationIPv4Address [clientside {IP::local_addr}]
    } else {
        # Client IPv6 address
        IPFIX::msg set $rule1_msg1 sourceIPv6Address [IP::client_addr]
        # BIG-IP IPv6 VIP address
        IPFIX::msg set $rule1_msg1 destinationIPv6Address [clientside {IP::local_addr}]
    }
    # Client port
    IPFIX::msg set $rule1_msg1 sourceTransportPort [TCP::client_port]
    # BIG-IP VIP port
    IPFIX::msg set $rule1_msg1 destinationTransportPort [clientside {TCP::local_port}]

# Serverside
    if { [serverside {IP::version}] equals "4" } {
        # BIG-IP IPv4 self IP address
        IPFIX::msg set $rule1_msg1 postNATSourceIPv4Address [IP::local_addr]
        # Server IPv4 IP address
        IPFIX::msg set $rule1_msg1 postNATDestinationIPv4Address [IP::server_addr]
    } else {
        # BIG-IP IPv6 self IP address
        IPFIX::msg set $rule1_msg1 postNATSourceIPv6Address [IP::local_addr]
        # Server IPv6 IP address
        IPFIX::msg set $rule1_msg1 postNATDestinationIPv6Address [IP::server_addr]
    }
    # BIG-IP self IP port
    IPFIX::msg set $rule1_msg1 postNAPTSourceTransportPort [TCP::local_port]
    # Server port
    IPFIX::msg set $rule1_msg1 postNAPTDestinationTransportPort [TCP::server_port]
}

# SERVER_CLOSED event to collect IP pkts and bytes count on serverside
when SERVER_CLOSED {
    set server_closed_flag 1
    # when flow is completed, BIG-IP to server REQUEST pkts and bytes count
    IPFIX::msg set $rule1_msg1 octetTotalCount [IP::stats bytes out]
    IPFIX::msg set $rule1_msg1 packetTotalCount [IP::stats pkts out]
    # when flow is completed, server to BIG-IP RESPONSE pkts and bytes count
    IPFIX::msg set $rule1_msg1 octetDeltaCount [IP::stats bytes in]
    IPFIX::msg set $rule1_msg1 packetDeltaCount [IP::stats pkts in]
    IPFIX::destination send $static::http_rule1_dest $rule1_msg1
}

# CLIENT_CLOSED event to collect IP pkts and bytes count on clientside
when CLIENT_CLOSED {
    set client_closed_flag 1
    # when flow is completed, client to BIG-IP REQUEST pkts and bytes octetDeltaCount
    IPFIX::msg set $rule1_msg1 postOctetTotalCount [IP::stats bytes in]
    IPFIX::msg set $rule1_msg1 postPacketTotalCount [IP::stats pkts in]
    # when flow is completed, BIG-IP to client RESPONSE pkts and bytes count
    IPFIX::msg set $rule1_msg1 postOctetDeltaCount [IP::stats bytes out]
    IPFIX::msg set $rule1_msg1 postPacketDeltaCount [IP::stats pkts out]
    # record the client closed time in ms
    IPFIX::msg set $rule1_msg1 flowEndMilliseconds [clock click -milliseconds]
    # send the IPFIX log
    IPFIX::destination send $static::http_rule1_dest $rule1_msg1
}

sbasu · Accepted Answer

Thanks all for your reply it was resolved by changing VS settings as below->

Type: Standard Protocol Profile (Client): apm-forwarding-client-tcp Protocol Profile (Server): (Use Client Profile) HTTP Profile (Server): (Use Client Profile) </p

leslie_hubertus · Answer

I wonder if&nbsp;Paulius&nbsp;can assist with this one?&nbsp;
&nbsp;
I've floated your post to the top of the forum for more visibility.&nbsp;

jrahm · Answer

HI&nbsp;sbasu&nbsp;what type of virtual server is this, is it handling tcp/udp traffic, and do you have short timeout values on your profiles or indefinite? Could add a log statement for [CLIENT|SERVER]_CLOSED events to see if at least they are firing or not.

liefzimmerman · Answer

sbasu&nbsp;- I marked your reply using the *Accept As Solution*.This helps future readers find answers more quickly and confirms the efforts of those who helped.
If you think there are other replies that should also be marked as Solution, please do. More than one reply can contribute to an acceptable solution.Thanks for being part of our community.Lief

Forum Discussion

iRULE not working for ipfix log publisher.

4 Replies

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

F5 BIG-IP deployment with OpenShift - publishing application options

Logs for local-db-publisher

F5 Labs Publishes October Update to Sensor Intel Series

New Articles and Videos published in DevCentral this week

Publishing Applications