Forum Discussion
hooleylist
Feb 21, 2008Cirrostratus
Hi,
There have been a few similar requests in the iRule forum (before this section was created). Try searching for 'log all connections' or similar key words in the iRule 9.x forum to find the related posts. Check the Codeshare for an example of how to use a rule to log connection details and configure syslog-ng to send the log entries to a remote syslog server.
Log HTTP, TCP, UDP connection details to syslog:
http://devcentral.f5.com/wiki/default.aspx/iRules/LogHttpTcpUdpToSyslogng.html
If you're using the RAM cache module, you'd need to add additional logic to the rule(s) using the CACHE:: commands and events to log the details for responses from cache. For more info on this, you can check the wiki pages:
CACHE:: commands:
http://devcentral.f5.com/wiki/default.aspx/iRules/cache
With that said, there is a limitation to what you can log with iRules regarding the processing time taken. The examples rules in the Codeshare link log the delta between when the HTTP request headers from the client are parsed and when the HTTP response headers from the server are parsed. There isn't a simple way of measuring the delta between when LTM receives the full request (including the payload) from the client and when it finishes sending the response back to the client. You can do this, but you end up having to collect the data before sending it. This collection adds latency to the process and would therefore not make sense to do.
Reply if you have any questions on this or want help writing a rule to handle cached and non-cache logging.
Aaron