Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Client IP Logging with F5 & Splunk

I was wondering if anyone has written an iRule that strips down HTTP header/data and log it as a syslog? I have Webseals behind F5's and the F5's run with Auto SNAT. This is making life miserable since IBM does not give option of custom logging. I was thinking of logging HTTP Header/ Session/ Data to a syslog splunk server. Any clues? Thanks, Hari
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hi Hari,
If you set up your Syslog-ng then you can virtually use the irules to send all different types to yoru syslog

For example


when HTTP_REQUEST {
     log local0 "Client IP address:{IP:client_addr]"
}



There are many permutations on how you want to log

Here are some links that will help you

http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1084377/Writing-to-and-rotating-custom-log-files.aspx
http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=190
http://devcentral.f5.com/wiki/default.aspx/iRules/session.html
http://devcentral.f5.com/wiki/default.aspx/iRules/HTTP__header.html


I hope this helps
#Bhattman
0