Forum Discussion

swapnilbendekar's avatar
swapnilbendekar
Icon for Nimbostratus rankNimbostratus
May 20, 2011

way to get away with truncated syslog

Hi friends,

 

 

I have written iRule script as:

 

 

when HTTP_REQUEST {

 

if {[HTTP::header value Content-Type] contains "application/vnd.syncml+xml"}{

 

set secs [clock seconds]

 

set msec [clock clicks -milliseconds]

 

set base [expr { $secs * 1000 } ]

 

set fract [expr { $msec - $base }]

 

if { $fract >= 1000 } {

 

set diff [expr { $fract / 1000 }]

 

incr secs $diff

 

incr fract [expr { -1000 * $diff }]

 

}

 

log local0. " [clock format $secs -format {%H:%M:%S}].$fract HTTP::payload: [HTTP::payload]"

 

}

 

}

 

when HTTP_RESPONSE {

 

if {[HTTP::header value Content-Type] contains "application/vnd.syncml+xml"}{

 

set secs [clock seconds]

 

set msec [clock clicks -milliseconds]

 

set base [expr { $secs * 1000 } ]

 

set fract [expr { $msec - $base }]

 

if { $fract >= 1000 } {

 

set diff [expr { $fract / 1000 }]

 

incr secs $diff

 

incr fract [expr { -1000 * $diff }]

 

}

 

log local0. " [clock format $secs -format {%H:%M:%S}].$fract HTTP::payload: [HTTP::payload]"

 

}

 

}

 

 

and syslog-ng.conf file is like

 

CUSTOM LOGGING FOR Performance Optimization App =======

 

filter f_local0 {

 

facility(local0) and not match(": ");

 

};

 

filter f_local0_customlog {

 

facility(local0) and match(": ");

 

};

 

destination d_customlog {

 

file("/var/log/customlog" create_dirs(yes));

 

};

 

log {

 

source(local);

 

filter(f_local0_customlog);

 

destination(d_customlog);

 

};

 

CUSTOM LOGGING FOR Performance Optimization App =======

 

Since request, response are more than 1024 bytes (syslog max size ), logs are truncated.

 

I tried the logging onto remote machine using udp ("ip_address" port (514)) but there also same problem persists.

 

So friend, is there any way to get full logs to deal with such scenario?

 

Is there any way to redirect the logs to remote machine before going to syslog ?

 

Can we invoke any perl/shell script from irule script itself ?

 

Else is there method to break the request & response break (I know rechunk/unchunk is possible for HTTP_REQUEST only) ?

 

please help me out from this.

 

I have to parse these logs in order to get the request-response time required for each operation & its status.

 

Thanks in Advance.

 

 

ve
virtualization

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 20, 2011
    I'd look at High Speed Logging as this bypasses the local syslog daemon:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/hsl

     

     

    Also, if you want to capture the full HTTP payload, you'll need to call HTTP::collect and then use HTTP::payload to access the collected data:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/http__collect

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/http__payload

     

     

    Aaron
  • swapnilbendekar's avatar
    swapnilbendekar
    Icon for Nimbostratus rankNimbostratus
    May 23, 2011
    Hi Aron,

     

    Thanks for the response. Actually I am using the virtual edition.

     

    I configured the VLAN's and Self IP's using the GUI.

     

    My Management Port IP Address is 172.17.14.244 / 24

     

    wheres Managaement Route is 172.17.14.1

     

    Also

    Internal Network Configuration Self IP 172.17.4.96 / 24

     

     

    But I am not able to create External VLAN with some error e.g.

     

    01070354:3: Self IP 172.17.4.97 / 255.255.255.0: This network is defined on two vlans (external and internal)

     

    01020066:3: The requested self IP address (172.17.4.96) already exists in partition Common.

     

    So, everything in network map ( Nodes, Pool Members, Virtual Pool, Virtual Server) shows unknown.

     

    Thats why I am not able to test the changes suggested by you.

     

    Could you please let me know where I am getting wrong.

     

    Also one query, the url mentioned by you suggest syntax for HTTP_REQUEST, will it work for HTTP_RESPONSE as well ?

     

     

    Appreciate your help

     

     

    Thanks & Regards,

     

    Swapnil P. Bendekar