Forum Discussion

Shridhar_Kulkar's avatar
Shridhar_Kulkar
Icon for Nimbostratus rankNimbostratus
Mar 20, 2013

How to log only the first connection from a client to a source address perstence enabled virtual server ?

If I have virtual server that has source address persistence enabled, is there a way I can log the client address connecting to it ONLY for the first time and NOT its subsequent connections ?

 

8 Replies

  • e.g.

    [root@ve10:Active] config  b virtual bar list
    virtual bar {
       snat automap
       pool foo
       destination 172.28.19.252:80
       ip protocol 6
       rules myrule
       persist source_addr
    }
    [root@ve10:Active] config  b rule myrule list
    rule myrule {
       when CLIENT_ACCEPTED {
       if { [persist lookup source_addr [IP::client_addr]] eq "" } {
          log local0. "[IP::client_addr]:[TCP::client_port]"
       }
    }
    }
    
     send 500 requests
    
    [root@centos251 ~] ab -n 500 http://172.28.19.252/
    This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
    Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
    Copyright 2006 The Apache Software Foundation, http://www.apache.org/
    
    Benchmarking 172.28.19.252 (be patient)
    Completed 100 requests
    Completed 200 requests
    Completed 300 requests
    Completed 400 requests
    Finished 500 requests
    
    
    Server Software:        Apache/2.2.3
    Server Hostname:        172.28.19.252
    Server Port:            80
    
    Document Path:          /
    Document Length:        89 bytes
    
    Concurrency Level:      1
    Time taken for tests:   2.41524 seconds
    Complete requests:      500
    Failed requests:        0
    Write errors:           0
    Total transferred:      175500 bytes
    HTML transferred:       44500 bytes
    Requests per second:    244.92 [/sec] (mean)
    Time per request:       4.083 [ms] (mean)
    Time per request:       4.083 [ms] (mean, across all concurrent requests)
    Transfer rate:          83.76 [Kbytes/sec] received
    
    Connection Times (ms)
                  min  mean[+/-sd] median   max
    Connect:        0    0   0.5      0       2
    Processing:     2    3   0.7      3       7
    Waiting:        2    2   0.8      3       6
    Total:          3    3   0.8      3       7
    WARNING: The median and mean for the waiting time are not within a normal deviation
            These results are probably not that reliable.
    
    Percentage of the requests served within a certain time (ms)
      50%      3
      66%      4
      75%      4
      80%      4
      90%      4
      95%      4
      98%      4
      99%      6
     100%      7 (longest request)
    
     stats
    
    [root@ve10:Active] config  b virtual bar |grep -i 'virtual\|pool\|tot)'
    VIRTUAL ADDRESS 172.28.19.252   UNIT 1
    |     (cur, max, limit, tot) = (0, 492, 0, 500)
    +-> VIRTUAL bar   SERVICE 80
        |     (cur, max, limit, tot) = (0, 492, 0, 500)
        +-> POOL foo  LB METHOD round robin   MIN/CUR ACTIVE MEMBERS 0/0
            |     (cur, max, limit, tot) = (0, 1, 0, 500)
            +-> POOL MEMBER foo/200.200.200.101:80   active,unchecked
                |     (cur, max, limit, tot) = (0, 1, 0, 500)
    
     persistence
    
    [root@ve10:Active] config  b persist
    PERSISTENT CONNECTIONS
        Type           Virtual                Node
        source addr    172.28.19.252:80   200.200.200.101:80
    
     /var/log/ltm
    
    [root@ve10:Active] config  tail -f /var/log/ltm
    Mar 21 01:43:35 local/tmm info tmm[4950]: Rule myrule : 172.28.19.251:47598
    
    
  • It worked as expected. Thank you.

     

     

    If this i-rule is applied to a virtual server that sees an average client hit count of 2000 Connections at any given point of time of any day, can this i-rule be trimmed to log with consuming less system resources on an LTM 1500 ? Say....this is the ONLY virtual server configured on the box.

     

     

    FYI....I also saw the below messages in the log -

     

    Per-invocation log rate exceeded; throttling.

     

    Resuming log processing at this invocation; held 2 messages.
  • If this i-rule is applied to a virtual server that sees an average client hit count of 2000 Connections at any given point of time of any day, can this i-rule be trimmed to log with consuming less system resources on an LTM 1500 ? Say....this is the ONLY virtual server configured on the box. with high volume logging, i think hsl or request logging profile is better.

     

     

    Per-invocation log rate exceeded; throttling.

     

    Resuming log processing at this invocation; held 2 messages.sol10524: Error Message: Per-invocation log rate exceeded

     

    http://support.f5.com/kb/en-us/solutions/public/10000/500/sol10524.html
  • LTM 1500 is running 10.2.4 HF4. I don't think HSL is supported with this version ? This LTM has remote logging enabled that rotates the ltm*.gz file every hour. Will that be enough ?
  • LTM 1500 is running 10.2.4 HF4. I don't think HSL is supported with this version ?hsl is introduced since 10.1.0.

     

     

    HSL wiki

     

    https://devcentral.f5.com/wiki/irules.HSL.ashx

     

     

    This LTM has remote logging enabled that rotates the ltm*.gz file every hour. Will that be enough ?hsl sends log directly from tmm. so, if you have high volume log message, i think hsl is better solution.
  • is there any change in the i-rule to do the HSL ?exmaple is in the wiki.

     

     

    HSL::send wiki

     

    https://devcentral.f5.com/wiki/iRules.HSL__send.ashx
  • The example in the Wiki link shows using the HTTP_REQUEST, for which there will be a need to enable HTTP profile to the virtual server first. Can the HSL be enabled something like below -

     

     

    rule myrule {

     

    when CLIENT_ACCEPTED {

     

    if { [persist lookup source_addr [IP::client_addr]] eq "" } {

     

    set hsl [HSL::open -proto UDP -pool syslog_server_pool]

     

    HSL::send $hsl "[IP::client_addr]:[TCP::client_port]"

     

    }

     

    }

     

    }

     

     

    Question:

     

     

    1> Is it mandatory to call the variable name as 'hsl' ?

     

    2> What would the LTM store in this variable 'hsl', if the i-rule is executed simultaneously by 2 different virtual servers at the same time ?