Forum Discussion

Rusty_Hale_8009's avatar
Rusty_Hale_8009
Icon for Nimbostratus rankNimbostratus
Jan 25, 2007

I want to log the value in the array for total connections.

I have this iRule:

when RULE_INIT {
  array set ::active_clients { }
}
when CLIENT_ACCEPTED {
  set client_ip [IP::remote_addr]
  set conn_threshold 10
  if { [info exists ::active_clients($client_ip)] } {
    if {$::active_clients($client_ip) > $conn_threshold } {
      log local0.info "$client_ip exceeded $conn_threshold using VS [IP::local_addr]"
      return
    } else {
      incr ::active_clients($client_ip)
    }
  } else {
    set ::active_clients($client_ip) 1
  }
}
when CLIENT_CLOSED {
  if { [info exists ::active_clients($client_ip)] } {
    incr ::active_clients($client_ip) -1
    if { $::active_clients($client_ip) <= 0 } {
      unset ::active_clients($client_ip)
    }
  }
}

and it works great and produces the following information in the LTM log:

Jan 25 13:46:41 tmm tmm[1227]: Rule Connection_Limit_Log : 12.111.69.130 exceeded 10 using VS 10.160.225.60

Jan 25 13:46:41 tmm tmm[1227]: Rule Connection_Limit_Log : 12.111.69.130 exceeded 10 using VS 10.160.225.60

I want to take the value out of the array so that I can see the total connections by source IP in the log. Can someone please help me with that?

6 Replies

  • Maybe I'm missing something but why don't you just put it in a variable and log that value?

    set total_cons $::active_clients($client_ip)
    log local0. "Total Connections: $total_cons"

    -Joe
  • Joe, Again, I am no programmer but I am getting this error:

     

     

    Jan 26 13:45:52 tmm tmm[1227]: 01220001:3: TCL error: Rule Connection_Limit_Log - can't read "::active_clients(83.67.17.107)": no such element in array while executing "set total_cons $::active_clients($client_ip)"

     

     

     

    When our irule looks like this:

     

     

    when RULE_INIT {

     

    array set ::active_clients { }

     

    }

     

    when CLIENT_ACCEPTED {

     

    set client_ip [IP::remote_addr]

     

    set conn_threshold 10

     

    set total_cons $::active_clients($client_ip)

     

    if { [info exists ::active_clients($client_ip)] } {

     

    if {$::active_clients($client_ip) > $conn_threshold } {

     

    log local0.info "$client_ip $total_cons using VS [IP::local_addr]"

     

    return

     

     

     

     

    } else {

     

    incr ::active_clients($client_ip)

     

    }

     

    } else {

     

    set ::active_clients($client_ip) 1

     

    }

     

    }

     

    when CLIENT_CLOSED {

     

    if { [info exists ::active_clients($client_ip)] } {

     

    incr ::active_clients($client_ip) -1

     

    if { $::active_clients($client_ip) <= 0 } {

     

    unset ::active_clients($client_ip)

     

    }

     

    }

     

    }

     

     

    So where did we screw up?
  • Joe, What do you think about this logic?

     

     

    when RULE_INIT {

     

    array set ::active_clients { }

     

    }

     

    when CLIENT_ACCEPTED {

     

    set client_ip [IP::remote_addr]

     

    set conn_threshold 10

     

    if { [info exists ::active_clients($client_ip)] } {

     

    if {$::active_clients($client_ip) > $conn_threshold } {

     

    set total_cons $::active_clients($client_ip)

     

    log local0.info "$client_ip exceeded $conn_threshold Total Connections: $total_cons using VS [IP::local_addr]"

     

    return

     

    } else {

     

    incr ::active_clients($client_ip)

     

    }

     

    } else {

     

    set ::active_clients($client_ip) 1

     

    }

     

    }

     

    when CLIENT_CLOSED {

     

    if { [info exists ::active_clients($client_ip)] } {

     

    incr ::active_clients($client_ip) -1

     

    if { $::active_clients($client_ip) <= 0 } {

     

    unset ::active_clients($client_ip)

     

    }

     

    }

     

    }

     

  • We just tried the new code but are still having problems. It seems that once the source IP reaches the conn_threshold value, it seems to go one abouve that value and then it stops counting. This means that we set the conn_threshold to equal 30 and we have entries in our log for 31 but never anything above that. Any idea where this is breaking down?
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Breaking down as in why it's allowing 31 connections instead of 30? It's because you're checking to see if the value is greater than the threshold, not equal to or greater than. Try implementing it as ">=" instead of just ">".

     

     

    Or was your questions something else?

     

     

    Colin