Forum Discussion

Shruti_Malik_84's avatar
Shruti_Malik_84
Icon for Nimbostratus rankNimbostratus
Apr 10, 2007

Need an i-Rule for logging purposes

Can we make an i-Rule for logging the following details?

 

 

The following properties can be logged and their format can be configured in IIS.

 

-Date

 

-Time

 

-Client IP Address

 

-User Name

 

-Method

 

-URI Stem

 

-URI Query

 

-Protocol Status

 

-Bytes Sent

 

-Bytes Received

 

-Time Taken

 

-User Agent

 

-Cookie

 

-Referrer

 

 

I want similar logging in F5

 

 

Can these properties be read from https_headers or from some other location and finally logged in a text file?

 

How to write an i-Rule for logging and also reading and writing into a file?
application delivery
dev
devops
iRules

6 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 10, 2007
    You can use a rule to log information about requests and responses. You can then configure syslog-ng to process the log events to a file or to a remote syslog server.

     

     

    Check this post (Click here) for examples of how to log all requests with syslog-ng.

     

     

    Aaron
  • Shruti_Malik_84's avatar
    Shruti_Malik_84
    Icon for Nimbostratus rankNimbostratus
    Apr 16, 2007
    Hi Aaron,

     

    Thanx for giving the i-Rule

     

     

    I had tried just detting the IP address of the client using this i-Rule:

     

     

    when CLIENT_ACCEPTED {

     

    set vip [IP::local_addr]:[TCP::local_port]

     

    }

     

    when SERVER_CONNECTED {

     

    set client "[IP::client_addr]:[TCP::client_port]"

     

    set node "[IP::server_addr]:[TCP::server_port]"

     

    }

     

    when CLIENT_CLOSED {

     

    log connection info

     

    log local0.info "Client $client -> VIP: $vip -> Node: $node"

     

    }

     

     

    Now can u help me out by telling where would this information be present...path of the file!!

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 16, 2007
    By default, events logged to the local0 syslog-ng facility are recorded in the /var/log/ltm log file.

     

     

    You can access the log via the GUI under 'System | Logs | Local Traffic' or by running 'tail -f /var/log/ltm' from the command line.

     

     

    Aaron
  • tungsten_112959's avatar
    tungsten_112959
    Icon for Nimbostratus rankNimbostratus
    Apr 25, 2007
    when CLIENT_ACCEPTED {

     

    set vip [IP::local_addr]:[TCP::local_port]

     

    }

     

    when SERVER_CONNECTED {

     

    set client "[IP::client_addr]:[TCP::client_port]"

     

    set node "[IP::server_addr]:[TCP::server_port]"

     

    }

     

    when CLIENT_CLOSED {

     

    log connection info

     

    log local0.info "Client $client -> VIP: $vip -> Node: $node"

     

    }

     

    ===================================================================

     

     

     

     

    when I create this iRule, seems like my web had stop responding

     

    viewing the ltm logs show as below

     

     

    =============================================================================

     

    Apr 25 13:23:16 tmm tmm[725]: 01220001:3: TCL error: Rule http_logger - can't read "nodePort": no such variable

     

    while executing "log local0.info "Client: $client -> VIP:$vip$url -> Node: $node:$nodePort with response $nodeResp""

     

    =============================================================================

     

     

     

    So what do we need to replace the "nodePort" variable with? Thanks
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 25, 2007
    Sorry about that. I had changed the example so that the node IP address and port were saved to $node. You can remove the $nodePort variable from the log statement. I updated the other thread with this:

    
when HTTP_REQUEST {
    set the URL here, log it on the response
   set url [HTTP::header Host][HTTP::uri]
   set vip [IP::local_addr]:[TCP::local_port]
}
when HTTP_RESPONSE {
   set client [IP::client_addr]:[TCP::client_port]
   set node [IP::server_addr]:[TCP::server_port]
   set nodeResp [HTTP::status]
    log connection info
   log local0.info "Client: $client -> VIP:$vip$url -> Node: $node with response $nodeResp"
}

    Aaron