jkstraw_44238
Jun 29, 2007Nimbostratus
Virt_server logs to remote syslog
I am running a BigIP with V. 9.4
I have the following iRule logging correctly to /var/log/ltm but I am also trying to get the web traffic forwarded to central syslog-ng server.
when HTTP_REQUEST {
set http_request_time [clock clicks -milliseconds]
set request_log_line "\
[HTTP::request_num],\
[IP::remote_addr],\
[HTTP::method],\
[HTTP::version],\
[HTTP::host],\
\"[HTTP::uri]\",\
\"[HTTP::header value Referer]\",
\"[HTTP::header User-Agent]\",\
\"[HTTP::cookie value JSESSIONID]\",\
[SSL::cipher name],\
[SSL::cipher version],\
[SSL::cipher bits]"
}
when HTTP_RESPONSE {
set http_response_time [ clock clicks -milliseconds ]
log local0. "$request_log_line,\
[HTTP::status],\
[HTTP::payload length],\
[expr $http_response_time - $http_request_time]"
}
In the /etc/syslog-ng/syslog-ng.conf file I have added the following:
Remote Syslog Server
destination remote {
udp("xxx.xxx.xxx.xxx" port (514));
};
local0.* /var/log/ltm
filter f_local0 {
facility(local0) and level(info..emerg); };
destination d_ltm {
file("/var/log/ltm" create_dirs(yes)); };
log {
source(local);
filter(f_local0);
destination(d_ltm);
destination(remote);
};
I know the "destination(d_ltm)" is working - but my "destination(remote)" is not working 100%. My Syslog server is getting local0-notice level messages (eg. mcpd[1725]: 01070639:5: Pool member xxx.xxx.xxx.xxx:8080 session status disabled.) but none of the web logs.
Does anyone have any ideas?