Logging Connections?

Question

We have 2 LTM 9.4 and would like to log all loadbalanced connections going thru the F5 (mostly IP info). I have an external syslog setup monitoring (warning...emerg) what level should i set to see these connnections occuring? And is there a way to just filter on these connections?&nbsp;
&nbsp;Best Regards,&nbsp;
&nbsp;JC

hooleylist · Answer

To log all client connections through the BIG-IP, you can use an iRule and modify the syslog-ng configuration.  You could trim down this rule to just log the client and server IP's (Click here)&nbsp;
&nbsp;Within the log statement, you can specify the syslog facility and severity:&nbsp;
&nbsp;log facility.severity "log text"&nbsp;
&nbsp;example:&nbsp;
&nbsp;log local0.info "some text"&nbsp;
&nbsp;There are examples of how to configure syslog-ng to log to a remote syslog server as well (Click here).&nbsp;
&nbsp;Aaron

jcmattos_41723 · Answer

Thx Hoolio! I tried applying this TCP/HTTP irule to our external VIP. Will this still work if our VIP is only available for HTTPS? Or do I need to create a separate HTTPS policy?&nbsp;
&nbsp;Best Regards,&nbsp;
&nbsp;JC

hooleylist · Answer

If you're decrypting the HTTPS on the BIG-IP using a client SSL profile, you can use the HTTP logging rule.  If you're not decrypting the HTTPS, then you can't inspect the HTTP headers or data--you could log IP, port and SSL info (cipher levels, etc), but not HTTP.&nbsp;
&nbsp;Aaron

jcmattos_41723 · Answer

Works like a champ...Thx you da man Hoolio!

Forum Discussion

Logging Connections?

4 Replies

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

Log tcp Connections.

Log client to vip connections

After applied ASM Policy to Virtual Server, connections will reset with Internal error in log

ASM logs

ASM LOGS