Forum Discussion

Joe_Sabek_47241's avatar
Joe_Sabek_47241
Historic F5 Account
Jan 14, 2009

Passing log statement to F5 device using iControl

Is there any way to tell an F5 device to log a certain string using iControl?

 

The specific iControl application provides a layer of abstraction for users that do not have an account on the F5 device. Nevertheless, the ability to log the specific external user's action with the external user's name on the F5 device is desirable for auditing reasons.

 

I could not find the proper method within the SDK. The only option I can think of is setting up a VS that logs what ever you pass to it using an iRule. The problem with this is there is no way you can implement such an iRule on a GTM device.

 

 

dev
devops
iControl

2 Replies

Sort By
  • samstep's avatar
    samstep
    Icon for Cirrocumulus rankCirrocumulus
    Jan 22, 2009
    I had the same problem and the only way round this is to use iControl to dynamically create an iRule which will log a message on "when RULE_INIT" event and then delete that iRule. (see my original question from April 2008 here: http://devcentral.f5.com/Default.aspx?tabid=53&forumid=1&postid=23533&view=topic)

     

     

    The bad news is that there is no RULE_INIT in GTM iRules, or to be more precise it does not work (CR number is 95407)...

     

     

    The good news is that you CAN create an LTM iRule using iControl on a GTM-only box - LocalLBRule.create(...) iControl call works even if the box does not have an LTM license (I only tested this on GTM version 9.4.4).
  • Joe_Sabek_47241's avatar
    Joe_Sabek_47241
    Historic F5 Account
    Jan 22, 2009
    Found a good solution.

     

    You can do this by just adding parameters to the URI that gets sent to the GTM/LTM when making the SOAP call. Should work the same in .NET. This will log a message in ssl_access on the LTM/GTM

     

     

    Jan 20 09:57:01 bigip001 logger: [ssl_req][20/Jan/2009:09:57:01 -0800] 192.168.2.34 TLSv1 RC4-MD5 "POST /iControl/iControlPortal.cgi?username=Joe?Action=Disable?Service=HR_Peoplesoft HTTP/1.0" 547

     

     

     

    java.net.URL("https" + "://" + m_sUsername + ":" + m_sPassword + "@"

     

    + ltm1 + ":" + m_sPort + "/iControl/iControlPortal.cgi" + "?username=Sam?Action=Disable?Service=HR_Peoplesoft"));