Only IRULE_INIT events are triggerred

What destination hosts are you testing to? Can you add a log statement like this to each iRule in the CLIENT_ACCEPTED event and then post the (anonymized) logs from /var/log/ltm?

 

 

log local0. "[IP::client_addr]:[TCP::client_port]: New connection to [IP::local_addr]:[TCP::client_port]"

 

 

Thanks,

 

Aaron

That is the issue I have log statements in each iRULE

 

in the "when CLIENT_ACCEPTED" code blocks

 

 

log local0. "got a CLIENT_ACCEPTED production_rule"

 

 

and

 

 

log local0. "got a CLIENT_ACCEPTED test_irule_000"

 

 

I actually had something similar to what you asked for (but I removed a lot of stuff to simplify - since nothing but the IRULE_INIT logs to /var/log/ltm - so none of my "when CLIENT_ACCEPTED" code blocks are ever called.

 

 

 

[jstrabala@www:Active] log tail -10 /var/log/ltm

 

Dec 15 08:11:56 tmm1 tmm1[1865]: Rule : test_irule_000 initialized: 991

 

Dec 15 08:12:03 tmm tmm[1922]: Rule : production_rule initialized: 111

 

Dec 15 08:12:03 tmm1 tmm1[1865]: Rule : production_rule initialized: 111

 

Dec 15 08:21:35 tmm tmm[1922]: Rule : production_rule initialized: 111

 

Dec 15 08:21:35 tmm1 tmm1[1865]: Rule : production_rule initialized: 111

 

Dec 15 08:23:28 tmm tmm[1922]: Rule : test_irule_000 initialized: 991

 

Dec 15 08:23:28 tmm1 tmm1[1865]: Rule : test_irule_000 initialized: 991

 

Dec 15 08:23:51 tmm tmm[1922]: Rule : production_rule initialized: 111

 

Dec 15 08:23:51 tmm1 tmm1[1865]: Rule : production_rule initialized: 111

 

Dec 15 08:25:08 www bigpipe: Completed config sync all operation

 

[jstrabala@www:Active] log

 

 

 

As you can see even though I have the above iRULEs in each "when CLIENT_ACCEPTED" code block there are never any messages in /var/log/ltm - other than those I put in the "when IRULES_INIT" code block.

 

 

 

I don't see anything that would prevent logging to /var/log/ltm in the syslog-ng.conf. If the log line to local0. contained AUDIT, it would go to /var/log/audit. But your log lines don't contain that string.

 

 

Can you try clearing the rule stats, running curl -v 10.0.185.150 from the LTM command line and check the logs and rule stats again?

 

 

Thanks,

 

Aaron

I started my testing after

 

[jstrabala@www:Active] log date

 

Tue Dec 15 14:36:32 HST 2009

 

 

It took a while to find a working PC version of CURL

 

 

From Traffic Summary Under the Welcome item in the F5 management web interface I hit the Button [Clear Statistics] followed by a [Refresh] button.

 

 

From a client (actualy an EVDO dongle) that is routed into the F5 to VIP iruletest (rule test_irule_000)

 

 

I ran a couple of tests and I saw the following in the statistics (Traffic Summary)

 

Requests

 

HTTP 6

 

 

 

TEST1 - VIP testirule RULE test_irule_000

 

 

curl.exe -v 10.0.185.150

 

* About to connect() to 10.0.185.150 port 80 (0)

 

* Trying 10.0.185.150... connected

 

* Connected to 10.0.185.150 (10.0.185.150) port 80 (0)

 

> GET / HTTP/1.1

 

> User-Agent: curl/7.19.5 (i586-pc-mingw32msvc) libcurl/7.19.5 zlib/1.2.3

 

> Host: 10.0.185.150

 

> Accept: */*

 

>

 

< HTTP/1.1 200 OK

 

< Date: Wed, 16 Dec 2009 01:05:25 GMT

 

< Expires: -1

 

< Cache-Control: private, max-age=0

 

< Content-Type: text/html; charset=ISO-8859-1

 

< Server: gws

 

< X-XSS-Protection: 0

 

< Transfer-Encoding: chunked

 

<

 

 

Google

 

*

 

*

 

* Allot of data removed

 

*

 

*

 

* Connection 0 to host 10.0.185.150 left intact

 

* Closing connection 0

 

 

 

TEST2 - VIP default_route RULE production_irule

 

 

curl.exe -v http://www.quantumsi.com/temp/

 

* About to connect() to www.quantumsi.com port 80 (0)

 

* Trying 65.203.136.33... connected

 

* Connected to www.quantumsi.com (65.203.136.33) port 80 (0)

 

> GET /temp/ HTTP/1.1

 

> User-Agent: curl/7.19.5 (i586-pc-mingw32msvc) libcurl/7.19.5 zlib/1.2.3

 

> Host: www.quantumsi.com

 

> Accept: */*

 

>

 

* HTTP 1.0, assume close after body

 

< HTTP/1.0 200 OK

 

< Date: Wed, 16 Dec 2009 01:05:31 GMT

 

< Server: Apache/1.3.31 (Unix) ApacheJServ/1.1.2 PHP/4.1.2

 

< Connection: close

 

< Content-Type: text/html

 

<

 

 

no info

 

 

* Closing connection 0

 

 

But once again No log file out put at all

 

 

[jstrabala@www:Active] log tail -f ltm

 

Dec 15 08:23:28 tmm tmm[1922]: Rule : test_irule_000 initialized: 991

 

Dec 15 08:23:28 tmm1 tmm1[1865]: Rule : test_irule_000 initialized: 991

 

Dec 15 08:23:51 tmm tmm[1922]: Rule : production_rule initialized: 111

 

Dec 15 08:23:51 tmm1 tmm1[1865]: Rule : production_rule initialized: 111

 

Dec 15 08:25:08 www bigpipe: Completed config sync all operation

 

Dec 15 10:33:36 tmm tmm[1922]: Rule : production_rule initialized: 111

 

Dec 15 10:33:36 tmm1 tmm1[1865]: Rule : production_rule initialized: 111

 

Dec 15 10:34:55 tmm tmm[1922]: Rule : test_irule_000 initialized: 991

 

Dec 15 10:34:55 tmm1 tmm1[1865]: Rule : test_irule_000 initialized: 991

 

Dec 15 10:35:40 www bigpipe: Completed config sync all operation

 

 

Note the F5 is not itself set to either resolve DNS or go out on the internet (security ?) So I real don't want to run curl from the F5 itself via curl (it will not work at all)

 

 

 

 

Oddly enough when I enable a "Default Persistance Profile" to "cookie" for (Local Traffic / Virtual Servers / iruletest ) I actually get the colkie

 

 

Set-Cookie: BIGipServergoogle.com=1672079680.0.0000; path=/

 

 

When I do the curl -v 10.0.185.150 test, so something is working BUT of course my irules in the HTTP_REQUEST or CLIENT_ACCEPTED are not.

 

 

 

curl.exe" -v 10.0.185.150

 

* About to connect() to 10.0.185.150 port 80 (0)

 

* Trying 10.0.185.150... connected

 

* Connected to 10.0.185.150 (10.0.185.150) port 80 (0)

 

> GET / HTTP/1.1

 

> User-Agent: curl/7.19.5 (i586-pc-mingw32msvc) libcurl/7.19.5 zlib/1.2.3

 

> Host: 10.0.185.150

 

> Accept: */*

 

>

 

< HTTP/1.1 200 OK

 

< Date: Wed, 16 Dec 2009 01:36:17 GMT

 

< Expires: -1

 

< Cache-Control: private, max-age=0

 

< Content-Type: text/html; charset=ISO-8859-1

 

< Server: gws

 

< X-XSS-Protection: 0

 

< Transfer-Encoding: chunked

 

< Set-Cookie: BIGipServergoogle.com=1672079680.0.0000; path=/

 

<

 

 

Google

 

*

 

* lots of lines removed

 

*

 

* Connection 0 to host 10.0.185.150 left intact

 

* Closing connection 0

 

This is just plain odd. I'm running out of ideas. Do you have any other iRules added to the VIP which are disabling events? If not, I'd suggest opening a case with F5 Support. I'd be quite curious to hear about the outcome if you do end up opening a case.

 

 

And sorry for the time in finding curl.exe, I was suggesting you use curl from the LTM command line. Unless you have packet filters or iRules restricting client access, you should be able to initiate a request to any VIP with ARP enabled.

 

 

Aaron

Aaron, by the LTM command line to you mean from a shell on the Linus system -or- do you mean from the "console" selection under "system" in the F5 web interface ?

 

 

Regardless thank you for all your help/comments, the F5 admin will upgrade to TMOS 10.X today and if the problem is still happening we will open a case with F5 support - I will definitely post an update on any resolution and/or issue that is found in our configuration.

 

 

Jon

The GUI's console is limited to bigpipe commands. You would need SSH with advanaced shell (full command line) or serial console access to run curl from the command line.

 

 

Aaron