Forum Discussion

eduardo_26187's avatar
eduardo_26187
Icon for Nimbostratus rankNimbostratus
Feb 16, 2010

log web activity from http server or bigip?

Hi everyone

 

 

I want find the best way to log the activity for an apache ihs web server.

 

 

I have the big-ip redirecting traffic to http server, but checking the access_log in this http server the incomming ip belongs to the big-ip and I would like to get the external IP client in order to identify the incoming connection from the web server.

 

 

I appreciate you recommendations because what I want to do is to setup a syslog-ng remote server to receive the apache logs directly from the http server.

 

 

Do you think it would be better to send the logs this way or should I send it directly from the big-ip?

 

 

In this case, do you think that I need an iRule and set a configuration like this:

 

 

http://www.brianyeager.org/?p=171

 

 

Thanks in advance
management
monitoring

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Feb 16, 2010
    Hi Eduardo,

     

     

    If it's only for HTTP or HTTPS being decrypted on LTM, it would be easier and more efficient to configure LTM to insert the original client IP address in the X-Forwarded-For header and then set Apache to log this custom HTTP header.

     

     

    SOL4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT

     

    https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html

     

     

    It is possible to use the approach you originally suggested, but that would require resource intensive logging of all HTTP requests from LTM.

     

     

    Aaron
  • eduardo_26187's avatar
    eduardo_26187
    Icon for Nimbostratus rankNimbostratus
    Feb 17, 2010
    Thanks Mr. hoolio

     

     

    I recommend to set this format to visualize the client ip:

     

     

    LogFormat "%h %{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" X-Forwarded-For