F5 LTM 11.3.1 session connection logs

Where are you seeing users connection session logs on a bigip?

I used below commands to see client real IP etc on a bigip & we need these information to be sent to remote syslog server.

tmsh show sys conn ss-client-addr tmsh show sys conn ss-client-port tmsh show sys connection tmsh show sys connection all-properties.

Thanks

my requirement is can we forward client connection session (source IP, port etc) to remote syslog server?

Not sure if you need to log everything from tmsh show connection, but the following iRule will log client, VIP, and server IP/port to a remote syslog server:

when CLIENT_ACCEPTED {
    set vs [IP::local_addr]:[TCP::local_port]

    set hsl [HSL::open -proto UDP -pool syslog-ubuntu-pool]
}
when SERVER_CONNECTED {
    set client [IP::client_addr]:[TCP::client_port]
    set srv [IP::remote_addr]:[TCP::remote_port]

    HSL::send $hsl "<134>Client: $client established a connection to $vs and load balanced to server $srv at [clock format [clock seconds] -format "%Y-%m-%d %H:%M:%S"]"
}

This will trigger a log on every server side connection. If you want to actually log per-request traffic, you can still use an iRule, but you also have the Request Logging profile, which would be applied to the virtual server and log every request and/or response.

Many thanks indeed for your response.

My goal is to track client actual source IP as we are using SNAT and server is unable to see real IP. We don't want to use X-Forwarder that is why we want client connection session information to be forwarded to remote syslog server, so we can keep this information for sometime.

Is it possible to do it through GUI without using irule means configure HSL and logging profile etc. I need clear steps.

Waiting for your response.