Here is code that i have attempted. Would someone be able to help me with this?
when RULE_INIT {
set ::inbound_vlan "4094"
set ::device_id "clcappfw01.ssd.com"
set ::strlimit 256
set ::doAES 0
set ::AESKey "H&^)(D(*CEH(c0jhcds9h)(&&%%$%$@"
}
when CLIENT_ACCEPTED {
set secs [clock seconds]
set usecs [expr {[clock clicks] - [expr {$secs * 1000000}]}]
if { $usecs > 1000000 } {
set usecs "999999"
} else {
set usecs [format "%06u" $usecs]
}
set conn_start_time $secs.$usecs
set log_event "neds.f5.conn.end.v1"
set log_content "\"$::device_id\","
set clientside_client_addr [IP::client_addr]
set clientside_client_port [TCP::client_port]
set clientside_server_addr [IP::local_addr]
set clientside_server_port [TCP::local_port]
set clientflow "$clientside_client_addr:$clientside_client_port"
append clientflow "-$clientside_server_addr:$clientside_server_port@$conn_start_time"
set vlanid "[LINK::vlan_id]"
if { [string compare $vlanid $::inbound_vlan] } {
set direction "Inbound"
} else {
set direction "Outbound"
}
set log_event "neds.f5.conn.start.v1"
set log_content "\"$::device_id\","
append log_content "\"$clientflow\","
append log_content "$conn_start_time,"
append log_content "\"[LINK::vlan_id]\","
append log_content "[IP::protocol],"
append log_content "[IP::tos],"
append log_content "[IP::ttl],"
append log_content "\"[virtual]\","
append log_content "\"$direction\""
log syslogserver:514 local7.info \"$log_event\",$log_content
}
when CLIENT_CLOSED {
set secs [clock seconds]
set usecs [expr {[clock clicks] - [expr {$secs * 1000000}]}]
if { $usecs > 1000000 } {
set usecs "999999"
} else {
set usecs [format "%06u" $usecs]
}
set conn_end_time $secs.$usecs
set log_event "neds.f5.conn.end.v1"
set log_content "\"$::device_id\","
append log_content "\"$clientflow\",$conn_end_time,"
append log_content "[lindex [IP::stats pkts] 0],"
append log_content "[lindex [IP::stats pkts] 1],"
append log_content "[lindex [IP::stats bytes] 0],"
append log_content "[lindex [IP::stats bytes] 1]"
log syslogserver:514 local7.info \"$log_event\",$log_content
}
when HTTP_REQUEST {
set secs [clock seconds]
set usecs [expr {[clock clicks] - [expr {$secs * 1000000}]}]
if { $usecs > 1000000 } {
set usecs "999999"
} else {
set usecs [format "%06u" $usecs]
}
set http_request_time $secs.$usecs
set http_host [string range [HTTP::host] 0 $::strlimit]
set http_host [string map {{"} {""}} $http_host]
set http_request_uri [string range [HTTP::uri] 0 $::strlimit]
set http_request_uri [string map {{"} {""}} $http_request_uri]
set http_username [string range [HTTP::username] 0 $::strlimit]
set http_username [string map {{"} {""}} $http_username]
set http_user_agent [string range [HTTP::header User-Agent] 0 $::strlimit]
set http_user_agent [string map {{"} {""}} $http_user_agent]
set log_event "neds.f5.conn.end.v1"
set log_content "\"$::device_id\","
append log_content "\"$clientflow\","
append log_content "$http_request_time,"
append log_content "[HTTP::request_num],"
append log_content "\"$http_host\","
append log_content "\"$http_request_uri\","
append log_content "\"$http_username\","
append log_content "\"$http_user_agent\""
log syslogserver:514 local7.info \"$log_event\",$log_content
}
when HTTP_RESPONSE {
set secs [clock seconds]
set usecs [expr {[clock clicks] - [expr {$secs * 1000000}]}]
if { $usecs > 1000000 } {
set usecs "999999"
} else {
set usecs [format "%06u" $usecs]
}
set http_reply_time $secs.$usecs
set content_length ""
if { [HTTP::header exists "Content-Length"] } {
set content_length [HTTP::header "Content-Length"]
}
set lb_server "[LB::server addr]:[LB::server port]"
if { [string compare "$lb_server" ""] == 0 } {
set lb_server ""
}
set status_code [HTTP::status]
set status_code [string map {{"} {""}} $status_code]
set content_type [HTTP::header "Content-type"]
set content_type [string map {{"} {""}} $content_type]
set serverside_client_addr [IP::local_addr]
set serverside_client_port [TCP::local_port]
set serverside_server_addr [IP::remote_addr]
set serverside_server_port [TCP::remote_port]
set serverflow "$serverside_client_addr:$serverside_client_port"
append serverflow "-$serverside_server_addr:$serverside_server_port"
set log_event "neds.f5.http.resp.v1"
set log_content "\"$::device_id\","
append log_content "\"$clientflow\","
append log_content "$http_reply_time,"
append log_content "[HTTP::request_num],"
append log_content "\"$status_code\","
append log_content "\"$content_type\","
append log_content "\"$content_length\","
append log_content "\"$lb_server\","
append log_content "\"$serverflow\""
log syslogserver:514 local7.info \"$log_event\",$log_content
}