Forum Discussion

Chris_Vanderlaa's avatar
Chris_Vanderlaa
Icon for Nimbostratus rankNimbostratus
Dec 15, 2015

iRules - pull the 'url' from the http header and send to syslog server?

Hello,

 

I am trying to create an iRule that sends the following to syslog:

 

  • Read the HTTP header, take the 'URL' and send a message to syslog showing what URL was in the header
  • CLIENT_ACCEPTED - send the frontside VIP that was connected to, and the source IP that connected to it to syslog
  • SERVER_CONNECTED - send the backside server and client IP to syslog
  • The virtual server this iRule is applied to is doing SSL termination, 443 on the front 80 on the back
  • The virtual server has an http profile applied (generic default http profile that already exists on F5)
  • F5 version is 11.5.3 Build 2.0.196 Hotfix HF2

The CLIENT_ACCEPTED and SERVER_CONNECTED piece of this irule work just fine. The problem is with the HTTP_REQUEST portion.

 

iRule is:

 

when HTTP_REQUEST {

 

log 1.2.3.4 "URL: [HTTP::host]"

 

}

 

when CLIENT_ACCEPTED {

 

set vip [IP::local_addr]

 

log 1.2.3.4 "VIP: $vip - Client Connected, Client IP: [IP::client_addr]"

 

}

 

when SERVER_CONNECTED {

 

log 1.2.3.4 "VIP: $vip - Server Connected, Client IP: [IP::client_addr], Server IP: [IP::server_addr]"

 

}

 

Ideally I'd like to also make the 'URL' extracted from the header into a variable to put it into the CLIENT and SERVER statements too.

 

application delivery
http header
iRules
syslog

1 Reply

Sort By
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Dec 15, 2015

    Hi Chris,

    its not possible to access the URL during CLIENT_ACCEPTED event, since the client hasn't send this information at this stage.

    Take a look to the customized rules below. I've added a unique connection ID for better filtering of syslog messages and logging of HOST and PATH values.

    when CLIENT_ACCEPTED { 
    set request_stamp [clock clicks]
    set client_ip [IP::client_addr]
    set virtual_ip [IP::local_addr]
    log 1.2.3.4 "ConID: $request_stamp : Client \"$client_ip\" has connected to VIP \"$virtual_ip\""
}

when HTTP_REQUEST {
    set url "[HTTP::host][HTTP::path]"
    log 1.2.3.4 "ConID: $request_stamp : New HTTP Request received for \"$url\""
}

when SERVER_CONNECTED {
    set server_ip [IP::server_addr]
    log 1.2.3.4 "ConID: $request_stamp : LTM has connected Client \"$client_ip\" to Server \"$server_ip\""
}

    Cheers, Kai