iRule for logging LTM

Question

Hi All,&nbsp;
Do you have an iRule to logs all traffic coming to bigIP? Or the log config is enough?&nbsp;
Dont worry about the resources utilization. &nbsp;

vernonwells · Answer

If you have AFM licensed and provisioned, you can use firewall rule logging.  Alternatively, if all of your traffic is HTTP and/or DNS, you can you HTTP and DNS logging profiles:
Using the Request Logging ProfileConfiguring Remote High-Speed DNS Logging
If that's not the case, you could use a simple iRule that logs information for each incoming flow:
when CLIENT_ACCEPTED {
    set hdl [HSL::open -publisher some_publisher]
    HSL::send $hdl "&lt;134&gt; [IP::client_addr] -&gt; [IP::local_addr]"
}

If you want to log higher layer information (e.g., port information), the iRule becomes somewhat more complicated.

Forum Discussion

iRule for logging LTM

1 Reply

Recent Discussions

google-visualization-issues

Advise on setting up IRULE

google autenticator broken barcode

Port Group on F5OS network setting

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Related Content

iRule to log traffic details

irule logging question

ASM logs

Logging DNS Requests

iRULE not working for ipfix log publisher.