Forum Discussion

derekpayne_2032's avatar
derekpayne_2032
Icon for Nimbostratus rankNimbostratus
Sep 02, 2016

Logging all virtual server hits?

Our security team is requesting that we log to syslog all connection attempts to any virtual server. All we really need is the source IP, destination IP, and timestamp. Is there a simple way to enable this? We are running 11.5.3.

 

2 Replies

  • It does not log the VS hits by default. You should use irule with hsl, by the way you can send the log to syslog server.

     

  • to log you could use a simple iRule:

     

    when CLIENT_ACCEPTED {

     

    set vip [IP::local_addr]:[TCP::local_port]

     

    when SERVER_CONNECTED {

     

    set client "[IP::client_addr]:[TCP::client_port]" set node "[IP::server_addr]:[TCP::server_port]" }

     

    when CLIENT_CLOSED {

     

    log connection info log local0.info "Client $client -> VIP: $vip -> Node: $node"

     

    }

     

    to apply this rule I would use a tmsh cli script