Is it possible to use an iRule to read from and return the F5's log files?

Hi Samyool,

you can't read locally stored file streams using iRules. The required TCL commands to open and read such are disabled by the developers.

The only chance I see for you, is to open a [SIDEBAND] connection to the REST-API, execute a tail /var/log/ltm command via the /mgmt/tm/util/bash endpoint, parse the REST response and finally display the output on your debugging page.

API Request:

 

POST /mgmt/tm/util/bash HTTP/1.1
Host: yourbox.domain.de
Content-Type: application/json
Authorization: Basic YourBase64Creds
content-length: 56
Connection: close

{"command":"run","utilCmdArgs":"-c 'tail -n 50 /var/log/ltm'"}

 

Note: Let me know if you need further assitence to implement such a [SIDEBAND] connection to query REST within iRules.

Cheers, Kai

 

Hi Samyool,

I've recycled some older code for you to get a PoC up and running within a few minutes. Here we go...

Configure a Layer4 VS:80 that points to the MGMT-ETH:443 of your F5

1.) Execute the following command on TMSH

 

load sys config merge from-terminal

 

2.) Paste the following config into TMSH

 

ltm pool Pool_F5-MGMT-ETH {
    members {
        Node_F5-MGMT-ETH:https {
            address x.x.x.x%1
            session monitor-enabled
            state up
        }
    }
    monitor gateway_icmp 
}

ltm virtual VS_F5-MGMT-ETH {
    destination 1.1.1.1%1:http
    ip-protocol tcp
    mask 255.255.255.255
    pool Pool_F5-MGMT-ETH
    profiles {
        serverssl {
            context serverside
        }
        tcp { }
    }
    source 0.0.0.0%1/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
}

 

Note: You have to change the node IP address to match the MGMT-IP of your LTM. The IP of the Virtual Server can be keept, since its just used for internal communication.

3.) Hit CRTL+D to save the config change

Write a TCL procedure to trigger a SIDEBAND connection towards your Layer4 VS:80 (aka. your REST-API) to execute [tail] and finally download X lines of logfile Y.

1.) Add the following procedure to your existing iRule

 

proc get_logfiles { virtual basic_creds logfile lines } {
    set tcp_conn [connect -timeout 2000 -idle 2000 -status tcp_conn_status $virtual]
    if { $tcp_conn_status equals "connected" } then {
        set http_request_body "\{\"command\":\"run\",\"utilCmdArgs\":\"-c 'tail -n $lines $logfile'\"\}"
        set http_request "POST /mgmt/tm/util/bash HTTP/1.0\r\nAuthorization: Basic $basic_creds\r\nContent-Length: [string length $http_request_body]\r\n\r\n$http_request_body"
        send -timeout 2000 -status tcp_sent_status $tcp_conn $http_request
        if { $tcp_sent_status equals "sent" } then {
            set http_response [recv -timeout 5000 $tcp_conn]
            if { $http_response starts_with "HTTP/1.1 200" } then {
                return [getfield $http_response {commandResult":"} 2]
            } elseif { $http_response equals "" } then {
                return "Error: Receive Timeout"
            } else {
                return "Error: API Response = $http_response"
            }
        } else {
            return "Error: Send Status = $tcp_sent_status"
        }
    } else {
        return "Error: Connection Status = $tcp_conn_status"
    }
}

 

Call the TCL procedure within your iRule

 

set log_lines [call YOUR_IRULE_NAME::get_logfiles "VS_F5-MGMT-ETH" [b64encode "admin:password"] "/var/log/ltm" 50]

 

Cheers, Kai