Help with an iRule to log RPC activity

Question

I am familiar with HTTP iRules but not so much with TCP/RPC within iRules. I am trying to log RPC traffic. Our F5 proxies RPC traffic over port 60,0000 to a pool of CAS servers. I'm thinking I can setup an iRule on the proxy backend that would use a combination of server_connected, tcp::collect and tcp::payload to generate the logs and push to our Splunk system to present the answer. I'm familiar with HTTP logging but not TCP/RPC logging ... My dashboard in Splunk would probably show a table of client_ip, start of connection, timechart of traffic events/hits since open.

sean_adams_2420 · Answer

I am trying to differentiate between the RPC connections that are open and passing active traffic to the RPC connections that are open and not passing traffic but being kept open based on a server keep-alive setting. I think if I can track an open connection and construct a timechart or capture total count of event/traffic since open, I could solve the question. &nbsp;
I am seeking assistance on an constructing an iRule or advice on a different approach. Thank You!&nbsp;

Forum Discussion

Help with an iRule to log RPC activity

1 Reply

Recent Discussions

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Pricing when used with aws waf

iRule help masking IBM host URL/URI

Related Content

Remote Active Directory

Irule to delete active connections on vip

F5-LTM active directory and http/s

Check active admin user sessions

Block Active-Sync on Virtual Server