Forum Discussion

littlebunny's avatar
littlebunny
Icon for Nimbostratus rankNimbostratus
Feb 21, 2019

Question about iRule or other methods for remote logging

Hello

 

We'd like to log any traffic coming from a certain list of subnets and going to a couple of virtual servers. It sounds like an iRule is the way to go but I'm only just starting to learn about them so I'm looking for some examples of what they should look like. We'd like to log traffic coming in to one virtual server on port 80 and the other on port 443. Any pointers?

 

It may be a non-issue but we're also concerned about the potential resource impact on the F5, as the virtual servers we would be applying the iRules to receive a huge number of connections per second.

 

Are there other better ways to achieve the logging we need?

 

Thanks LB

 

application delivery
BIG-IP
connection logging

2 Replies

Sort By
  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Feb 21, 2019

    There are a lot of ways to accomplish this. A simple search for iRule Logging will return an easy afternoon or two worth of reading. I would caution you about logging too much, especially to the BigIP. The BigIP was never intended to be a log aggregator and is optimized for high speed traffic processing. You can quickly overwhelm the CPU by trying to log too much of the traffic being processed.

     

    Here is an example of an irule to use the High Speed Logging mechanism to log data to a remote server: https://devcentral.f5.com/codeshare/logging-irule-1180

     

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Feb 22, 2019

    Hi,

    If you want to log http(s) requests, I recommended to use request logging profile instead of irules!

    A request logging profile with response enabled (not request) and with template 

    $NCSA_COMMON
    will send log in Apache format!