Forum Discussion

Samuel_Rydén's avatar
Samuel_Rydén
Icon for Altocumulus rankAltocumulus
Dec 04, 2019

Exclude application request logging for single uri

I'm looking for a way to filter out or discard request logging events for a single uri.

 

Why?

On and off, we need to enable LTM logging of all requests on a specific VIP, to better understand the flow of a certain process.

On the same VIP, however, a static uri (not static content) gets hammered dozens of times per minute, effectively cluttering up the local log, as we currently have no HSL.

I can filter out the uri in the Security ›› Event Logs : Application : Requests GUI, but I'm looking for a way to filter out or discard request logging events for this single uri permanently, as this logging may have to run for a couple of days to catch the flow.

I'm familiar with iRules, and I've looked for it but found no suitable command to discard or disable these events selectively. I've searched the forums and the documentation, but I've found no questions similar to mine.

 

My own guess is this is something solved on the remote syslog end of things, but as we currently have none, I'm looking for workarounds.

 

I appreciate any insight!

 

Running i5600, 14.1.0.5.

2 Replies

  • Well (Security ›› Event Logs : Application : Requests GUI) thats one way to do. Other way is to tweak you Irule logging method itself.

     

    Can you give us a glimpse of your existing irule and how you are logging them. Since you say you want to exclude a particular URI alone. Why not set that in a variable first.

    Do a if condition and skip logging if it matches.

  • Thank you for your response.

    I don't currently have an iRule for it. I use the default "Log all requests" logging profile, and I wish to exclude a single uri in the application requests log. Ideas I've had so far include:

    1) In the logging profile or policy, exclude logging altogether of single uri, or

    2) By means of an iRule do something like:

    if { [HTTP::uri] eq "/system/status.txt" } {
        # disable logging
    }

    Looking at method 1, logging profile filtering is inclusive rather than exclusive, I'm not offered a "NOT" condition, so it seems to not be an option.

    As for method 2, there seems to be no command in any scope, to prevent an entry in the application request log.

    Just to be absolutely clear; I'm not referring to any logging using the log command, I'm only interested in whether I can manipulate what entries show up in Security ›› Event Logs : Application : Requests.

    If it was up to me personally, I'd just log to file or send to a temporary syslog on my client. But because other people who are not too experienced with the product need to easily monitor this as well, I'd like to direct them to the Application Requests log.

    I hope that made things clearer at least! 🙂