Forum Discussion

Moinul_Rony's avatar
Moinul_Rony
Icon for Altostratus rankAltostratus
Apr 30, 2021

Investigate a policy using iRule

Hi,

 

We had a firewall outage and since then our APM's are having split brain behaviour and taking a long time for resource assignment.

 

We dont know which step in the policy is hanging/waiting but wanted to understand so we can stop blaming the APM's.

 

Any handy idea if I can assign irule event on the policy steps to mark as they complete their steps ? I would like that iRule to log events in ltm/apm log.

 

Cheers,

Rony

1 Reply

  • Hello Moinul.

    There are several ideas that you could use to log info about your policy evaluation status:

    1. APM events (ACCESS_SESSION_STARTED, ACCESS_POLICY_COMPLETED, ACCESS_ACL_ALLOWED, ACCESS_ACL_DENIED), these events are executed in specific moments of the policy evaluation.
    2. ACCESS_POLICY_AGENT_EVENT, in this case, this event is executed in the moment that you specify during the policy evaluation (configuring an iRule Event box).
    3. Log Message, you can also log messages (and session variables) using a log message box.

    There is a great article here that explains all your chances:

    https://support.f5.com/csp/article/K80934060

    Regards,

    Dario.