Forum Discussion
8 Replies
- Sheigh_65772Cirrus
Short answer is yes, the how depends on what data you want logged.
If you need only the IP you can do this:
when CLIENT_ACCEPTED { log local0. "clientIP:[IP::client_addr] accessed" }
If you also need other data such as resources you can use one of the other events such as HTTP_REQUEST:
when HTTP_REQUEST { log local0. "clientIP:[IP::client_addr] accessed [HTTP::host][HTTP::uri]" }
logs will be within your /var/log/ltm
- Danish202_17040NimbostratusThanks a lot ..quite useful reply :)) Could you tell me the risk when I generate logs with your second rule ...Can I fix the resource or memory used for these logs ? or is there any implicit mechanisim to avoid disaster incase logs are too much ...
- Sheigh_65772Cirrus
The generic answer is every system is different so it really depends on what kind of data your looking to log. If you want lots of logs you could look into combining a remote syslog server with either a Request Logging Profile or High Speed Logging, there some good reference posts on those already.
You could also take the two I listed above and combine them for something like this:
when CLIENT_ACCEPTED { set userlogged 0 } when HTTP_REQUEST { if { $userlogged == 0 } { log local0. "clientIP:[IP::client_addr] accessed [HTTP::host][HTTP::uri]" set userlogged 1 } }
The first part will initialize the userlogged variable when the client first connects, and then once the HTTP_REQUEST event is triggered it will log only the first request by the user as userlogged is then set to 1.
- Sheigh_65772Cirrus
You could also trigger at on a certain uri:
when HTTP_REQUEST { if { [string tolower [HTTP::uri]] equals "/loginpage.aspx" } { log local0. "clientIP:[IP::client_addr] accessed [HTTP::host][HTTP::uri]" } }
- Danish202_17040Nimbostratus
I was going through Insert X-Forwarded-For feature.... Can you little bit explain about it too ..What are the requirements from server side ..
Thanks in advance !!
- Sheigh_65772Cirrus
So the purpose of the x-forwarded-for feature is to give your backend servers the clients IP as with a NAT the connection will look to originating from the bigips IP. That isn't enough though, the backend server needs to know what to do with the additional header information.
This link has some info on the x-forwarded-for along with instructions near the bottom on how to get it working with IIS. What the plugin does is take the added header and uses that for the logs in place of the client address as normally. How this is done will depend on your flavor of webserver.
https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html
- Danish202_17040Nimbostratus
Hi Sheigh ,
Can you help me to answer below query ..
https://devcentral.f5.com/questions/hash-algorithm-upgradationwant-to-upgraded-sha1-certificate
- Arun_LK_202176Nimbostratus
Hi, My app team need the Client IP/ Source IP on the backend server.
The virtual is pass through. SSL certificate is on the server. Does not get offloaded on the F5.
Could you please review and assist.