Forum Discussion

akhil_2877's avatar
akhil_2877
Icon for Nimbostratus rankNimbostratus
Jul 11, 2013

Irule On LTM to track the socurce ip address based on hostname/URI

Could some please help me creating an Irule based on to track and log soruce ip address/ cleint ip address accessing VIP based on FQDN name

 

as i am having mutiple FQDN pointing to same VIP so i want to log track source ip addresses who are accessing trans.abc.com which is pointing to 10.201.x.y

 

 

Thanks

 

 

Akhil

 

application delivery
dev
devops
iRules

3 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jul 11, 2013
    is this http logging helpful?

     

     

    Log Http Tcp Udp To Syslogng

     

    https://devcentral.f5.com/wiki/iRules.LogHttpTcpUdpToSyslogng.ashx
  • akhil_2877's avatar
    akhil_2877
    Icon for Nimbostratus rankNimbostratus
    Jul 11, 2013
    actually as i mentioned on same vip is poitning to multple URLs HOWVER i need to get info for one particular URL say tran.abc.com for all http and https requests.
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jul 11, 2013
    e.g. 

    [root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.252:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
  if { [HTTP::host] eq "trans.abc.com" } {
    log local0. "Client: [IP::client_addr]:[TCP::client_port] URL: [HTTP::host][HTTP::uri]"
  }
}
}

 /var/log/ltm

[root@ve10:Active] config  tail -f /var/log/ltm
Jul 11 22:02:45 local/tmm info tmm[4950]: Rule myrule : Client: 172.28.20.17:38773 URL: trans.abc.com/bhabhabha