Forum Discussion

Travis_94026's avatar
Travis_94026
Icon for Nimbostratus rankNimbostratus
Feb 22, 2012

Sending TCP Traffic via Syslog

Below is the simple iRule I am using to send TCP traffic via syslog for my load balancer. However I am getting the error listed below sent to my syslog receiver.

Error:

<131>Feb 22 12:12:32 local/tmm err tmm[4911]: 01220001:3: TCL error: Test  - Routing problem (line 2)     invoked from within "log  local0.info "Client $client -> VIP: $vip -> Node: $node""

iRule 
when CLIENT_ACCEPTED {  
      set vip [IP::local_addr]:[TCP::local_port]
   }

   when SERVER_CONNECTED {  
      set client "[IP::client_addr]:[TCP::client_port]"
      set node "[IP::server_addr]:[TCP::server_port]"
 
   }  
   
   when CLIENT_CLOSED {  
       log connection info
      log  local0.info "Client $client -> VIP: $vip -> Node: $node"

}

application delivery
dev
devops
iRules

3 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 23, 2012
    the irule looks okay to me. have you customized syslog-ng configuration? 

    [root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
   set vip [IP::local_addr]:[TCP::local_port]
}

when SERVER_CONNECTED {
   set client "[IP::client_addr]:[TCP::client_port]"
   set node "[IP::server_addr]:[TCP::server_port]"
}

when CLIENT_CLOSED {
    log connection info
   log  local0.info "Client $client -> VIP: $vip -> Node: $node"
}
}

[root@ve1023:Active] config  cat /var/log/ltm
Feb 22 23:30:12 local/tmm info tmm[4822]: Rule myrule : Client 172.28.19.251:50352 -> VIP: 172.28.19.79:80 -> Node: 200.200.200.101:80
  • memanole_60339's avatar
    memanole_60339
    Icon for Nimbostratus rankNimbostratus
    May 28, 2012
    hi Guys,

     

     

    as it is impossible to open a new question [for some reason the submit just stucks] i will post here as i have the same issue

     

     

    TCL error: test_log_iRule - Routing problem (line 1) invoked from within "log 10.1.1.1 local0.info "Client Connected, IP: [IP::client_addr]""

     

     

    for irule:

     

     

    rule test_log_iRule {

     

    when CLIENT_ACCEPTED {

     

    log 10.1.1.1 local0.info "Client Connected, IP: [IP::client_addr]"

     

    }
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 31, 2012
    Is 10.1.1.1 on the management port? If so, that's not currently supported as TMM needs to use a switch port to send the log messages.

     

     

     

    https://devcentral.f5.com/wiki/iRules.log.ashx

     

     

    log [-noname] [:] .[]

     

     

    (LTM only) Logs the specified message directly to the specified IP address (and optional alternate port when specified) via UDP. Facility and/or level are required. The iRule name prefixing the message text may optionally suppressed by including the -noname option. < remote_ip > must be a TMM-routed address. If you must route specific messages to a remote address via the management interface, you must log locally. syslog-ng is able to route messages via both TMM and management interfaces using the standard syntax. You can define an appropriate filter and remote log destination in LTM's syslog-ng service.

     

     

     

    Aaron