Forum Discussion

al_kabeer_2905's avatar
al_kabeer_2905
Icon for Nimbostratus rankNimbostratus
Feb 16, 2013

IRule Syslog web application

Hi, I have web application which i want to log all connection going to it.

 

I have LTM 3600, which is configure to do SNAT " at the web server i can only see the self IP of F5", so i want to configure irule to send syslog messages,

 

I have searched and found this:

 

when HTTP_REQUEST {

 

 

Save Request Side Information

 

 

set http_request "\"[HTTP::method] [HTTP::uri] HTTP/[HTTP::version]\""

 

set http_request_time [clock clicks -milliseconds]

 

set http_user_agent "\"[HTTP::header User-Agent]]\""

 

set http_host [HTTP::host]

 

set http_username [HTTP::username]

 

set client_ip [IP::remote_addr]

 

set client_port [TCP::remote_port]

 

set http_request_uri [HTTP::uri]

 

set referer [HTTP::header value referer]

 

}

 

when HTTP_RESPONSE {

 

set response_time [expr [clock clicks -milliseconds] - $http_request_time]

 

set virtual [virtual]

 

set content_length 0

 

if { [HTTP::header exists "Content-Length"] } {

 

set content_length [HTTP::header "Content-Length"]

 

}

 

set lb_server "[LB::server addr]:[LB::server port]"

 

if { [string compare "$lb_server" ""] == 0 } {

 

set lb_server ""

 

}

 

set status_code [HTTP::status]

 

set content_type [HTTP::header "Content-type"]

 

set log_msg ""

 

append log_msg "virtual=$virtual "

 

append log_msg "client_ip=$client_ip "

 

append log_msg "client_port=$client_port "

 

append log_msg "lb_server=$lb_server "

 

append log_msg "host=$http_host "

 

append log_msg "username=$http_username "

 

append log_msg "$http_request_uri "

 

append log_msg "request=$http_request "

 

append log_msg "server_status=$status_code "

 

append log_msg "content_type=$content_type "

 

append log_msg "content_length=$content_length "

 

append log_msg "resp_time=$response_time "

 

append log_msg "user_agent=$http_user_agent "

 

append log_msg "referer=$referer"

 

log 10.10.10.10 local0. $log_msg

 

log local0. $log_msg

 

}

 

which is working for me, since this is http (not https) i added the password, but i can't see any password ?? also why i should add request and response, why not only the request ??

 

 

thanks

 

 

3 Replies

  • i added the password, but i can't see any password ?? do you mean HTTP::password? i understand it will return if it is basic authenticaton. are you using basic authentication?

     

     

    HTTP::password wiki

     

    https://devcentral.f5.com/wiki/iRules.HTTP__password.ashx

     

     

    also why i should add request and response, why not only the request ??you mean the irule, don't you? it uses HTTP_RESPONSE because some information, such as http status code, server ip and port, is not available during request (HTTP_REQUEST).
  • yes http password, it is http (not https) so can i see the password in clear text, i am using active directory authentiation.

     

     

    thanks i got it for the second question (HTTP response and request)
  • So I am not sure if this will work for you but something simple we do to get the real IP, is use an iRule to insert it into the Header.

     

     

    Here is the iRule

     

     

    when HTTP_REQUEST {

     

    HTTP::header insert x-remote-host [IP::client_addr]

     

    HTTP::header insert x-user-agent [HTTP::header User-Agent]

     

    }