HSL Logging - Filtering it so that you only get the connection information

Question

I have set up the following:
Log Filter (emergency severity-source all)Log Destination (pointing to pool that contains splunk server)Log Publisher (points to splunk_db)
I setup the following iRule on the VS:
when CLIENT_ACCEPTED {
    set hsl [HSL::open -proto TCP -pool splunk_9997]
}
when HTTP_REQUEST {
    HSL::send $hsl "Request from external user - [IP::client_addr] to [HTTP::host][HTTP::uri]
"
}

But when i look at the splunk server i am seeing log data for each png file they are requesting etc. I really just need the initial connection and that is it. Basically i want to see the following:
Request from external user - 172.16.148.2 to www.company.com/etc
Is this possible?

arie · Answer

You're facing two challenges:&nbsp;
Each user may open several connections.A user may make multiple requests on the same connection.
You have a number of options to cut down on the log traffic:&nbsp;
Log only connections (CLIENT_ACCEPTED). This would of course not log the requests. However, you could set a flag (semaphore) that you can then use it to log the first request in HTTP_REQUEST.Limit logging to requests without an extension and known pages.

Forum Discussion

HSL Logging - Filtering it so that you only get the connection information

1 Reply

Recent Discussions

BigIP Next - Health Monitors / Template

LDAPS and renegotiation

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Related Content

External Monitor Information and Templates

Find CVE information on AskF5

Securely connecting Kubernetes Microservices with F5 Distributed Cloud

Traffic Policies: More detailed information on Actions

Troubeshooting website connection