Rosieodonell_16
Jun 30, 2015Cirrus
HSL Logging - Filtering it so that you only get the connection information
I have set up the following:
- Log Filter (emergency severity-source all)
- Log Destination (pointing to pool that contains splunk server)
- Log Publisher (points to splunk_db)
I setup the following iRule on the VS:
when CLIENT_ACCEPTED {
set hsl [HSL::open -proto TCP -pool splunk_9997]
}
when HTTP_REQUEST {
HSL::send $hsl "Request from external user - [IP::client_addr] to [HTTP::host][HTTP::uri]\n"
}
But when i look at the splunk server i am seeing log data for each png file they are requesting etc. I really just need the initial connection and that is it. Basically i want to see the following:
Request from external user - 172.16.148.2 to www.company.com/etc
Is this possible?