Forum Discussion

GVR_Dinesh_1748's avatar
GVR_Dinesh_1748
Icon for Nimbostratus rankNimbostratus
Jun 01, 2018

Solution to capture traffic logs for specific VIP in LTM

Traffic logs wont store in F5 LTM so is there anyway to store the traffic logs from clients to specific VIP in syslog server in network. Please answer if there is any solution.

 

3 Replies

  • Which kind of log you wanted to store?

     

    Incoming source ip, port,etc? Yes- use hsl profile or iRule to capture all connection details n store in syslog/external log server...

     

    Hope it will solve issue.... Paste if you have specific Questions.

     

    • GVR_Dinesh_1748's avatar
      GVR_Dinesh_1748
      Icon for Nimbostratus rankNimbostratus

      I need to have the traffic with incoming source IP, destination and port. Can you give some idea on FSL profile or sample irule to capture logs.

       

  • Hi,

    you can try this irule:

    when HTTP_REQUEST {
    set capture 0
    if {[IP::addr [IP::local_addr] equals 1.1.1.195] } {
    set expert 1
       set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]"
       log local0. "============================================="
       log local0. "$LogString (request)"
       foreach aHeader [HTTP::header names] {
          log local0. "$aHeader: [HTTP::header value $aHeader]"
       }
       log local0. "============================================="
    
    }
    }
    when HTTP_RESPONSE {
    
    if {$xpert} {
       log local0. "============================================="
       log local0. "$LogString (response) - status: [HTTP::status]"
       foreach aHeader [HTTP::header names] {
          log local0. "$aHeader: [HTTP::header value $aHeader]"
    }
       log local0. "============================================="   
    }
    }
    

    If you want to store this logs you can use HSL in order to send it directly to your remote syslog.

    You have an example of output logs here: https://devcentral.f5.com/codeshare/log-http-headers

    Keep me in touch.

    regards