Find connection attempts via source IP
Hey guys, I'm fairly new to F5. We have one configured before I started working here. We have a windows terminal server virtual server in our F5 that load balances between 18 different back end terminal servers. We chose this method as apposed to a windows terminal server broker for some reason.
We are having clients try to connect and they are getting an error. We can see through packet captures they are able to get a secure connection to our F5 virtual server, but we can't see which backend terminal server the F5 is trying to send them to. We believe the error is in relation to that backend terminal server that's a member of the pool the virtual server is associated with.
My question is, is there a log I can search via the clients source IP address to see connection attempts? I know they are hitting our virtual server IP, but I need to know which pool member the F5 is sending them to for authentication. I know about the "tmsh show" that will tell me about active connections, but I need to troubleshoot one step back.
when CLIENT_ACCEPTED { set LogString "Client [IP::client_addr]" log local0. "==== $LogString (request) =====" } when SERVER_CONNECTED { log local0. "==== $LogString (server connected) - server: [LB::server addr]:[LB::server port] ====" }
I have tested that this works