Forum Discussion
David_Noonan_67
Nimbostratus
The above script didn't work for me (LTM 10.2.1) until I tweaked it a bit.
From: http://devcentral.f5.com/wiki/default.aspx/iRules/HSL__send.html
when CLIENT_ACCEPTED {
set hsl [HSL::open -proto UDP -pool syslog-pool]
}
when SERVER_CONNECTED {
set FrontEnd "[IP::client_addr]:[TCP::client_port] <-> [clientside {IP::local_addr}]:[clientside {TCP::local_port}]"
set BackEnd "[IP::local_addr]:[TCP::local_port] <-> [serverside {IP::remote_addr}]:[TCP::server_port]"
Log connection details as local7.info; see RFC 3164 Section 4.1.1 - "PRI Part" for more info
HSL::send $hsl "<190> HSL: $FrontEnd | $BackEnd"
}
1. With the HSL::send in the CLIENT_CLOSED event I got "TCL error: connection_logging-rule - can't read "log_line": no such variable while executing "HSL::send $hsl "<190> $log_line". It was fine once I moved it to SERVER_CONNECTED.
2. "[IP::server_addr]" was giving me the VS address instead of the back-end server IP so I changed it to "[serverside {IP::remote_addr}]".
I also broke the log line into two parts just for clarity.
Now it generates a local7.info life that looks like
HSL: 10.3.225.11:3961 <-> 10.13.171.14:80 | 10.3.225.11:3961 <-> 10.13.17.44:80
vlad94103_22344
Sep 26, 2016Nimbostratus
Bump up. Re: Logging the sessions with session ID binding the server- and client- sides.