log

Description¶

Generates and logs the specified message to the Syslog-ng utility.
This command works by performing variable expansion on the message as
defined for the HTTP profile Header Insert setting.
The log command can produce large amounts of output. Use with care
in production environments, especially where disk space is limited.
The syslog facility is limited to logging 1024 bytes per request.
Longer strings will be truncated.
The High Speed Logging feature offers the ability to
send TCP or UDP syslog messages from an iRule with very low CPU or
memory overhead. Consider using HSL instead of the default log command
for remote logging.

Syntax¶

log <message>
log [-noname] <facility>.[<level>] <message>
log [-noname] <remote_ip>[:<remote_port>] <facility>.[<level>] <message>

log <message>¶

Logs the specified message to the syslog-ng utility. Log entries are written to the local system log (/var/log/ltm). (See Note below about supression.)

log [-noname] <facility>.[<level>] <message>¶

Logs the specified message to the syslog-ng utility at the specified facility & log level. The iRule name (and event) prefixing the message text may optionally suppressed by including the -noname option.

log [-noname] <remote_ip>[:<remote_port>] <facility>.[<level>] <message>¶

(LTM only) Logs the specified message directly to the specified IP address (and optional alternate port when specified) via UDP. Facility and/or level are required. The iRule name prefixing the message text may optionally suppressed by including the -noname option. <remote_ip> must be a TMM-routed address. If you must route specific messages to a remote address via the management interface, you must log locally. syslog-ng is able to route messages via both TMM and management interfaces using the standard syntax. You can define an appropriate filter and remote log destination in LTM’s syslog-ng service.

Note: There is a significant behavioral difference when the optional . is specified. When iRule logs messages without the facility and/or level, they are rate-limited as a class and subsequently logged messages within the rate-limit period may be suppressed even though they are textually different. However, when the and/or are specified, the log messages are not rate-limited (though syslog-ng will still perform suppression of repeated duplicates).

Examples¶

Log to the local facility with no duplicate message suppression:

log local0. "Found $isCard $type CC# $card_number"

Log in the default message format to a remote syslog server on the default port:

when CLIENT_ACCEPTED {
   log 172.27.31.10 local0.info "Client Connected, IP: [IP::client_addr]"
}

Related Information¶

Valid Events:

ALL_EVENTS, GLOBAL_GTM

Warning

The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.

Sample Code:

Access Control Based On Network Or Host - This iRule allows administrators to allow or deny access to a virtual server based IP/networks and ports. This particular example is designed for use with an IP forwarding virtual server co…
ASP Session ID Persistence - Persist on ASP SessionID cookie value or PID.
Base32 Encoder/Decoder - Code to encode and decode Base32 strings
Block requests by reverse DNS record - Performs a reverse DNS lookup to validate client IP
Block Referral Requests - This iRule will scan referral requests for images and insert a canned image for requests not coming from a allowed host.
Client Cert Request by URI with OCSP Checking - Request a client SSL certificate by URI and validate it using OCSP
Client Certificate CN Checking - These iRules will check the presented client certificate for a valid CN. allowing or rejecting
Client Certificate Request by URI with OCSP Checking (v10.1 - v10.2.x) - Request a client SSL certificate by URI and validate it using OCSP for v10.1 - 10.2.x
CMP v10.0 compatible counters using the session table - v10.0.1 CMP compatible global counter
Credit Card Scrubber - This iRule illustrates how to scrub out Credit Card Numbers from HTTP traffic.
Credit Card Scrubber Using a Stream Profile - This iRule illustrates how to scrub out Credit Card Numbers from HTTP traffic using a STREAM profile.
Custom Apache-style logging for Java-based applications - I had a requirement to have the F5 BigIP produce logs which replicated our …
Delete Cookie From Request By Regex - This iRule allows an administrator to delete cookies from a request which match a defined class of regular expressions.
detect prior http redirect or respond - Detect a prior HTTP redirect or response to avoid a runtime TCL error
Distribute Email By Source IP - I had a customer who wanted to use a single virtual IP address for a mail s…
DNS Flood Protection v1 - This iRule illustrates how to provide flood protection per source IP address.
Exchange2010 SNAT pool persistence - Applies a type of persistence per incoming IP to the SNAT pool masquerading IPs assigned to CAS RPC connections
FIX Select Pool Based On Sender Comp ID - Financial Information eXchange (FIX) Protocol iRule to select pool based on Sender Comp ID.
Fowler Noll Vo (FNV) Hash Calculation - This sample iRule shows how to calculate FNV or Fowler / Noll / Vo Hash.
Fully Decode URI - This sample will recursively decode a URI before inspection.
Google Authenticator iRule For Two-Factor Auth With LDAP - This iRule adds two-factor authentication to a virtual server by combining an LDAP account with a Google Authenticator token
Google reCAPTCHA Challenge iRule - This iRule adds captcha verification to a virtual server.
GTM return LDNS IP to client - We do a lot of our load balancing based on topology rules. so it’s often ve…
high performance rate limiting - This rule will limit the number of request to a particular vhost and uri to…
HMAC - This iRule shows example of to calculate HMAC or keyed-Hash Message Authent…
HTML Comment Scrubber - This iRule will remove all HTML comments and replace them with white space.
HTML comment scrubber using a stream profile - Removes HTML comments from server responses
HTTP session limit - HTTP Session limiting for LTM v10.1 using tables.
HTTP to HTTPS redirect by vs name - Redirect HTTP requests to HTTPS using the virtual server name to avoid certificate mismatch warnings
Http Response Based On Requested Uri - This iRule sends an HTTP response based on the requested path.
HTTPS passthrough fallback URL - This iRule allows an administrator to pass HTTPS traffic through the BIG-IP…
HTTP slow post mitigation - Mitigating Slow HTTP Post DDoS Attacks With iRules
Hunt The Wumpus - For all you “Hunt the Wumpus” fans out there. here’s an iRule clone implemented on top of the FTP protocol.
Insert App Cookies In Http Redirect - This rule intercepts the application response and sends an HTTP redirect to…
Insert Client Certificate In Serverside HTTP Headers - An example iRule that pulls certainformation from a client cert and passes it along to backend server in HTTP headers.
Log binary HTTP payload in hex - This iRule demonstrates how to collect the HTTP request payload and log the output in hex
Log client to vip connections - This iRule generates an entry in a log file whenever somebody connects to a virtual server.
Log Http Tcp Udp To Syslogng - You can use iRules to log a summary of each request and its response. and send the data to a remote syslog server using BIG-IP’s syslog-ng daemon.
Log large HTTP payloads in chunks locally and remotely - Log POST request payloads remotely via HSL to a syslog server and locally.
Log Tcp And Http Request Response Info Remotely - Log TCP and HTTP request and response details remotely via High Speed Logging
Select pool based on HTTP host header - This rule was designed for a customer that had many websites hosted on one …
NEDS Rule - Used in conjunction with the NEDS specification contained in the Logging and Reporting Toolkit
Parse username from HTTP requests - Parse the username from HTTP requests in the basic auth header and POST data
Path Traversal Detection - This iRule tries to detect all Path Traversal attempts against web sites in query string parameters
POST Request Exponential Backoff - Exponential backoff iRule to thwart dictionary attacks
ProxyPass Lite - This iRule implements a limited subset of the full ProxyPassV10 iRule:
ratio load balancing using rand function - Use a psuedo random number to set a ratio for any iRule logic. This avoids using a global counter mechanism to track past selections.
Redirect Non-SSL Requests on SSL Virtual Server Rule - This iRule sends an HTTP redirect to clients who make an HTTP request to an HTTPS virtual server
Redirect Location header validator - Validate the 30x redirects a web application sends back to clients
Redirect Trapper - iRule to trap server redirect response, follow the redirect on the BIG-IP and return the followed response to the client as a result of original request
Reverse Proxy With Basic SSO - The iRule implements a authenticated HTTPS reverse proxy.
Rewrite Host Header to Server Name - On each HTTP request. the selected pool member IP address is looked up against a datagroup and the corresponding hostname is inserted in the HTTP host header.
Select pool member based on HTTP query string parameter - Allow clients to manually select a pool member based on a parameter set in the HTTP query string. with persistence.
Session Table Control - Control session subtables with an iRules based HTML GUI.
Sideband connection HTTP example - Sends an HTTP request to a sideband server and parses the HTTP response headers and optionally the payload to determine which pool to send the client request to
Simulating TCP Closes From Server When Using ASM - Using iRules to simulate server layer 5 TCP closes with BIG-IP ASM
URI Interrogation - This iRule will interrogate and log all components of the URI.
Weblogic JSessionID Persistence for Session Replication - Persists HTTP requests on the primary and secondary server values found in the JSESSIONID cookie when the WebLogic servers implement session replication across two servers
XML Field Logger Using HTTP Commands - This iRule extracts XML field data from HTTP request data using only HTTP commands. (Useful for BIG-IP versions which have not implemented the XML iRules commands.)

Introduced: BIGIP-9.0.0

9.4.0

Added <remote_ip> and <remote_port> parameters

9.4.2

Added -noname option

Introduced: GTM-9.2.2

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.

log¶

Description¶

Syntax¶

log <message>¶

log [-noname] <facility>.[<level>] <message>¶

log [-noname] <remote_ip>[:<remote_port>] <facility>.[<level>] <message>¶

Examples¶

Related Information¶