ltm rule command log
iRule(1) BIG-IP TMSH Manual iRule(1)
log
Generates and logs a message to the syslog-ng utility.
SYNOPSIS
log ('-noname')? ((IP_TUPLE)? (SYSLOG_FACILITY)? MSG)!
DESCRIPTION
Generates and logs the specified message to the Syslog-ng utility. This command works by performing variable expansion on
the message as defined for the HTTP profile Header Insert setting. The log command can produce large amounts of output.
Use with care in production environments, especially where disk space is limited. The syslog facility is limited to
logging 1024 bytes per request. Longer strings will be truncated. The High Speed Logging feature offers the ability to
send TCP or UDP syslog messages from an iRule with very low CPU or memory overhead. Consider using HSL instead of the
default log command for remote logging.
Syntax
log
* Logs the specified message to the syslog-ng utility. Log entries
are written to the local system log (/var/log/ltm). (See Note below
about supression.)
log [-noname] .[]
* Logs the specified message to the syslog-ng utility at the
specified facility & log level. The iRule name prefixing the
message text may optionally suppressed by including the -noname
option.
log [-noname] [:] .[]
* (LTM only) Logs the specified message directly to the specified IP
address (and optional alternate port when specified) via UDP.
Facility and/or level are required. The iRule name prefixing the
message text may optionally suppressed by including the -noname
option. must be a TMM-routed address. If you must route
specific messages to a remote address via the management interface,
you must log locally. syslog-ng is able to route messages via both
TMM and management interfaces using the standard syntax. You can
define an appropriate filter and remote log destination in LTM's
syslog-ng service.
Note: There is a significant behavioral difference when the optional
. is specified. When iRule logs messages without the
facility and/or level, they are rate-limited as a class and
subsequently logged messages within the rate-limit period may be
suppressed even though they are textually different. However, when the
and/or are specified, the log messages are not
rate-limited (though syslog-ng will still perform suppression of
repeated duplicates).
RETURN VALUE
VALID DURING
ANY_EVENT, GLOBAL_GTM
EXAMPLES
Log to the local facility with no duplicate message suppression:
log local0. "Found $isCard $type CC# $card_number"
Log in the default message format to a remote syslog server on the
default port:
when CLIENT_ACCEPTED {
log 172.27.31.10 local0.info "Client Connected, IP: [IP::client_addr]"
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-9.0.0 --First introduced the command.
BIG-IP 2022-04-12 iRule(1)