以下を使用して、TCP および UDP プロトコルの iRule を作成します。
TCP ルール
次のルールを使用して、TCP プロトコルの iRule を作成します。
注: iRule が、以前に作成したログ発行元を参照していることを確認します。
when RULE_INIT {
set static::http_rule1_dest ""
set static::http_rule1_tmplt ""
}
# CLIENT_ACCEPTED event to initiate IPFIX destination and template
when CLIENT_ACCEPTED {
set start [clock clicks -milliseconds]
if { $static::http_rule1_dest == ""} {
# open the logging destination if it has not been opened yet
set static::http_rule1_dest [IPFIX::destination open -publisher /Common/<Log Publisher>]
}
if { $static::http_rule1_tmplt == ""} {
# if the template has not been created yet, create the template
set static::http_rule1_tmplt [IPFIX::template create "flowStartMilliseconds \
sourceIPv4Address \
sourceIPv6Address \
destinationIPv4Address \
destinationIPv6Address \
sourceTransportPort \
destinationTransportPort \
protocolIdentifier \
octetTotalCount \
packetTotalCount \
octetDeltaCount \
packetDeltaCount \
postNATSourceIPv4Address \
postNATSourceIPv6Address \
postNATDestinationIPv4Address \
postNATDestinationIPv6Address \
postNAPTSourceTransportPort \
postNAPTDestinationTransportPort \
postOctetTotalCount \
postPacketTotalCount \
postOctetDeltaCount \
postPacketDeltaCount \
flowEndMilliseconds \ "]
}
set rule1_msg1 [IPFIX::msg create $static::http_rule1_tmplt]
}
# SERVER_CONNECTED event to initiate flow data to Tetration and populate 5 tuples
when SERVER_CONNECTED {
set client_closed_flag 0
set server_closed_flag 0
IPFIX::msg set $rule1_msg1 flowStartMilliseconds $start
IPFIX::msg set $rule1_msg1 protocolIdentifier [IP::protocol]
# Clientside
if { [clientside {IP::version}] equals "4" } {
# Client IPv4 address
IPFIX::msg set $rule1_msg1 sourceIPv4Address [IP::client_addr]
# BIG-IP IPv4 VIP address
IPFIX::msg set $rule1_msg1 destinationIPv4Address [clientside {IP::local_addr}]
} else {
# Client IPv6 address
IPFIX::msg set $rule1_msg1 sourceIPv6Address [IP::client_addr]
# BIG-IP IPv6 VIP address
IPFIX::msg set $rule1_msg1 destinationIPv6Address [clientside {IP::local_addr}]
}
# Client port
IPFIX::msg set $rule1_msg1 sourceTransportPort [TCP::client_port]
# BIG-IP VIP port
IPFIX::msg set $rule1_msg1 destinationTransportPort [clientside {TCP::local_port}]
# Serverside
if { [serverside {IP::version}] equals "4" } {
# BIG-IP IPv4 self IP address
IPFIX::msg set $rule1_msg1 postNATSourceIPv4Address [IP::local_addr]
# Server IPv4 IP address
IPFIX::msg set $rule1_msg1 postNATDestinationIPv4Address [IP::server_addr]
} else {
# BIG-IP IPv6 self IP address
IPFIX::msg set $rule1_msg1 postNATSourceIPv6Address [IP::local_addr]
# Server IPv6 IP address
IPFIX::msg set $rule1_msg1 postNATDestinationIPv6Address [IP::server_addr]
}
# BIG-IP self IP port
IPFIX::msg set $rule1_msg1 postNAPTSourceTransportPort [TCP::local_port]
# Server port
IPFIX::msg set $rule1_msg1 postNAPTDestinationTransportPort [TCP::server_port]
}
# SERVER_CLOSED event to collect IP pkts and bytes count on serverside
when SERVER_CLOSED {
set server_closed_flag 1
# when flow is completed, BIG-IP to server REQUEST pkts and bytes count
IPFIX::msg set $rule1_msg1 octetTotalCount [IP::stats bytes out]
IPFIX::msg set $rule1_msg1 packetTotalCount [IP::stats pkts out]
# when flow is completed, server to BIG-IP RESPONSE pkts and bytes count
IPFIX::msg set $rule1_msg1 octetDeltaCount [IP::stats bytes in]
IPFIX::msg set $rule1_msg1 packetDeltaCount [IP::stats pkts in]
IPFIX::destination send $static::http_rule1_dest $rule1_msg1
}
# CLIENT_CLOSED event to collect IP pkts and bytes count on clientside
when CLIENT_CLOSED {
set client_closed_flag 1
# when flow is completed, client to BIG-IP REQUEST pkts and bytes octetDeltaCount
IPFIX::msg set $rule1_msg1 postOctetTotalCount [IP::stats bytes in]
IPFIX::msg set $rule1_msg1 postPacketTotalCount [IP::stats pkts in]
# when flow is completed, BIG-IP to client RESPONSE pkts and bytes count
IPFIX::msg set $rule1_msg1 postOctetDeltaCount [IP::stats bytes out]
IPFIX::msg set $rule1_msg1 postPacketDeltaCount [IP::stats pkts out]
# record the client closed time in ms
IPFIX::msg set $rule1_msg1 flowEndMilliseconds [clock click -milliseconds]
# send the IPFIX log
IPFIX::destination send $static::http_rule1_dest $rule1_msg1
}
UDP ルール
次のルールを使用して、UDP プロトコルの iRule を作成します。
注: iRule が、以前に作成したログ発行元を参照していることを確認します。
when RULE_INIT {
set static::http_rule1_dest ""
set static::http_rule1_tmplt ""
}
# CLIENT_ACCEPTED event to initiate IPFIX destination and template
when CLIENT_ACCEPTED {
set start [clock clicks -milliseconds]
if { $static::http_rule1_dest == ""} {
# open the logging destination if it has not been opened yet
set static::http_rule1_dest [IPFIX::destination open -publisher /Common/<Log Publisher>]
}
if { $static::http_rule1_tmplt == ""} {
# if the template has not been created yet, create the template
set static::http_rule1_tmplt [IPFIX::template create "flowStartMilliseconds \
sourceIPv4Address \
sourceIPv6Address \
destinationIPv4Address \
destinationIPv6Address \
sourceTransportPort \
destinationTransportPort \
protocolIdentifier \
octetTotalCount \
packetTotalCount \
octetDeltaCount \
packetDeltaCount \
postNATSourceIPv4Address \
postNATSourceIPv6Address \
postNATDestinationIPv4Address \
postNATDestinationIPv6Address \
postNAPTSourceTransportPort \
postNAPTDestinationTransportPort \
postOctetTotalCount \
postPacketTotalCount \
postOctetDeltaCount \
postPacketDeltaCount \
flowEndMilliseconds \ "]
}
set rule1_msg1 [IPFIX::msg create $static::http_rule1_tmplt]
}
# SERVER_CONNECTED event to initiate flow data to Tetration and populate 5 tuples
when SERVER_CONNECTED {
set client_closed_flag 0
set server_closed_flag 0
IPFIX::msg set $rule1_msg1 flowStartMilliseconds $start
IPFIX::msg set $rule1_msg1 protocolIdentifier [IP::protocol]
# Clientside
if { [clientside {IP::version}] equals "4" } {
# Client IPv4 address
IPFIX::msg set $rule1_msg1 sourceIPv4Address [IP::client_addr]
# BIG-IP IPv4 VIP address
IPFIX::msg set $rule1_msg1 destinationIPv4Address [clientside {IP::local_addr}]
} else {
# Client IPv6 address
IPFIX::msg set $rule1_msg1 sourceIPv6Address [IP::client_addr]
# BIG-IP IPv6 VIP address
IPFIX::msg set $rule1_msg1 destinationIPv6Address [clientside {IP::local_addr}]
}
# Client port
IPFIX::msg set $rule1_msg1 sourceTransportPort [TCP::client_port]
# BIG-IP VIP port
IPFIX::msg set $rule1_msg1 destinationTransportPort [clientside {TCP::local_port}]
# Serverside
if { [serverside {IP::version}] equals "4" } {
# BIG-IP IPv4 self IP address
IPFIX::msg set $rule1_msg1 postNATSourceIPv4Address [IP::local_addr]
# Server IPv4 IP address
IPFIX::msg set $rule1_msg1 postNATDestinationIPv4Address [IP::server_addr]
} else {
# BIG-IP IPv6 self IP address
IPFIX::msg set $rule1_msg1 postNATSourceIPv6Address [IP::local_addr]
# Server IPv6 IP address
IPFIX::msg set $rule1_msg1 postNATDestinationIPv6Address [IP::server_addr]
}
# BIG-IP self IP port
IPFIX::msg set $rule1_msg1 postNAPTSourceTransportPort [TCP::local_port]
# Server port
IPFIX::msg set $rule1_msg1 postNAPTDestinationTransportPort [TCP::server_port]
}
# SERVER_CLOSED event to collect IP pkts and bytes count on serverside
when SERVER_CLOSED {
set server_closed_flag 1
# when flow is completed, BIG-IP to server REQUEST pkts and bytes count
IPFIX::msg set $rule1_msg1 octetTotalCount [IP::stats bytes out]
IPFIX::msg set $rule1_msg1 packetTotalCount [IP::stats pkts out]
# when flow is completed, server to BIG-IP RESPONSE pkts and bytes count
IPFIX::msg set $rule1_msg1 octetDeltaCount [IP::stats bytes in]
IPFIX::msg set $rule1_msg1 packetDeltaCount [IP::stats pkts in]
IPFIX::destination send $static::http_rule1_dest $rule1_msg1
}
# CLIENT_CLOSED event to collect IP pkts and bytes count on clientside
when CLIENT_CLOSED {
set client_closed_flag 1
# when flow is completed, client to BIG-IP REQUEST pkts and bytes octetDeltaCount
IPFIX::msg set $rule1_msg1 postOctetTotalCount [IP::stats bytes in]
IPFIX::msg set $rule1_msg1 postPacketTotalCount [IP::stats pkts in]
# when flow is completed, BIG-IP to client RESPONSE pkts and bytes count
IPFIX::msg set $rule1_msg1 postOctetDeltaCount [IP::stats bytes out]
IPFIX::msg set $rule1_msg1 postPacketDeltaCount [IP::stats pkts out]
# record the client closed time in ms
IPFIX::msg set $rule1_msg1 flowEndMilliseconds [clock click -milliseconds]
# send the IPFIX log
IPFIX::destination send $static::http_rule1_dest $rule1_msg1
}