Log those connections to syslog
when HTTP_REQUEST {
set host [getfield [HTTP::header Host] ":" 1]
set vip [IP::local_addr]
set uri [HTTP::uri]
if { $host matches_regex {^(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(?:\.(?:[0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}$} } {
log local0. "#NO-FQDN# - Client: [IP::client_addr] connects to vip: ($vip) using host: $host and URI: $uri"
}
else {
return
}
}
## Log to a seperate syslog file can be done with this syslog settings:
##
tmsh modify sys syslog include '"
filter f_local0 {
facility(local0) and not match(\": #NO-FQDN#\");
};
filter f_local0_nofqdnlog {
facility(local0) and match(\": #NO-FQDN#\");
};
destination d_nofqdnlog {
file(\"/var/log/nofqdnlog\" create_dirs(yes));
};
log {
source(local);
filter(f_local0_nofqdnlog);
destination(d_nofqdnlog);
};
"'