How to log failed connections along with SNAT information?
Hi,
What I would like to accomplish is to log to a central syslog-server when the F5 (set up as a load balancer), is unable to connect to any of the real servers. And preferably, log SNAT information with it.
So far I've been able to send the logs to a central syslog server (SOL13080), and based on a question I found here I've been able to log the SNAT information for all successful connections. (used this solution here: https://devcentral.f5.com/questions/how-to-monitor-internal-ip-translate-to-which-ip-snat-in-pool)
The problem is, if for some reason the server doesn't respond to this one query, the event "SERVER_CONNECTED" obviously never happens, so I don't get any logs for that particular connection attempt. Now, I've tried to play around and change the event to client_accepted or client_closed, but in these cases the "ss [client|server]" syslog lines only contains the client and F5 addresses, but not post-nat and real-server addresses.
So is there any way to log SNAT(destination-real-server-ip & port, and the F5 source-ip-address(natted) and port) for failed connections? (And on that note, is there any good guideline on how to spot/log these failed connections?)
Thanks ...
(I'm very new to F5, so although I was unable to find my answer I might be looking for the wrong keywords, so apologies if this questions has an obvious answer somewhere else...)