You’ve probably used grep to look for an IP address in a log file, and you might have been curious about how to use uniq to filter out duplicate items. Grep uses regular expression syntax to find IP addresses, and uniq filters out duplicate items. In the example below, two IP addresses appeared 42 times and 16 times, respectively. The process is similar to regular expression syntax, and can be used for almost any situation.
Configured IP address
To configure logging, you must know the IP address of the device from which logs should be received. Most devices support Syslog servers, but there are exceptions. For example, an IP address that is part of a route domain must be entered for remote high-speed logging. In order to configure this, visit the BIG-IP LTM External Monitoring of BIG-IP Systems: Implementations manual. You can also refer to the F5 product manuals for more information.
If you don’t know what this command means, you can run content the show ip source-interface command. This command will display the operational status of the source IP address selection policy. It also displays the list of configured IP interfaces. You can use the ip source-interface command to see detailed information about configured policies and interface states. The show ip source-interface detail command displays detailed information about each configured IP interface and its policy.
Outgoing IP interface
To configure an IP address for logging, you can use the show command. The show ip source-interface command displays two policies for source IP selection. The administratively assigned source IP selection policy is displayed first, followed by the operational source IP selection policy. By default, the operational source IP selection policy is the default Outgoing IP interface. You can use multiple source IP addresses for different software applications. If you want to log incoming traffic on a single interface, you must change the source IP address first.
Next to each rule, click the Action icon. This will show a description of the rule. The name of the rule is usually the same as its ID number, so you can use this to narrow down suspects. In the same manner, you can also click the DNS lookup icon. A valid hostname will be displayed underneath the IP address. If you have set up a DNS lookup rule for a certain IP address, click the “DNS” icon next to it.
Default Outgoing Interface policy
Default Outgoing Interface policy for logging a specific IP address can be enabled by modifying the default logging policy. This policy is used by default in most cases, and can help you keep track of a particular IP address. There are two ways to log an IP address: as a source or as a destination. Using the configured IP address is the default behavior for most applications. Using multiple IP addresses is a good option, too, but this policy is not recommended in every case.
The show ip source-interface command displays information about the operational status of the source IP address selection policy. This command displays both the operational and administratively-assigned source IP selection policies. You can also view the list of configured IP interfaces and their respective policies. Use the show ip source-interface command to display detailed information about the configured policies and interface state. If you’d like to view the status of your Default Outgoing Interface policy, use the show ip source-interface command to get a more detailed view of its settings.
HTTP URL for logging
Your HTTP URL for logging is a shortened version of the server’s URL, which is also called the ‘log’ in HTTP-related terms. This URL is the location where you store logs and metrics. Loggly indexes logs from the last 20 minutes. Its data payload should be between 100KB and 1MB. You can create a new URL anytime you want. Your HTTP URL for logging should be in the form of a POST request, which means that it must contain a data payload of at least 100KB or 1MB.
If you want to log more than a single request, you can set a higher sampling rate. For example, if you’re logging for an entire web application, you can set a sampling rate of 1.0 to log all requests, while 0.0 means that no requests are logged at all. You can also set HTTP URL for logging to selectively log a certain URL. HTTP logging in IIS 7 is enabled by default. Once you’ve enabled it, you can review the log files or disable it.