f5elastic

command module

v1.0.1 Latest Latest Go to latest Published: Dec 15, 2015 License: MIT Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/martensson/f5elastic

Links

Open Source Insights

README ¶

f5elastic

A fast system tool for receiving high volumes of traffic logs sent from F5 LTM load balancers and indexes these requests inside ES.

It is today battle tested in a production environment handling loads of 500k req/min on a single host.

Features

Works with Elasticsearch 1.x and 2.x
Support for clusters of ES nodes, for distribution of indexing load.
Health checks for each ES node is enabled by default.
Uses bulk indexing for better performance with large amount of requests.
GeoIP lookup of each request, adds long/lat, city, and country for each client.
more to come eventually....

Getting started

Enable the following irule on your virtual servers:

when CLIENT_ACCEPTED {
    set hsl [HSL::open -proto TCP -pool f5elastic_tcp]
    set clientip [IP::remote_addr]
}

when HTTP_REQUEST {
    set method [HTTP::method]
    set uri [HTTP::uri]
    set host [HTTP::host]
    set ua ""
    set referer ""
    if { [HTTP::header exists "User-Agent"] } {
        set ua [HTTP::header User-Agent]
    }
    if { [HTTP::header exists "Referer"] } {
        set referer [HTTP::header Referer]
    }
}
when HTTP_RESPONSE {
    set syslogtime [clock format [clock seconds] -format "%b %d %H:%M:%S"]
    set contentlength 0
    if { [HTTP::header exists "Content-Length"] } {
        set contentlength [HTTP::header "Content-Length"]
    }
    set status [HTTP::status]
    set node [LB::server addr]:[LB::server port]
    set pool [LB::server pool]
    set virtual [virtual name]
    HSL::send $hsl "<34>$syslogtime f5 request: $clientip || $method || $host || $uri || $status || $contentlength || $referer || $ua || $node || $pool || $virtual\n"
}

Download compiled binary from https://github.com/martensson/f5elastic/releases or go get github.com/martensson/f5elastic
Download the latest Maxmind GeoLite2-City or GeoIP2-City db.
Edit f5elastic.toml (check example in repo)
Apply the ES template inside the repo. (optional but recommended)
Run f5elastic -f /path/to/f5elastic.toml
Take a cup of coffee and make some nice dashboards inside Kibana :)

Extra recommendations

Use curator to create and rotate daily indexes.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

f5elastic.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL