Converting iRules to LTM Policies

Question

Hi,
I know the rule that if you can do it in the GUI, you should before writing an iRule as it's a bit more optimized.  So, I'm starting to look to covert some iRules over to LTM policies.  We do set a lot of variables within our iRules and for troubleshooting purposes, we write to log local.  I see the "Set variable" option within the Policy rule but I'm not able to get it written to the log.  I'm trying to convert this iRule to a policy.  Any help is greatly appreciated!
when CLIENTSSL_CLIENTHELLO {
set userip [IP::client_addr]
set ssl_version [SSL::cipher name]
set ssl_protocol [SSL::cipher version]

if {$ssl_protocol == "TLSv1"} {

log local0. "Warning:  $userip - $ssl_version - $ssl_protocol"

}

stanislas_piro2 · Answer

It seems CLIENTSSL_CLIENTHELLO (policy is  ssl client hello) event is not available when the condition is ClientSSL protocol is TLSv1
but you can use following log message to include same information:
tcl:Warning: [IP::client_addr] - [SSL::cipher name] - [SSL::cipher version]

Forum Discussion

Converting iRules to LTM Policies

Recent Discussions

Big IP DNS Failover

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

Related Content

Converting TCL-Based iRules to Distributed Cloud Service Policies and L7 Routes

iRule to modify a content-security-policy header

Converting a BIG-IP Maintenance Page iRule to Distributed Cloud using App Stack

Converting Citrix NetScaler Transform Policy to F5 BIG-IP LTM

Alteon Config Converter

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS