FTP iRule

Hi,

 

I'm trying to do something similar in that I want to grab the uid and write it to a logfile. In playing w/your example when using the CLIENT_ACCEPTED statement I am not able to connect at all (ie it hangs w/out prompting for login). Any idea why? I am currently doing a SERVER_CONNECTED statement to log the src IP address as the pool is SNAT'd but I wanted to also grab the uid for the log as well.

 

 

Here's the rule:

 

*I've changed CLIENT_ACCEPTED to CLIENT_DATA and am just trying to get it to write a line to the log acknowledging that it read a USER string

 

 

when SERVER_CONNECTED {

 

log local0. "FTP connection from [IP::client_addr]:[TCP::client_port]. \

 

Mapped to [serverside {IP::local_addr}]:[serverside {TCP::local_port}] \

 

-> [IP::server_addr]:[serverside {TCP::remote_port}]"

 

}

 

when CLIENT_DATA {

 

TCP::collect 100

 

set user [regexp -inline {(?:USER\ )(\S+)} [TCP::payload]]

 

if {[string length $user] > 0} {

 

log local0. "If statement true"

 

TCP::release

 

}

 

}

 

 

Here's what gets logged:

 

 

Jan 25 19:50:10 tmm tmm[1011]: Rule log_ftp_connections_gp-test : FTP connection from clientIP:3693. Mapped to Big/IP IP:3693 -> Pool Member IP:21

 

 

For some reason CLIENT_DATA is never true although after I login via ftp I do several directory changes and listings.

 

 

thanks

 

Greg