Forum Discussion
How do I record the IP assigned to a client after login?
Hello,
I need to record clients' IP address assigned by network access. I searched on Ask f5 it looks like that the variable "session.assigned.clientip" is what I need. So I tried to use an irule to get it but failed.
Here is my irule:
when ACCESS_SESSION_STARTED {
set user [ACCESS::session data get "session.logon.last.username"]
set client [IP::client_addr]
set assignip [ACCESS::session data get "session.assigned.clientip"]
log local0. "LOGON:$user login successful from $client, assigned $assignip"
}
I have tried other events like ACCESS_POLICY_AGENT_EVENT, ACCESS_POLICY_COMPLETED but haven't worked either. Does anyone know how can I log the clients' IP address assigned by network access. I will appreciate it!
The VPN address is assigned after the APM policy is completed. Use an iRule to detect the VPN startup URI and then wait a few seconds before querying session.assigned.clientip.
when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when HTTP_REQUEST { if { [HTTP::uri] starts_with "/myvpn?sess=" } { after 5000 { log local0. "VPN started for [ACCESS::session data get session.logon.last.username] from IP [IP::client_addr] assigned client IP [ACCESS::session data get session.assigned.clientip]"} } }
- John_Alam_45640Historic F5 Account
The VPN address is assigned after the APM policy is completed. Use an iRule to detect the VPN startup URI and then wait a few seconds before querying session.assigned.clientip.
when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when HTTP_REQUEST { if { [HTTP::uri] starts_with "/myvpn?sess=" } { after 5000 { log local0. "VPN started for [ACCESS::session data get session.logon.last.username] from IP [IP::client_addr] assigned client IP [ACCESS::session data get session.assigned.clientip]"} } }
- FabAltostratus
Hello,
It seems that now (at least 15.1.8) the URI has changed. I think /vdesk/resource_all_info.eui?resourcename=/Common/*******&resourcetype=network_access works.
I have an issue with the "after" command though.
It works with a value of 10 for instance, but with 1000 (or 5000) the "log local0." command is not triggered. Do you know why by any chance?
- DevBabuCirrus
Has the URI changed in version 12.1.3.4. I am running 12.1.3.4 and couldn't catch that URI /myvpn?sess=.
When i did URI logging and saw URI /isession?sess= and I could get the session.assigned.clientip.
So, my rule looks like:
when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when HTTP_REQUEST { if { [HTTP::uri] starts_with "/isession?sess=" } { after 5000 { log local0. "VPN started for [ACCESS::session data get session.logon.last.username] from IP [IP::client_addr] assigned client IP [ACCESS::session data get session.assigned.clientip]"} } }
- John_Alam_45640Historic F5 AccountGlad it worked for you.
- kunjan_118660Cumulonimbus
I think the soln still applicable as there is no change to the process, PPP tunnel to be up for this which happens after ACCESS_POLICY_COMPLETED .
- Will_33786NimbostratusJohn's answer have solved this question perfectly. Thanks nonetheless!
- kunjanNimbostratus
I think the soln still applicable as there is no change to the process, PPP tunnel to be up for this which happens after ACCESS_POLICY_COMPLETED .
- Will_33786NimbostratusJohn's answer have solved this question perfectly. Thanks nonetheless!
- kunjan_118660Cumulonimbus
Please refer the soln article on this
https://support.f5.com/kb/en-us/solutions/public/12000/700/sol12706.html
- Will_33786NimbostratusThank you kunjan. I saw this article. But it just applies to the version previous 10.2.2. And according to the article "IG-IP APM does not populate the session.assigned.clientip session variable until access policy processing is completed", I tried event ACCESS_POLICY_COMPLETED, it's supposed to works.
- kunjanNimbostratus
Please refer the soln article on this
https://support.f5.com/kb/en-us/solutions/public/12000/700/sol12706.html
- Will_33786NimbostratusThank you kunjan. I saw this article. But it just applies to the version previous 10.2.2. And according to the article "IG-IP APM does not populate the session.assigned.clientip session variable until access policy processing is completed", I tried event ACCESS_POLICY_COMPLETED, it's supposed to works.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com