For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

The-messenger_1's avatar
The-messenger_1
Icon for Nimbostratus rankNimbostratus
Oct 20, 2017

How to search sessions for a specific variable value

ActiveSync sessions don't always provide great data for troubleshooting. I would like to be able to search sessions by access policy, server address and user name. With the variables I have this ...
application delivery
BIG-IP Access Policy Manager (APM)
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Oct 23, 2017

Hi,

 

Which logs are you sending to Splunk?

 

if you want to log traffic log for troubleshooting, you can configure request logging profile

 

look at this link where I provided the configuration of request logging profile for grayling based on the previous irule posted by winston.

 

with this configuration, you can use the irule to include HTTP headers in request.

 

All HTTP headers available when logging profile is evaluated can be included in templates

 

  • between HTTP_REQUEST_SEND and HTTP_REQUEST_RELEASE for request and response templates
  • between HTTP_REQUEST_SEND and HTTP_REQUEST_RELEASE for response template

the benefit of this link is log format is JSON which is compatible with most of SIEM without requiring writing parser.