Forum Discussion
MB_58262
Nimbostratus
NimbostratusHSL & Logging LDAP Query Parameters
I know that F5 recent version(s) do allow for High Speed Logging (HSL) feature to a remote logging system to log for protocol related operations. I am looking for methods how to specifically log for LDAP parameters which will include source IP and query parameters on a per query basis utilizing the feature of HSL. I believe one way to do this is via iRule(s). I would like to request the DevCentral community to share with me (if possible) any work and/or iRule examples that may have been conducted in this area. I had seen different references across this site about parsing/printing LDAP parameters, but I am looking for more guidance on how to best do this - Parse LDAP request parameters (e.g.: bind dn, username, base, ip, port, etc …) and send it to a remote log server.
Also, are there HSL commands readily available to parse/send data using the LDAP protocol? (e.g.: HSL::send to query/parse LDAP params)
Any suggestions/feedback would be very much appreciated.
Thanks in advance.
hooleylistCirrostratus
Hi MB,
Here are a couple of related examples that you could start with:
Hamish did some pretty extensive work on reporting on LDAP queries:
https://devcentral.f5.com/wiki/iRules.LDAP_Stats_Measuring.ashx
And Joe added an example for splitting LDAP reads and writes:
https://devcentral.f5.com/wiki/iRules.LDAPProxy.ashx
Aaron
MB_58262Thanks for providing the examples Aaron - I was looking to see if there are any possible existing LDAP inspectors (like it is the case for the HTTP procotol and other protocols). The concern I see is that some of the fields being parsed maybe of variable length each timne. It looks like the LDAP traffic needs to be broken down to parse the needed data as a start.
Marouane- hooleylistThere aren't any LDAP primitives (yet?) so you'll need to parse the TCP data.
Aaron