For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dor's avatar
Dor
Icon for Nimbostratus rankNimbostratus
Mar 24, 2020

hsl logging apm

hey,

i have configured this iRule to send syslog message to a remote server with the username and ip that a user gets once starts network access.

i see the log written on the ltm log file however i see no syslog traffic leaving the F5

when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
    set hsl [HSL::open -proto UDP -pool PA-IL-SyslogUID]
}


when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/isession?sess=" } {
        after 5000 { log local0. "VPN started for [ACCESS::session data get session.logon.last.username] from IP [IP::client_addr] assigned client IP [ACCESS::session data get session.assigned.clientip]"}
        HSL::send $hsl "Network Access username:[ACCESS::session data get session.logon.last.username] client-ip:[IP::client_addr] vpn-ip:[ACCESS::session data get session.assigned.clientip]"
    }
}
BIG-IP Access Policy Manager (APM)
iRules
security
Super-NetOps
No RepliesBe the first to reply