Forum Discussion
NimbostratusHTTP Policy Logging
I have an HTTP Policy in place with a big of logging. However I'd like to provide more detail in the log such as Client IP Address. I have attempted to use [IP::CLIENT_ADDR] however that doesn't appear to work. Is there away I can accomplish this. Below is my policy:
ltm policy /QA/API_SERVICES {
controls { forwarding }
requires { http }
rules {
"DROP_STATUS PAGES" {
actions {
0 {
log
write
message "[IP::CLIENT_ADDR] ATTEMPT TO ACCESS STATUS PAGE"
}
1 {
forward
reset
}
}
conditions {
0 {
http-uri
path
values { /favorites/status }
}
}
ordinal 2
}
ALLOWED_SERVICES {
actions {
0 {
log
write
message "Attempt to access non-permitted web service"
}
1 {
forward
reset
}
}
conditions {
0 {
http-uri
path
not
starts-with
values { /favorites/ }
}
}
ordinal 3
}
HOST_HEADER {
actions {
0 {
log
write
message "Bad host header."
}
1 {
forward
reset
}
}
conditions {
0 {
http-host
not
values { blah.foo.bar }
}
}
ordinal 1
}
}
strategy /Common/first-match
}
8 Replies
PK_Bhatiatry
"'[IP::client_addr]' ATTEMPT TO ACCESS STATUS PAGE"
sharpie_79656Unfortunately this does not work either.
PK_Bhatia_13533Cirrus
try
"'[IP::client_addr]' ATTEMPT TO ACCESS STATUS PAGE"- sharpie_79656Unfortunately this does not work either.
Nicolas_COLLET_Hi,
Apparently, it's need to add tcl to use variable.
I find this example in this article (LTM Policy Recipes) : log write message "tcl:Shellshock detected from [IP::client_addr], blocked"
Best regards
- Stanislas_Piro2
Cumulonimbus
Hi Nicolas,
tcl word must be used in version 12.0 and above.
in version 11.X, tcl is not supported.
Nicolas_COLLETHi,
Apparently, it's need to add tcl to use variable.
I find this example in this article (LTM Policy Recipes) : log write message "tcl:Shellshock detected from [IP::client_addr], blocked"
Best regards
- Stanislas_Piro2
Hi Nicolas,
tcl word must be used in version 12.0 and above.
in version 11.X, tcl is not supported.
