For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Wahyudi_118345's avatar
Wahyudi_118345
Icon for Nimbostratus rankNimbostratus
Apr 24, 2015
Solved

Irule script to-log-all-traffic to RSA Security Analytics Server

Dear Team,   We have RSA Security Analytics Server ( Event Source Log Server) . Let's said the IP RSA server is 192.168.248.131 .   The RSA document said this is the sample irule :   log l...
application delivery
BIG-IP Access Policy Manager (APM)
deployment
devops
iRules
LTM
security
  • nitass_89166's avatar
    nitass_89166
    Apr 24, 2015

    can you try something like this?

    loghost is a syslog server pool e.g. 192.168.248.131:514.

    when CLIENT_ACCEPTED {
  set hsl [HSL::open -proto UDP -pool loghost]
}
when HTTP_REQUEST {
  set host [HTTP::host]
  set uri [HTTP::uri]
  set method [HTTP::method]
}
when HTTP_RESPONSE {
  HSL::send $hsl "iRule c-ip=[IP::client_addr]^^method=$method^^uri=$uri^^host=$host^^sip=[LB::server addr]^^pool-name=[LB::server pool]^^sport=[LB::server port]^^status=[HTTP::status]"
}
Mystic_142330's avatar
Mystic_142330
Icon for Nimbostratus rankNimbostratus
Jul 07, 2015

Hey guys...the solution by Nitas work. I'm having the same issue. I'm going based on what RSA is recommending for a syntax and my LTM ver 11.4.1 does not like this. I'm basically trying to send log traffic to one particular IP using RSA Secure Analytics