Forum Discussion
CirrusiRule to email when TLS version is chosen
We are working to remove all TLS 1.0 and 1.1 connections to our VIP's. I can still see a small amount of connections and would like to trigger an email with the VIP and client ip address. I have combined the logic to both see what version and send the email into one iRule but now I am having issues with sending the email. I am getting an error on the connect portion, stating a routing problem. I would prefer to use the management address of the F5 as the source for the email's, is this possible? I have tried to change the connect string to the floating ip address of the VS but still doesn't work...here is the line and the error:
set emailConn [connect -myaddr 10.4.38.7 -timeout 2000 -idle 10 -status conn_status $mailServer]
Jan 14 10:18:50 pad-f5-1 err tmm1[18799]: 01220001:3: TCL error: /Common/TLS_VERSION_LOGGING <CLIENTSSL_HANDSHAKE> - Connection failed for 10.XX.XX.69:25 [Routing problem] (line 1) invoked from within "connect -myaddr 10.4.38.7 -timeout 2000 -idle 10 -status conn_status $mailServer" (iRule proc "/Common/TLS_VERSION_LOGGING::sendEmail") (line 15) invoked from within "call TLS_VERSION_LOGGING::sendEmail $subject $body "joe.harbison@csiweb.com"" (iRule proc "/Common/TLS_VERSION_LOGGING::createEmail") (line 6) invoked from within "call TLS_VERSION_LOGGING::createEmail $emailSubject $emailBody"
Am I going about this the correct way or is there an easier method?
Thanks,
Joe
Dear ,
Please check the below irule and user alert configuration to send email.
Below irule is to log the Client TLS Version :
Irule name : TLS_ver_email_irule
when CLIENTSSL_HANDSHAKE {
log local0.info " VIP -[IP::local_addr] client_connected_ver [SSL::cipher version]"
}
Edit the user alert configuration “/config/” to send the matched logs to email.
alert TLS "Rule /Common/TLS_ver_email_irule <CLIENTSSL_HANDSHAKE>: (.*) TLSv1.1" {
email toaddress=" kkk@abc.com"
fromaddress="@abc.com"
body="client connected using TLSv1.1"
}
Note: this match is based on irule name as well ,so be attention while creating the alerts in user configuration file, repeat the alert configuration for tslv1.0
Regards,
Karthick Yokesh K
4 Replies
Karthick1Dear ,
Please check the below irule and user alert configuration to send email.
Below irule is to log the Client TLS Version :
Irule name : TLS_ver_email_irule
when CLIENTSSL_HANDSHAKE {
log local0.info " VIP -[IP::local_addr] client_connected_ver [SSL::cipher version]"
}
Edit the user alert configuration “/config/” to send the matched logs to email.
alert TLS "Rule /Common/TLS_ver_email_irule <CLIENTSSL_HANDSHAKE>: (.*) TLSv1.1" {
email toaddress=" kkk@abc.com"
fromaddress="@abc.com"
body="client connected using TLSv1.1"
}
Note: this match is based on irule name as well ,so be attention while creating the alerts in user configuration file, repeat the alert configuration for tslv1.0
Regards,
Karthick Yokesh K
jomedusaThanks so much for the response...could you explain more about the user alert portion? I am working with a development F5 box, for testing. the user_alert.conf file was blank and there was no smtp servers setup. I have setup an smtp server within the gui and tested it out...I entered the alert information in the user_aler.conf and restarted alertd. I don't have any indication that any emails are being generated, I can see the entries in the ltm logs. I modified the ssmtp config per the post to allow for snmp trap alerts. Could you please offer any insights on how to troubleshoot?
Thanks,
Joe
- jomedusa
I got it working...I had an extra space in the user_alert.conf file...
Thanks so much again...
Joe
- Karthick1
Good
