For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Bciesz_171056's avatar
Bciesz_171056
Icon for Cirrus rankCirrus
Jan 18, 2017

iRule to log every SSL related event on VS

Hi, I need an iRule, that would put all SSL related events to a log file on a particular VS.   The reason is that one of the applications connecting to a server behind F5 loadbalancer is experie...
application delivery
BIG-IP
iRules
Bciesz_171056's avatar
Bciesz_171056
Icon for Cirrus rankCirrus
Jan 27, 2017

I used CLIENTSSL triggers. More or less my idea was to log every attempt of SSL handshake, and after that every succesful SSL handshake. I added session id for tracking purposes. Now, when my client will complain that something went wrong, I can cross check it with my logs. If the amount of SSL attemps == SSL handshakes (on that particular timestamp) i can tell him to go fudge himself :) Here's what I came up with:

when CLIENTSSL_CLIENTHELLO {
        log event with session id, when client attempts to connect
        set session_id_hello [SSL::sessionid]
        log local0. " SSL Attempt from [IP::client_addr], session ID: $session_id_hello]"
        drop
}

when CLIENTSSL_HANDSHAKE {
        log event with session id, when handshake completed
        set session_id_handshake [SSL::sessionid]
        log local0. " SSL HS completed from [IP::client_addr], session ID: $session_id_handshake]"
}

The double hash () is used to put these particular logs in a different file.