Forum Discussion
msmith1356_2932
Nimbostratus
NimbostratusLog all TLS v1.0 Connections
I'm looking for an iRule to log all TLS v1.0 connections to a remote logging server.
I'd like to include in the logs the external client IP, VIP, and time.
I'm very new to scripting, so any...
dwcoffin_370357Nimbostratus
NimbostratusDoes this break down connections by TLS1.0/1.1/1.2 or lumps all into TLSv1 Requests without specifying the specific versions?
jaikumar_f5Noctilucent
Hi Dwcoffin,
If you check the [article](Categorize SSL traffic by version, display as graph),it does break it down with all versions.
If you are looking for Irule for remote logging for all versions,
when HTTP_REQUEST { set hsl [HSL::open -proto UDP -pool syslog_server_pool] set time [clock format [clock seconds] -format "%d/%b/%Y:%H:%M:%S %Z"] if {[SSL::cipher version] equals "TLSv1"} { HSL::send $hsl "TLSv1 Request Detected: Time = $time, Client IP:Port = [IP::client_addr]:[TCP::client_port], F5 VIP:Port = [clientside {IP::local_addr}]:[clientside {TCP::local_port}]" } if {[SSL::cipher version] equals "TLSv1.1" } { HSL::send $hsl "TLSv1.1 Request Detected: Time = $time, Client IP:Port = [IP::client_addr]:[TCP::client_port], F5 VIP:Port = [clientside {IP::local_addr}]:[clientside {TCP::local_port}]" } if {[SSL::cipher version] equals "TLSv1.2" } { HSL::send $hsl "TLSv1.2 Request Detected: Time = $time, Client IP:Port = [IP::client_addr]:[TCP::client_port], F5 VIP:Port = [clientside {IP::local_addr}]:[clientside {TCP::local_port}]" } }- dwcoffin_370357
Thanks for clarification!
- dwcoffin_370357
We have implemented this iRule. It is working as expected. Thank you! Request information to include encrypted connections made on non-standard ports (not port 443) please.
