Forum Discussion
Rob_75767
Nimbostratus
NimbostratusLogging registry lookup
Hi, please can anyone help?!
I have successfully created my policy to include a registry check to check for a specific software package we use. For audit purposes i would like to log/alert any clients that connect to the APM but do not have the registry entry. What is the best way to do this? I have looked at the logging option to log for session variables but im not sure where it logs to... ideally an irule that would take the result and output it and other session variables to a syslog server would be perfect.
1 Reply
BT_90520For session variables, belwo are what you may be interested in logging
- user name is "session.logon.last.username"
- result of registry check is "session.windows_check_registrys.$name.result" where 0 - Failure, 1 - Success, -1 - Invalid check expression
@ http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm_config_10_2_0/apm_config_sessionvars.html105003
To view the access policy logs, view the /var/log/apm file from the BIG-IP command line.
But do note the below
http://support.f5.com/kb/en-us/solutions/public/11000/100/sol11124.html
The default log level for the BIG-IP APM access policy log is Notice, which does not log session variables. Setting the access policy log level to Informational or Debug will cause the BIG-IP APM system to log session variables, but it will also add additional system overhead. If you need to log session variables on a production system, F5 Networks recommends setting the access policy log level to Informational temporarily while performing troubleshooting or debugging.
