Logging SSL VPN Client Outbound Traffic
Hi all,
I've searched around and found a few bits mentioned regarding the use of wildcard forwarding proxies and related rules but can't seem to find a definitive answer.
We have an SSLVPN that we'd like some enhanced logging enabled on for security compliance. I've managed to get the majority of this working using the following iRule, however I'm missing one vital piece of information, the true destination of the traffic.
when HTTP_REQUEST {
set remote [IP::remote_addr]:[TCP::remote_port]
set vip [IP::local_addr]:[TCP::local_port]
set user [ACCESS::session data get session.logon.last.username]
set session [HTTP::cookie value LastMRH_Session]
set clientip [ACCESS::session data get session.user.clientip]
set IntIP [ACCESS::session data get session.assigned.clientip]
set url [HTTP::header Host][HTTP::uri]
log "Rule TCP_logging fired, from $remote to vip $vip, user $user, session $session, client IP $clientip, InternalIP $IntIP, url $url"
}
This gives me a nice log entry with source and internal IP, username, session ID which is great!
I've tried using the [IP::server_addr] value however that just returns an error (I believe because it's not actually load balancing), I've also tried the various [HTTP] variables however they just return the URL of the VIP itself not the destination traffic.
All I want to see is if a user connected to the VPN hits a URL that this is recorded in the logs alongside the information I've collected above.
I would appreciate any help possible!
Kind Regards Spencer