Forum Discussion

Yuval_ben_10707's avatar
Yuval_ben_10707
Icon for Nimbostratus rankNimbostratus
Jun 15, 2005

PacketFilter - FilterAction

Hi,

 

 

I'm using iControl PacketFilter to inspect L7 patterns in packets(e.g. "confidential document" text)

 

My goal is to alert/log packet information (source/dest IP) on a pattern match.

 

 

Looking at the FilterAction Enumeration, I found FILTER_ACTION_CONTINUE (4) to be most relevant to my case. However, I could not find information on how to instruct the filter to log the packet attributes/data and later Syslog it to an external system for reporting (e.g my application).

 

 

I wonder if the method, [set_log_state] is relevant to my needs and what type of packet information will be log and than can be Syslog to an external application.

 

 

Any help?

 

 

Many thanks.

 

 

 

e.g. is there any plan to support "StreamFilter" in the future? (to better support L7 filtering)

 

 

dev
devops
iControl
  • Loc_Pham_101863's avatar
    Loc_Pham_101863
    Historic F5 Account
    Jun 15, 2005
    Networking::PacketFilter::get/set_log_state are the methods you would use to enable/disable logging in a packet filter. If a packet filter rule has an associated logging action and it's enabled, an entry will be created in the system log each time the rule is matched. The log entry will contain details of the traffic that matched the rule, such as source and destination addresses and ports.

     

     

    As far as sending syslog messages to an external application, it's entirely possible, but that's outside the realm of iControl. In order to do that, you'll have to configure syslog or syslog-ng to allow external syslog notifications. Please look at the syslog manual on how to configure syslog.

     

     

    Regards,

     

    Loc