Forum Discussion
bongshanks
Nimbostratus
NimbostratusScan command and variables in a SSL transaction
Hey folks,
I'm trying to finish an iRule and I'd appreciate some critiquing or advice. I'm trying to capture some client IP/SSL cipher information as well as a 23 character string of text that will...
bongshanksNimbostratus
Nimbostratuswhen CLIENT_ACCEPTED {
set hsl [HSL::open -proto UDP -pool hsl_syslog_pool]
}
when CLIENTSSL_HANDSHAKE {
SSL::collect
}
}
when CLIENTSSL_DATA {
if { [regexp {(\d{8})(\d{15})} [SSL::payload] -> tid mid] } {
HSL::send $hsl "Client: [IP::client_addr] is using [SSL::cipher version]. SSL Cipher:[SSL::cipher name]. Virtual:[virtual]. SSL Profile:[PROFILE::clientssl name]. tid=$tid mid=$mid."
}
SSL::release
}
} else {
If we did not have a TID OR MID in the transaction then just log the info that we have
HSL::send $hsl "SSL_CUSTOM: No TID or MID TYPE found for Client: [IP::client_addr] is using [SSL::cipher version]. SSL Cipher:[SSL::cipher name]. Virtual:[virtual]. SSL Profile:[PROFILE::clientssl name]."
}
}
nitass
Employee
Employeeyou mean this one, don't you? if yes, it looks okay to me.
when CLIENT_ACCEPTED {
set hsl [HSL::open -proto UDP -pool hsl_syslog_pool]
}
when CLIENTSSL_HANDSHAKE {
SSL::collect
}
when CLIENTSSL_DATA {
if { [regexp {(\d{8})(\d{15})} [SSL::payload] -> tid mid] } {
HSL::send $hsl "Client: [IP::client_addr] is using [SSL::cipher version]. SSL Cipher:[SSL::cipher name]. Virtual:[virtual]. SSL Profile:[PROFILE::clientssl name]. tid=$tid mid=$mid."
} else {
If we did not have a TID OR MID in the transaction then just log the info that we have
HSL::send $hsl "SSL_CUSTOM: No TID or MID TYPE found for Client: [IP::client_addr] is using [SSL::cipher version]. SSL Cipher:[SSL::cipher name]. Virtual:[virtual]. SSL Profile:[PROFILE::clientssl name]."
}
SSL::release
}
