Setup High Speed Logging on Client Auth iRule
I have the below iRule and I would like to add high speed logging functionality instead of logging to the local0 LTM file. We have a splunk server where we stand all of our logs from the F5 when then come from an iRule setup with HSL. So basically, everywhere I have a log local0 command, I would rather send those logs to Splunk using HSL. Thoughts?
when CLIENTSSL_CLIENTCERT { if { [SSL::cert count] == 0 } { log local0. "No Certificate Provided" drop } else { log local0. "Client Certificate Recieved - IP:[IP::client_addr] Serial:[X509::serial_number [SSL::cert 0]]" if { [class match [X509::serial_number [SSL::cert 0]] equals ValidCertificates] } { log local0. "Client Accepted - IP:[IP::client_addr] Serial:[X509::serial_number [SSL::cert 0]]" } else { log local0. "Client Rejected -IP:[IP::client_addr] Serial:[X509::serial_number [SSL::cert 0]]" reject } } }