SNAT IP address logging

Hello, I am setting up logging to log access to the Virtual servers as we use SNAT addressing to access all internal resources. It has come about as part of our Security requirements to log all acc...

Mohamed_Ahmed_Kansoh

2 years ago

Hi JohnnyG ,
Pretty irule first,

Why do you add "Clientside"
in this Line Code :

    set clientip "[IP::local_addr clientside]:[TCP::local_port clientside]"

SNAT IP not in the Client side but server side ,
So Remove it and check again
I think it should be like this now :

when CLIENT_ACCEPTED {
    # Set logging variables
    set vip [IP::local_addr]:[TCP::local_port]
    set reqTime [clock format [clock seconds] -format {%Y/%m/%d %H:%M:%S}]
    set hslHandle [HSL::open -publisher /Common/SNATLog_Publisher]
    # Do the SNAT stuff 
    if { [class match [getfield [IP::client_addr] "%" 1] equals internal_nets] } {
        snatpool snat_pool_internal
}
    else {
        snatpool snat_pool_external
}
}

when SERVER_CONNECTED {
    #Get client and server IPs and Ports
    set client "[clientside {IP::remote_addr}]:[clientside {TCP::remote_port}]"
    set clientip "[IP::local_addr]:[TCP::local_port]"
    set node "[IP::remote_addr]:[TCP::remote_port]"
}

when CLIENT_CLOSED {
    # log connection info
    HSL::send $hslHandle "$reqTime: Client $client -> SNAT: $clientip -> VIP: $vip -> Node: $node"
}

According to this Article :
https://clouddocs.f5.com/api/irules/TCP__local_port.html

I hope this helps you 🙂

Forum Discussion

SNAT IP address logging

Recent Discussions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS