Forum Discussion
AltostratusSSL Protocol Stats for SSLv2, SSLv3, TLS1.1 ad TLS1.2 connections with source
Hello Folks,
I got a requirement to collect stats for various protocol stats with information on who are initiating those requests.
I know that we can use irule to log live requests protocol version but that would not give me the stats in a correct report format.
Any suggestions on this ?
4 Replies
Srini_87152Cirrostratus
Hi,
you can refer client ssl statistics via tmsh or gui..
tmsh show ltm profile client-ssl < client ssl profile name>
Thx
Srini
- boneyard
MVP
i don't believe there is anything built in that will give you both the protocol version and the sources in one nice report. you will have to do some work yourself to make that happen.
- Srini_87152
Thats right, we cant see source IPs commign on which version but stats will give ovarall communnication of the vip which its talking.
Thx
Srini
- nitass
Employee
I know that we can use irule to log live requests protocol version but that would not give me the stats in a correct report format.
is istats applicable?
Introduction to iStats Part 1: Overview by Colin Walker
https://devcentral.f5.com/articles/introduction-to-istats-part-1-overviewe.g.
// config root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 172.28.24.10:443 ip-protocol tcp mask 255.255.255.255 pool foo profiles { clientssl { context clientside } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vs-index 7 } root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux ltm rule qux { when CLIENTSSL_HANDSHAKE { ISTATS::incr "ltm.virtual [virtual name] counter [SSL::cipher version]:[IP::client_addr]" 1 } } // stats [root@ve13a:Active:In Sync] config tmsh show ltm virtual bar |awk '/User-defined/,0' User-defined Value tlsv1_172_28_24_1 1 tlsv1_2_172_28_24_1 1
