stream profile to detect only?

Question

Can a stream profile be used to simply detect a unique string of characters, without actually replacing that string? If so, could you point me to an example of how to accomplish this? I would like to examine TNS traffic to/from an Oracle server and log matches.

nitass · Answer

you can put same string in source and target, can't you?&nbsp;
STREAM_MATCHED&nbsp;
https://devcentral.f5.com/wiki/iRules.STREAM_MATCHED.ashx&nbsp;

ots02 · Answer

Why yes, I can. Thank you!&nbsp;

kevin_davies_40 · Answer

Try this.
when HTTP_RESPONSE {     
   STREAM::disable 
   if {[HTTP::header value Content-Type] contains "text"}{ 
      STREAM::expression {&amp;http://.*?example\.com&amp;}
       Enable the stream filter for this response only 
      STREAM::enable 
   } 
}

when STREAM_MATCHED { 
   log local0. "[IP::client_addr]:[TCP::local_port]: matched: [STREAM::match]" 
}

ots02 · Answer

Thanks Kevin,&nbsp;
I now need to look into the payload of strictly TCP (TNS between servers and Oracle database). Any pointers?&nbsp;

Forum Discussion

stream profile to detect only?

4 Replies

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Random TCP Resets from F5

Base64 decoding issue (JSON request)

F5 i-series Guests to r-series tenants migration

Block specific URL's in APM

Sizing calculation storage

Related Content

F5 Distributed Cloud JA4 detection for enhanced performance and detection

BIG-IP Telemetry Streaming to Azure

LTM stream profile: Multiple replacements & regular expressions

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS