For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mattrm_59122's avatar
mattrm_59122
Icon for Nimbostratus rankNimbostratus
Jul 28, 2010

TCP payload match and logging

Hi All, I'm trying to reference TCP client data and look for userid and timestamp and log these values, I also need to log which LB Select. I have the first part, (i think), but what do I do to find those values in client data and the log those values. when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { if { [TCP::payload] contains "userid=", "timestamp=" } { } }
application delivery
dev
devops
iRules

13 Replies

Show More
  • mattrm_59122's avatar
    mattrm_59122
    Icon for Nimbostratus rankNimbostratus
    Sep 01, 2010
    Currently I'm matching the value 
     Userpassword=
    however I'm rewriting actual passwords as well as null or empty ones. Sigh üôÇ

    M
  • mattrm_59122's avatar
    mattrm_59122
    Icon for Nimbostratus rankNimbostratus
    Dec 07, 2010
    Hi Just an update to the iRule, below is the working version:

     

     

    Using the following stream profile:

     

     

     

    @Username.*Userpassword=\n@@

     

     

     

    when STREAM_MATCHED {

     

    log each match found by the stream filter

     

    scan [STREAM::match] "Username=%s" user

     

    log local0. "Username [b64decode $user] had password

     

     

     

    replaced"

     

    STREAM::replace "Username=$user\nUserpassword=0000=\n"

     

    }

     

    when LB_SELECTED {

     

    set serverIP [LB::server addr]

     

    log local0. "LB Server IP $serverIP"

     

    }

     

     

     

    Matt