Forum Discussion
what's wrong with my syntax in this iRule?
- Sep 22, 2022
Can't have iRule events nested inside other events.
when CLIENTSSL_HANDSHAKE { if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]" } } when SERVERSSL_HANDSHAKE { if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]" } }
- Sep 22, 2022
Just do this in the server side event to see what the client IP is:
when SERVERSSL_HANDSHAKE { log local0. "client IP: [IP::client_addr]" if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]" } }
Can't have iRule events nested inside other events.
when CLIENTSSL_HANDSHAKE {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
}
}
when SERVERSSL_HANDSHAKE {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
}
}
Thank you so much Kevin, although for my SERVERSSL_HANDSHAKE i think i should use my self IP? Unless the iRule only looks at the cs-client-addr?
- Kevin_StewartSep 22, 2022Employee
You're saying, if the client source address is 10.10.10.10, log the client side session-id and server side session-id.
[IP::client_addr] is still the client source, even on the server side.
- Ken-DawgSep 22, 2022Nimbostratus
I tested it out and the client side worked, however the serverside did not. So i think I'll update the serverside with the self IP and see what i get. Thanks again Kevin!
- Kevin_StewartSep 22, 2022Employee
Just do this in the server side event to see what the client IP is:
when SERVERSSL_HANDSHAKE { log local0. "client IP: [IP::client_addr]" if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]" } }
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com