APM Session Variable Logging
Problem this snippet solves:
This iRule logs various Access Policy Manager (APM) session variable values from an evaluated APM policy session containing client-side checks for Antivirus software and HD Encryption software. The purpose of this iRule is to allow an administrator to view what kinds of AV software and HD Encryption software their users are using prior to enforcing client-side checks for these.How to use this snippet:
In order to use this iRule: 1. You must have an Access Policy Manager (APM) license, and the APM module must be provisioned 2. You must have an active APM policy tied to the Virtual Server this iRule is applied to 3. Your APM policy must include AV software and HD Encryption software client-side checks 4. The AV software and HD encryption client-side checks can be set to allow the user, regardless of any software version, state, etc.Code :
when ACCESS_POLICY_COMPLETED { # Get Username and Session ID information set user [ACCESS::session data get "session.logon.last.username"] set sessionID [ACCESS::session sid] # Get Client IP and Machine name set clientIP [IP::client_addr] log -noname local0. "Session ID: $sessionID -- User: $user logged on from ip address: $clientIP" # Check for Anti-Virus Software set avCount [ACCESS::session data get "session.check_software.last.av.count"] if { $avCount < 1 } { log local0. "User: $user -- No antivirus software found." } else { # Get Antivirus software state set avSt [ACCESS::session data get "session.check_software.last.av.item_1.state"] if { $avSt == 1 } { set avState "Enabled" } else { set avState "Disabled" } set avDBT [ACCESS::session data get "session.check_software.last.av.item_1.db_time"] if { $avDBT == "" } { set avDBTime "Unknown" } else { set avDBTime [clock format $avDBT] } set avLS [ACCESS::session data get "session.check_software.last.av.item_1.last_scan"] if { $avLS == "" } { set avLastScan "Unknown" } else { set avLastScan [clock format $avLS] } # Get the details about Antivirus software set avVendor [ACCESS::session data get "session.check_software.last.av.item_1.vendor_name"] set avSoftware [ACCESS::session data get "session.check_software.last.av.item_1.name"] set avVersion [ACCESS::session data get "session.check_software.last.av.item_1.version"] set avDBVersion [ACCESS::session data get "session.check_software.last.av.item_1.db_version"] set avErrors [ACCESS::session data get "session.check_software.last.av.item_1.errors"] log -noname local0. "User: $user -- Found AV software: $avVendor $avSoftware; Version: $avVersion; State: $avState; " log -noname local0. "User: $user -- AV software DB Time: $avDBTime; DB Version: $avDBVersion; Last Scan: $avLastScan " log -noname local0. "User $user -- AV software check errors: $avErrors" } # Check for Hard Disk Encryption Software set hdEncCount [ACCESS::session data get "session.check_software.last.hd.count"] if { $hdEncCount < 1 } { log local0. "User $user -- No Hard Disk Encryption software found." } else { # Get HD Encryption Software state set hdEncSt [ACCESS::session data get "session.check_software.last.hd.state"] if { $hdEncSt == 1 } { set hdEncState "Enabled" } else { set hdEncState "Disabled" } # Get the details about the HD Encryption software set hdEncVendor [ACCESS::session data get "session.check_software.last.hd.item_1.vendor_name"] set hdEncSoftware [ACCESS::session data get "session.check_software.last.hd.item_1.name"] set hdEncVersion [ACCESS::session data get "session.check_software.last.hd.item_1.version"] set hdEncErrors [ACCESS::session data get "session.check_software.last.hd.item_1.errors"] log -noname local0. "User $user -- Found HD Encryption software: $hdEncVendor $hdEncSoftware; Version: $hdEncVersion; State: $hdEncState; " log -noname local0. "User $user -- HD Encryption Software check errors: $hdEncErrors" } }
Published Jan 30, 2015
Version 1.0Ash_Z
Ret. Employee
Joined May 16, 2019
Ash_Z
Ret. Employee
Joined May 16, 2019
- Thiago_MoraisAltostratus
Please, I need your help, I am testing your irule in my environment, but I don't know why, I can't see nothing in the log.
- JRahmAdminContributed by Ash Z