Help
CodeShare
Have some code. Share some code.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

APM/Analytics - Log click on webtop resources [serverside]

Yann_Desmarest
Cirrus
Cirrus

on ‎03-Jun-2016 14:17 - edited on ‎05-Jun-2023 22:52 by Fog

Problem this snippet solves:

When providing VPN SSL portal to the client, you publish several applications like Portal access, Remote Desktop, Webtop links, SAML Resources, Citrix/Vmware VDI, etc.

APM log access to the webtop, once connected, there is no more visibility on who click on which icon. We provide Visibility and Analytics capabilities through a simple irule.

How to use this snippet:

Installation

You just need to put this irule in the Virtual Server configuration that handle your access profile.

Logging information

Clicks are logged in the local0 (ltm logs). You can see below examples : 

virtual=/Common/test, apm=1239853, user=testuser, resource_type=portal, resourcename=owa
virtual=/Common/test, apm=1239853, user=testuser, resource_type=remote_desktop, resourcename=ActiveDirectory

Features

You can currently log the following application types :

  • Portal access
  • Remote Desktop access

The irule provide the additional features :

  • Decode Portal access uri
  • logging of username, apm session and resource name

Credits

Inspired from an original irule in a reply from Kevin Stewart : Logging for Portal Access

External links

Github : github.com/e-XpertSolutions/f5

Code :

when ACCESS_ACL_ALLOWED {
 switch -glob [HTTP::uri] {
  "*resourcetype=remote_desktop*" {    
      
      #
      # Basic logging. Remote or local logging settings can be configured
      #
      
      # log local0. "virtual=[virtual], apm=[string range [ACCESS::session sid] [expr [string length [ACCESS::session sid]] - 10] end], user=[ACCESS::session data get session.logon.last.username], resourcetype=remote_desktop, [findstr [HTTP::uri] "resourcename=" 0 "\%"]" 
      
      #
      # ACCESS logging before v13.x
      #
      
      log -noname accesscontrol.local1.notice "$static::ACCESS_LOG_PREFIX /Common/ap-ad-auth:Common:$session: virtual=[virtual], apm=[string range [ACCESS::session sid] [expr [string length [ACCESS::session sid]] - 10] end], user=[ACCESS::session data get session.logon.last.username], resourcetype=remote_desktop, [findstr [HTTP::uri] "resourcename=" 0 "\%"]"
      
      #
      # ACCESS::log is available in v13.x. Log saved in Access report too.
      #
      
      # ACCESS::log accesscontrol.notice "virtual=[virtual], apm=[string range [ACCESS::session sid] [expr [string length [ACCESS::session sid]] - 10] end], user=[ACCESS::session data get session.logon.last.username], resourcetype=remote_desktop, [findstr [HTTP::uri] "resourcename=" 0 "\%"]"
      
  }
  "*f5-w-*" { 
  catch {
            set resource [binary format H* [findstr [HTTP::uri] "/f5-w-" 6 "\$\$"]]
            if { [table lookup -subtable PORTALACCESS "[ACCESS::session sid]:[ACCESS::session data get session.logon.last.username]:$resource"] eq "" } {
                table set -subtable PORTALACCESS "[ACCESS::session sid]:[ACCESS::session data get session.logon.last.username]:$resource" [clock format [clock seconds] -format %Y%m%d-%H%M%S] 3600
                
                #
                # Basic logging. Remote or local logging settings can be configured
                #
                
                # log local0. "virtual=[virtual], apm=[string range [ACCESS::session sid] [expr [string length [ACCESS::session sid]] - 10] end], user=[ACCESS::session data get session.logon.last.username], resource_type=portal, resourcename=$resource" 
                
                #
                # ACCESS logging before v13.x
                #
                
                log -noname accesscontrol.local1.notice "$static::ACCESS_LOG_PREFIX /Common/ap-ad-auth:Common:$session: virtual=[virtual], apm=[string range [ACCESS::session sid] [expr [string length [ACCESS::session sid]] - 10] end], user=[ACCESS::session data get session.logon.last.username], resource_type=portal, resourcename=$resource"
                
                #
                # ACCESS::log is available in v13.x. Log saved in Access report too.
                #
                
                # ACCESS::log accesscontrol.notice "virtual=[virtual], apm=[string range [ACCESS::session sid] [expr [string length [ACCESS::session sid]] - 10] end], user=[ACCESS::session data get session.logon.last.username], resource_type=portal, resourcename=$resource"
                
            }           
        }
  }
 }
}

Tested this on version:

11.5
0 Kudos
Comments
brad_11480
Nimbostratus
Nimbostratus
‎15-Jul-2016 12:25

thanks. works for portal access but does not record/log webtop links that were clicked.. Will dig into it and look at the referenced document. thanks.

 

0 Kudos
Yann_Desmarest
Cirrus
Cirrus
‎15-Jul-2016 13:42

Hi,

 

webtop links are external links to web applications. You can catch the user click by inserting javascript into the full webtop.

 

0 Kudos
Peter_Baumann_5
Nimbostratus
Nimbostratus
‎25-Jul-2017 04:31

@Yann Desmarest: Do you have an example of such a javascript code and do you know where in the customizing exactly such a script has to be inserted?

 

0 Kudos
Yann_Desmarest
Cirrus
Cirrus
‎15-Aug-2017 01:21

Hi Peter,

 

You can find a new code sample to allow you to log all webtop resources

 

APM - Track clicks on webtop resources

 

It's just a first version. It's not intended to be configured in production yet.

 

Yann

 

0 Kudos
Version history
Last update:
‎05-Jun-2023 22:52
Updated by:
Fog
Copyright © 2023 Khoros, LLC