APM Session Variable Logging

Problem this snippet solves:

This iRule logs various Access Policy Manager (APM) session variable values from an evaluated APM policy session containing client-side checks for Antivirus software and HD Encryption software. The purpose of this iRule is to allow an administrator to view what kinds of AV software and HD Encryption software their users are using prior to enforcing client-side checks for these.

How to use this snippet:

In order to use this iRule: 1. You must have an Access Policy Manager (APM) license, and the APM module must be provisioned 2. You must have an active APM policy tied to the Virtual Server this iRule is applied to 3. Your APM policy must include AV software and HD Encryption software client-side checks 4. The AV software and HD encryption client-side checks can be set to allow the user, regardless of any software version, state, etc.

Code :

when ACCESS_POLICY_COMPLETED {

  # Get Username and Session ID information
  set user [ACCESS::session data get "session.logon.last.username"]

  set sessionID [ACCESS::session sid]

  # Get Client IP and Machine name
  set clientIP [IP::client_addr]

  log -noname local0. "Session ID: $sessionID -- User: $user logged on from ip address: $clientIP"
  
  # Check for Anti-Virus Software
  set avCount [ACCESS::session data get "session.check_software.last.av.count"]

  if { $avCount < 1 } {
log local0. "User: $user  -- No antivirus software found."
  } else {
# Get Antivirus software state 
set avSt [ACCESS::session data get "session.check_software.last.av.item_1.state"]

if { $avSt == 1 } {
set avState "Enabled"
} else {
set avState "Disabled"
}

set avDBT [ACCESS::session data get "session.check_software.last.av.item_1.db_time"]
if { $avDBT == "" } {
set avDBTime "Unknown"
} else {
set avDBTime [clock format $avDBT]
}

set avLS [ACCESS::session data get "session.check_software.last.av.item_1.last_scan"]
if { $avLS == "" } {
set avLastScan "Unknown"
} else {
set avLastScan [clock format $avLS]
}


# Get the details about Antivirus software
set avVendor [ACCESS::session data get "session.check_software.last.av.item_1.vendor_name"]
set avSoftware [ACCESS::session data get "session.check_software.last.av.item_1.name"]
set avVersion [ACCESS::session data get "session.check_software.last.av.item_1.version"]
set avDBVersion [ACCESS::session data get "session.check_software.last.av.item_1.db_version"]
set avErrors [ACCESS::session data get "session.check_software.last.av.item_1.errors"]
  
    log -noname local0. "User: $user -- Found AV software: $avVendor $avSoftware; Version: $avVersion; State: $avState; "
log -noname local0. "User: $user -- AV software DB Time: $avDBTime; DB Version: $avDBVersion;  Last Scan: $avLastScan "
log -noname local0. "User $user -- AV software check errors: $avErrors"
  }

  # Check for Hard Disk Encryption Software
  set hdEncCount [ACCESS::session data get "session.check_software.last.hd.count"]

  if { $hdEncCount < 1 } {
log local0. "User $user -- No Hard Disk Encryption software found."
  } else {
# Get HD Encryption Software state
set hdEncSt [ACCESS::session data get "session.check_software.last.hd.state"]

if { $hdEncSt == 1 } {
set hdEncState "Enabled"
} else {
set hdEncState "Disabled"
}

# Get the details about the HD Encryption software
set hdEncVendor [ACCESS::session data get "session.check_software.last.hd.item_1.vendor_name"]
set hdEncSoftware [ACCESS::session data get "session.check_software.last.hd.item_1.name"]
set hdEncVersion [ACCESS::session data get "session.check_software.last.hd.item_1.version"]
set hdEncErrors [ACCESS::session data get "session.check_software.last.hd.item_1.errors"]

log -noname local0. "User $user -- Found HD Encryption software: $hdEncVendor $hdEncSoftware;  Version: $hdEncVersion;  State: $hdEncState; "
log -noname local0. "User $user -- HD Encryption Software check errors: $hdEncErrors"
  }
}
Published Jan 30, 2015
Version 1.0

Was this article helpful?