cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Problem this snippet solves:

When providing VPN SSL portal to the client, you publish several applications like Portal access, Remote Desktop, Webtop links, SAML Resources, Citrix/Vmware VDI, etc.

APM log access to the webtop, once connected, there is no more visibility on who click on which icon. We provide Visibility and Analytics capabilities through a simple irule.

How to use this snippet:

Installation

You just need to put this irule in the Virtual Server configuration that handle your access profile.

Logging information

Clicks are logged in the local0 (ltm logs). You can see below examples :

virtual=/Common/test, apm=1239853, user=testuser, resource_type=portal, resourcename=owa
virtual=/Common/test, apm=1239853, user=testuser, resource_type=remote_desktop, resourcename=ActiveDirectory

Features

You can currently log the following application types :

  • Portal access
  • Remote Desktop access

The irule provide the additional features :

  • Decode Portal access uri
  • logging of username, apm session and resource name

Credits

Inspired from an original irule in a reply from Kevin Stewart : Logging for Portal Access

External links

Github : github.com/e-XpertSolutions/f5

Code :

when ACCESS_ACL_ALLOWED {
 switch -glob [HTTP::uri] {
  "*resourcetype=remote_desktop*" {    
      
      #
      # Basic logging. Remote or local logging settings can be configured
      #
      
      # log local0. "virtual=[virtual], apm=[string range [ACCESS::session sid] [expr [string length [ACCESS::session sid]] - 10] end], user=[ACCESS::session data get session.logon.last.username], resourcetype=remote_desktop, [findstr [HTTP::uri] "resourcename=" 0 "\%"]" 
      
      #
      # ACCESS logging before v13.x
      #
      
      log -noname accesscontrol.local1.notice "$static::ACCESS_LOG_PREFIX /Common/ap-ad-auth:Common:$session: virtual=[virtual], apm=[string range [ACCESS::session sid] [expr [string length [ACCESS::session sid]] - 10] end], user=[ACCESS::session data get session.logon.last.username], resourcetype=remote_desktop, [findstr [HTTP::uri] "resourcename=" 0 "\%"]"
      
      #
      # ACCESS::log is available in v13.x. Log saved in Access report too.
      #
      
      # ACCESS::log accesscontrol.notice "virtual=[virtual], apm=[string range [ACCESS::session sid] [expr [string length [ACCESS::session sid]] - 10] end], user=[ACCESS::session data get session.logon.last.username], resourcetype=remote_desktop, [findstr [HTTP::uri] "resourcename=" 0 "\%"]"
      
  }
  "*f5-w-*" { 
  catch {
            set resource [binary format H* [findstr [HTTP::uri] "/f5-w-" 6 "\$\$"]]
            if { [table lookup -subtable PORTALACCESS "[ACCESS::session sid]:[ACCESS::session data get session.logon.last.username]:$resource"] eq "" } {
                table set -subtable PORTALACCESS "[ACCESS::session sid]:[ACCESS::session data get session.logon.last.username]:$resource" [clock format [clock seconds] -format %Y%m%d-%H%M%S] 3600
                
                #
                # Basic logging. Remote or local logging settings can be configured
                #
                
                # log local0. "virtual=[virtual], apm=[string range [ACCESS::session sid] [expr [string length [ACCESS::session sid]] - 10] end], user=[ACCESS::session data get session.logon.last.username], resource_type=portal, resourcename=$resource" 
                
                #
                # ACCESS logging before v13.x
                #
                
                log -noname accesscontrol.local1.notice "$static::ACCESS_LOG_PREFIX /Common/ap-ad-auth:Common:$session: virtual=[virtual], apm=[string range [ACCESS::session sid] [expr [string length [ACCESS::session sid]] - 10] end], user=[ACCESS::session data get session.logon.last.username], resource_type=portal, resourcename=$resource"
                
                #
                # ACCESS::log is available in v13.x. Log saved in Access report too.
                #
                
                # ACCESS::log accesscontrol.notice "virtual=[virtual], apm=[string range [ACCESS::session sid] [expr [string length [ACCESS::session sid]] - 10] end], user=[ACCESS::session data get session.logon.last.username], resource_type=portal, resourcename=$resource"
                
            }           
        }
  }
 }
}

Tested this on version:

11.5
Comments
brad_11480
Nimbostratus
Nimbostratus

thanks. works for portal access but does not record/log webtop links that were clicked.. Will dig into it and look at the referenced document. thanks.

 

Hi,

 

webtop links are external links to web applications. You can catch the user click by inserting javascript into the full webtop.

 

Peter_Baumann_5
Nimbostratus
Nimbostratus

@Yann Desmarest: Do you have an example of such a javascript code and do you know where in the customizing exactly such a script has to be inserted?

 

Hi Peter,

 

You can find a new code sample to allow you to log all webtop resources

 

APM - Track clicks on webtop resources

 

It's just a first version. It's not intended to be configured in production yet.

 

Yann

 

Version history
Last update:
‎03-Jun-2016 14:17
Updated by:
Contributors