Client source IP -> SSH VS forward to Syslog
Hello all
I have a big problem with the following scenario and any help will be wonderfull and apreciate
I have a VS serving ssh to a pool of servers, til now everything works fine. The problem comes with knowing who is being connected to the SSH serves, cause i receive the IP of F5 due we use SNAT.
I have been talking a lot of hours with F5 support team (opening an official case), and at the end we need to use SNAT (Due our environment FW, Routers etc) so at yhe end they advice me to use an iRule to send the information (the source ip of client) to a syslog.
They have send me this info
1 when CLIENT_ACCEPTED {
2 set hsl [HSL::open -proto UDP -pool syslog_server_pool]
3 }
4 when HTTP_REQUEST {
5 Log HTTP request via syslog protocol as local7.info; see RFC 3164 for more info
6 HSL::send $hsl "<190> [IP::local_addr] [HTTP::uri]\n"
7 }
But i´m completly lost
My syslog is at 150.175.45.206 (should i create a pool with the syslog server)
and the i´m serving TCP 22 (SSH)
Line 6 is awfull :)
Does anybody can help me
Thxs in advance
Nacho