iRule to email when TLS version is chosen

jomedusa · ‎14-Jan-2021

We are working to remove all TLS 1.0 and 1.1 connections to our VIP's. I can still see a small amount of connections and would like to trigger an email with the VIP and client ip address. I have combined the logic to both see what version and send the email into one iRule but now I am having issues with sending the email. I am getting an error on the connect portion, stating a routing problem. I would prefer to use the management address of the F5 as the source for the email's, is this possible? I have tried to change the connect string to the floating ip address of the VS but still doesn't work...here is the line and the error:

set emailConn [connect -myaddr 10.4.38.7 -timeout 2000 -idle 10 -status conn_status $mailServer]

Jan 14 10:18:50 pad-f5-1 err tmm1[18799]: 01220001:3: TCL error: /Common/TLS_VERSION_LOGGING <CLIENTSSL_HANDSHAKE> - Connection failed for 10.XX.XX.69:25 [Routing problem] (line 1) invoked from within "connect -myaddr 10.4.38.7 -timeout 2000 -idle 10 -status conn_status $mailServer" (iRule proc "/Common/TLS_VERSION_LOGGING::sendEmail") (line 15) invoked from within "call TLS_VERSION_LOGGING::sendEmail $subject $body "joe.harbison@csiweb.com"" (iRule proc "/Common/TLS_VERSION_LOGGING::createEmail") (line 6) invoked from within "call TLS_VERSION_LOGGING::createEmail $emailSubject $emailBody"

Am I going about this the correct way or is there an easier method?

Thanks,

Joe

Karthick1 · ‎14-Jan-2021

Dear ,

Please check the below irule and user alert configuration to send email.

Below irule is to log the Client TLS Version :

Irule name : TLS_ver_email_irule

when CLIENTSSL_HANDSHAKE {

log local0.info " VIP -[IP::local_addr] client_connected_ver [SSL::cipher version]"

}

Edit the user alert configuration “/config/” to send the matched logs to email.

alert TLS "Rule /Common/TLS_ver_email_irule <CLIENTSSL_HANDSHAKE>: (.*) TLSv1.1" {

email toaddress=" kkk@abc.com"

fromaddress="@abc.com"

body="client connected using TLSv1.1"

}

Note: this match is based on irule name as well ,so be attention while creating the alerts in user configuration file, repeat the alert configuration for tslv1.0

Regards,

Karthick Yokesh K

View solution in original post

Karthick1 · ‎14-Jan-2021

Dear ,

Please check the below irule and user alert configuration to send email.

Below irule is to log the Client TLS Version :

Irule name : TLS_ver_email_irule

when CLIENTSSL_HANDSHAKE {

log local0.info " VIP -[IP::local_addr] client_connected_ver [SSL::cipher version]"

}

Edit the user alert configuration “/config/” to send the matched logs to email.

alert TLS "Rule /Common/TLS_ver_email_irule <CLIENTSSL_HANDSHAKE>: (.*) TLSv1.1" {

email toaddress=" kkk@abc.com"

fromaddress="@abc.com"

body="client connected using TLSv1.1"

}

Note: this match is based on irule name as well ,so be attention while creating the alerts in user configuration file, repeat the alert configuration for tslv1.0

Regards,

Karthick Yokesh K

jomedusa · ‎14-Jan-2021

Thanks so much for the response...could you explain more about the user alert portion? I am working with a development F5 box, for testing. the user_alert.conf file was blank and there was no smtp servers setup. I have setup an smtp server within the gui and tested it out...I entered the alert information in the user_aler.conf and restarted alertd. I don't have any indication that any emails are being generated, I can see the entries in the ltm logs. I modified the ssmtp config per the post to allow for snmp trap alerts. Could you please offer any insights on how to troubleshoot?

Thanks,

Joe

jomedusa · ‎14-Jan-2021

I got it working...I had an extra space in the user_alert.conf file...

Thanks so much again...

Joe

Karthick1 · ‎14-Jan-2021

Good

DevCentral

iRule to email when TLS version is chosen

Khoros Kudos Award 2022