cancel
Showing results for 
Search instead for 
Did you mean: 

iRule to email when TLS version is chosen

jomedusa
Altostratus
Altostratus

We are working to remove all TLS 1.0 and 1.1 connections to our VIP's. I can still see a small amount of connections and would like to trigger an email with the VIP and client ip address. I have combined the logic to both see what version and send the email into one iRule but now I am having issues with sending the email. I am getting an error on the connect portion, stating a routing problem. I would prefer to use the management address of the F5 as the source for the email's, is this possible? I have tried to change the connect string to the floating ip address of the VS but still doesn't work...here is the line and the error:

  set emailConn [connect -myaddr 10.4.38.7 -timeout 2000 -idle 10 -status conn_status $mailServer]

 

Jan 14 10:18:50 pad-f5-1 err tmm1[18799]: 01220001:3: TCL error: /Common/TLS_VERSION_LOGGING <CLIENTSSL_HANDSHAKE> - Connection failed for 10.XX.XX.69:25 [Routing problem] (line 1)   invoked from within "connect -myaddr 10.4.38.7 -timeout 2000 -idle 10 -status conn_status $mailServer"  (iRule proc "/Common/TLS_VERSION_LOGGING::sendEmail") (line 15)   invoked from within "call TLS_VERSION_LOGGING::sendEmail $subject $body "joe.harbison@csiweb.com""  (iRule proc "/Common/TLS_VERSION_LOGGING::createEmail") (line 6)   invoked from within "call TLS_VERSION_LOGGING::createEmail $emailSubject $emailBody"

 

Am I going about this the correct way or is there an easier method?

 

Thanks,

 

Joe

 

 

 

 

 

1 ACCEPTED SOLUTION

Karthick1
Cirrus
Cirrus

Dear , 

 

Please check the below irule and user alert configuration to send email. 

Below irule is to log the Client TLS Version : 

Irule name : TLS_ver_email_irule

 

when CLIENTSSL_HANDSHAKE {

  log local0.info " VIP -[IP::local_addr] client_connected_ver [SSL::cipher version]"

}

 

 

Edit the user alert configuration “/config/”  to send the matched logs to email. 

 

alert TLS "Rule /Common/TLS_ver_email_irule <CLIENTSSL_HANDSHAKE>: (.*) TLSv1.1" {

email toaddress=" kkk@abc.com"

  fromaddress="@abc.com"

body="client connected using TLSv1.1"

}

 

 

Note: this match is based on irule name as well ,so be attention while creating the alerts in user configuration file, repeat the alert configuration for tslv1.0 

 

 

Regards, 

Karthick Yokesh K

View solution in original post

4 REPLIES 4

Karthick1
Cirrus
Cirrus

Dear , 

 

Please check the below irule and user alert configuration to send email. 

Below irule is to log the Client TLS Version : 

Irule name : TLS_ver_email_irule

 

when CLIENTSSL_HANDSHAKE {

  log local0.info " VIP -[IP::local_addr] client_connected_ver [SSL::cipher version]"

}

 

 

Edit the user alert configuration “/config/”  to send the matched logs to email. 

 

alert TLS "Rule /Common/TLS_ver_email_irule <CLIENTSSL_HANDSHAKE>: (.*) TLSv1.1" {

email toaddress=" kkk@abc.com"

  fromaddress="@abc.com"

body="client connected using TLSv1.1"

}

 

 

Note: this match is based on irule name as well ,so be attention while creating the alerts in user configuration file, repeat the alert configuration for tslv1.0 

 

 

Regards, 

Karthick Yokesh K

Thanks so much for the response...could you explain more about the user alert portion? I am working with a development F5 box, for testing. the user_alert.conf file was blank and there was no smtp servers setup. I have setup an smtp server within the gui and tested it out...I entered the alert information in the user_aler.conf and restarted alertd. I don't have any indication that any emails are being generated, I can see the entries in the ltm logs. I modified the ssmtp config per the post to allow for snmp trap alerts. Could you please offer any insights on how to troubleshoot?

 

Thanks,

 

Joe

I got it working...I had an extra space in the user_alert.conf file...

 

Thanks so much again...

 

Joe

Karthick1
Cirrus
Cirrus

Good