Forum Discussion

jomedusa's avatar
jomedusa
Icon for Altostratus rankAltostratus
Jan 14, 2021
Solved

iRule to email when TLS version is chosen

We are working to remove all TLS 1.0 and 1.1 connections to our VIP's. I can still see a small amount of connections and would like to trigger an email with the VIP and client ip address. I have combined the logic to both see what version and send the email into one iRule but now I am having issues with sending the email. I am getting an error on the connect portion, stating a routing problem. I would prefer to use the management address of the F5 as the source for the email's, is this possible? I have tried to change the connect string to the floating ip address of the VS but still doesn't work...here is the line and the error:

  set emailConn [connect -myaddr 10.4.38.7 -timeout 2000 -idle 10 -status conn_status $mailServer]

 

Jan 14 10:18:50 pad-f5-1 err tmm1[18799]: 01220001:3: TCL error: /Common/TLS_VERSION_LOGGING <CLIENTSSL_HANDSHAKE> - Connection failed for 10.XX.XX.69:25 [Routing problem] (line 1)   invoked from within "connect -myaddr 10.4.38.7 -timeout 2000 -idle 10 -status conn_status $mailServer"  (iRule proc "/Common/TLS_VERSION_LOGGING::sendEmail") (line 15)   invoked from within "call TLS_VERSION_LOGGING::sendEmail $subject $body "joe.harbison@csiweb.com""  (iRule proc "/Common/TLS_VERSION_LOGGING::createEmail") (line 6)   invoked from within "call TLS_VERSION_LOGGING::createEmail $emailSubject $emailBody"

 

Am I going about this the correct way or is there an easier method?

 

Thanks,

 

Joe

 

 

 

 

 

  • Dear , 

     

    Please check the below irule and user alert configuration to send email. 

    Below irule is to log the Client TLS Version : 

    Irule name : TLS_ver_email_irule

     

    when CLIENTSSL_HANDSHAKE {

      log local0.info " VIP -[IP::local_addr] client_connected_ver [SSL::cipher version]"

    }

     

     

    Edit the user alert configuration “/config/”  to send the matched logs to email. 

     

    alert TLS "Rule /Common/TLS_ver_email_irule <CLIENTSSL_HANDSHAKE>: (.*) TLSv1.1" {

    email toaddress=" kkk@abc.com"

      fromaddress="@abc.com"

    body="client connected using TLSv1.1"

    }

     

     

    Note: this match is based on irule name as well ,so be attention while creating the alerts in user configuration file, repeat the alert configuration for tslv1.0 

     

     

    Regards, 

    Karthick Yokesh K

4 Replies

  • Dear , 

     

    Please check the below irule and user alert configuration to send email. 

    Below irule is to log the Client TLS Version : 

    Irule name : TLS_ver_email_irule

     

    when CLIENTSSL_HANDSHAKE {

      log local0.info " VIP -[IP::local_addr] client_connected_ver [SSL::cipher version]"

    }

     

     

    Edit the user alert configuration “/config/”  to send the matched logs to email. 

     

    alert TLS "Rule /Common/TLS_ver_email_irule <CLIENTSSL_HANDSHAKE>: (.*) TLSv1.1" {

    email toaddress=" kkk@abc.com"

      fromaddress="@abc.com"

    body="client connected using TLSv1.1"

    }

     

     

    Note: this match is based on irule name as well ,so be attention while creating the alerts in user configuration file, repeat the alert configuration for tslv1.0 

     

     

    Regards, 

    Karthick Yokesh K

    • jomedusa's avatar
      jomedusa
      Icon for Altostratus rankAltostratus

      Thanks so much for the response...could you explain more about the user alert portion? I am working with a development F5 box, for testing. the user_alert.conf file was blank and there was no smtp servers setup. I have setup an smtp server within the gui and tested it out...I entered the alert information in the user_aler.conf and restarted alertd. I don't have any indication that any emails are being generated, I can see the entries in the ltm logs. I modified the ssmtp config per the post to allow for snmp trap alerts. Could you please offer any insights on how to troubleshoot?

       

      Thanks,

       

      Joe

      • jomedusa's avatar
        jomedusa
        Icon for Altostratus rankAltostratus

        I got it working...I had an extra space in the user_alert.conf file...

         

        Thanks so much again...

         

        Joe