cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Match string "username" inside TCP:Payload

MukeshK
Nimbostratus
Nimbostratus

I have a requirement to extract Client IP address as soon as VIP sees a LDAP Bind request from a particular username.

I have gone through couple of forums and found this relevant:

 

when CLIENT_ACCEPTED {

 TCP::collect 100

}

 

when CLIENT_DATA {

   # check if payload contains the string we want to replace

   if { [TCP::payload ] contains "username_adam" } {

#logging Client ip as soon as see bind request coming from username adam

       log local0. "Client ip logged is [IP::client_addr]"

       TCP::release

       TCP::collect

      }

 

Any answers and help would be appreciated.

0 REPLIES 0