17-May-2021 10:18
I have a requirement to extract Client IP address as soon as VIP sees a LDAP Bind request from a particular username.
I have gone through couple of forums and found this relevant:
when CLIENT_ACCEPTED {
TCP::collect 100
}
when CLIENT_DATA {
# check if payload contains the string we want to replace
if { [TCP::payload ] contains "username_adam" } {
#logging Client ip as soon as see bind request coming from username adam
log local0. "Client ip logged is [IP::client_addr]"
TCP::release
TCP::collect
}
Any answers and help would be appreciated.