Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Match string "username" inside TCP:Payload

MukeshK
Nimbostratus
Nimbostratus

‎17-May-2021 10:18

I have a requirement to extract Client IP address as soon as VIP sees a LDAP Bind request from a particular username.

I have gone through couple of forums and found this relevant:

 

when CLIENT_ACCEPTED {

 TCP::collect 100

}

 

when CLIENT_DATA {

   # check if payload contains the string we want to replace

   if { [TCP::payload ] contains "username_adam" } {

#logging Client ip as soon as see bind request coming from username adam

       log local0. "Client ip logged is [IP::client_addr]"

       TCP::release

       TCP::collect

      }

 

Any answers and help would be appreciated.

Labels:
0 Kudos
0 REPLIES 0
Copyright © 2023 Khoros, LLC