Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

request logging profile want to log client certificate details

Go to solution
AlexS_yb
Cirrocumulus
Cirrocumulus

‎31-Jan-2022 12:32

Hi

 

I am setting a requets logging profile and I want to log the client certificate that was associated with the request that comes through.

 

I have a irule that adds it as a header to pool, but that doesn't seems to be available in the request portition and the backend server doesn't send it back

 

how can I access client cert information in request-log

 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
AlexS_yb
Cirrocumulus
Cirrocumulus
In response to AlexS_yb

‎31-Jan-2022 21:02

Seems like there is an enginerring request to get client cert info  into requet-log.

So for now, I have to rewrite as a irule

 

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
JRahm
Community Manager
Community Manager

‎31-Jan-2022 13:30

can you sanitize what you have with your logging profile and iRule and post where you are?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
0 Kudos

Go to solution
AlexS_yb
Cirrocumulus
Cirrocumulus
In response to JRahm

‎31-Jan-2022 15:31

tmsh create ltm profile request-log ybrequest-log-20220126
tmsh modify ltm profile request-log ybrequest-log-20220126 app-service none defaults-from ybrequest-log \
#
#request-log-template '$BIGIP_HOSTNAME , $VIRTUAL_NAME , "$\{Host\}",RQ,$CLIENT_IP,$CLIENT_PORT,$DATE_NCSA,$HTTP_METHOD,$HTTP_URI,$HTTP_VERSION,\"${User-agent}\",\"${X-Forwarded-SSL-cert-subject}\","$\{YBID\}","$\{ybmethod\}","$\{DEBTSTHREAD\}"' \
#response-log-template '$BIGIP_HOSTNAME , $VIRTUAL_NAME , "$\{Host\}",RS,$CLIENT_IP,$CLIENT_PORT,$DATE_NCSA,$HTTP_METHOD,$HTTP_URI,$HTTP_VERSION,\"${User-agent}\",\"${X-Forwarded-SSL-cert-subject}\","$\{YBID\}","$\{ybmethod\}","$\{DEBTSTHREAD\}",$VIRTUAL_POOL_NAME,$SERVER_IP,$SERVER_PORT,$SNAT_IP,$SNAT_PORT,$HTTP_STATCODE,$RESPONSE_SIZE,$RESPONSE_MSECS,"$\{X-time\}"'
#

 

is the header added by the irule

X-Forwarded-SSL-cert-subject

 

the irule looks something like 

set certsubject [X509::subject $cert]
HTTP::header insert X-Forwarded-SSL-DN $certsubject

 

Not sure why thus makes a difference. The general question is how to log client cert info in request-log 

 

 

0 Kudos

Go to solution
AlexS_yb
Cirrocumulus
Cirrocumulus
In response to AlexS_yb

‎31-Jan-2022 21:02

Seems like there is an enginerring request to get client cert info  into requet-log.

So for now, I have to rewrite as a irule

 

0 Kudos
Copyright © 2023 Khoros, LLC