istats
6 TopicsCategorize SSL traffic by version, display as graph
Problem this snippet solves: You want to know how much SSLv3 traffic is hitting your site. Example image when going to https://x.x.x.x/sslversions: How to use this snippet: Attach this iRule to your virtual server that is terminating SSL. It will collect statistics about which versions of SSL are being negotiated with clients. Use the 'istats dump' command to see the statistics. Or, connect to your virtual server and query for "/sslversions" to see a javascript graph. Code : when CLIENTSSL_HANDSHAKE { ISTATS::incr "ltm.virtual [virtual name] c [SSL::cipher version]" 1 } when HTTP_REQUEST { if { [string tolower [HTTP::uri]] equals "/sslversions" } { set v3 [ISTATS::get "ltm.virtual [virtual name] c SSLv3"] set t10 [ISTATS::get "ltm.virtual [virtual name] c TLSv1"] set t11 [ISTATS::get "ltm.virtual [virtual name] c TLSv1.1"] set t12 [ISTATS::get "ltm.virtual [virtual name] c TLSv1.2"] set hbody "\n \ \n \ \n \ \n \ \n \ \n \ // Load the Visualization API and the piechart package.\n \ google.load('visualization', '1.0', {'packages':\['corechart'\]});\n \ \n \ // Set a callback to run when the Google Visualization API is loaded.\n \ google.setOnLoadCallback(drawChart);\n \ \n \ // Callback that creates and populates a data table,\n \ // instantiates the pie chart, passes in the data and\n \ // draws it.\n \ function drawChart() {\n \ \n \ // Create the data table.\n \ var data = new google.visualization.DataTable();\n \ data.addColumn('string', 'SSL Types');\n \ data.addColumn('number', 'Versions');\n \ data.addRows(\[\n \ \['SSLv3', $v3],\n \ \['TLSv1', $t10],\n \ \['TLSv1.1', $t11],\n \ \['TLSv1.2', $t12]\n \ \]);\n \ \n \ // Set chart options\n \ var options = {'title':'SSL/TLS Versions on [virtual name]',\n \ 'width':800,\n \ 'height':600};\n \ \n \ // Instantiate and draw our chart, passing in some options.\n \ var chart = new google.visualization.PieChart(document.getElementById('chart_div'));\n \ chart.draw(data, options);\n \ }\n \ \n \ \n \ \n \ \n \ \n \ \n \ \n \ \n \ " HTTP::respond 200 content $hbody } }755Views2likes3CommentsiStats v13 command help
Hi, Here is help displayed by cli istats command: Usage: istats [-s ] [] is one of: 'set' 'incr' 'get' 'remove' 'dump' 'drop_row' 'drop_column' 'clear_row' is a single quoted argument: "keyspace ... " (like "ltm.pool /Common/mypool counter mystat") is one of: 'counter' 'gauge' 'string' 'text' 'signed' 'unsigned' 'bin' 'dec' 'hex' 'timestamp' 'timeval' 'uinthex' must be specified for 'set' and 'incr', and must be an integer for 'incr' The for a gauge may be negative. Use 2 dashes before the negative value (like 'incr "... gauge ..." -- -1') I wonder if there are is any info how to use operations like drop_row, drop_colum, clear_row What is [-s ] description "keyspace ... " - what is keyspace and column? If possible some example of key using all above elements and multiple columnsIs there any description what can be stored in types: 'text' 'signed' 'unsigned' 'bin' 'dec' 'hex' 'timestamp' 'timeval' 'uinthex'And how those behave in relation to value used. What is difference between timestamp and timeval. I had ipression that those can be set without using value (like automatically place current time at the moment key is created in value) but it seems not be the case.Piotr731Views0likes4CommentsSource address persistence troubleshooting
Hi, I am looking a way to find out if source address persistence is working correctly. There are two VS (Standard TCP IP:any and Standard UDP IP:any both with pools pointing to the same nodes) with attached profile: ltm persistence source-addr lamp_persist_match_vs { app-service none defaults-from source_addr description none hash-algorithm default map-proxies enabled map-proxy-address none map-proxy-class none mask none match-across-pools disabled match-across-services disabled match-across-virtuals enabled mirror disabled override-connection-limit disabled partition Common timeout 32400 } match-across-virtuals is enabled so after first client connection to any of VSs following connections should go to the same node for at least 32400 s. I am looking a way to find out if it is working like that. So I need to figure out if given client IP is for at least defined timeout ONLY directed to the same IP. In other words I need to catch exception when given client IP is rebalanced to other IP during timeout period. Any ideas how to do that? I was thinking about using iRule with iStats but I am not so good with iStats stuff. My first approach was to create code like that: when LB_SELECTED { set node_sel [LB::server addr] log local0. "Selected node is $node_sel" ISTATS::incr "ltm.virtual [virtual name] node $node_sel client.ip [IP::client_addr] c balanced" 1 ISTATS::incr "ltm.virtual [virtual name] c [IP::client_addr]-${node_sel}" 1 ISTATS::incr "ltm.virtual [virtual name] c count_it" 1 log local0. "Currents counter is: [ISTATS::get "node $node_sel client.ip [IP::client_addr] c balanced"]" } Tried different syntax but I am not really sure if that's a way to go. Goal is to be able to collect all nodes given client IP connected during timeout period. If there is not persistence issue just one entry should be created listing client IP and selected node, if there is issue I expect that two entries will be created (pool contains two pool members). Piotr300Views0likes0CommentsAPM Access stats per OS
Hello I'm trying to create report to show the connections made to an APM Access Profile with different Client OS. First of all, I tried to do it with an APM Report but I haven't found the way to do it. Now, I'm trying with iStats. This iRule fails: when ACCESS_POLICY_AGENT_EVENT { log local0. "Guardando logs iRule APM [ACCESS::policy agent_id]" switch [ACCESS::policy agent_id] { "LOG_OS" { set OS "[ACCESS::session data get session.client.platform] ISTATS::incr "RemoteAccess c $OS" 1 } } } This is the error: Feb 19 14:42:48 rochelle-intx err tmm[11266]: 01220001:3: TCL error: /Common/LOG_APM_VERSION_OS - Error: Fact0: requested Id0 (type=HEADER) as type FACT (line 1) invoked from within "ISTATS::incr "Teleacceso c $OS" 1" ("LOG_OS" arm line 6) invoked from within "switch [ACCESS::policy agent_id] { "LOG_OS" { set OS "Prueba" log local0.notice "Guardando logs " What am I doing wrong?284Views0likes2Comments