Wahyudi_118345
Apr 24, 2015Nimbostratus
Irule script to-log-all-traffic to RSA Security Analytics Server
Dear Team,
We have RSA Security Analytics Server ( Event Source Log Server) . Let's said the IP RSA server is 192.168.248.131 .
The RSA document said this is the sample irule :
log l...
- Apr 24, 2015
can you try something like this?
loghost is a syslog server pool e.g. 192.168.248.131:514.
when CLIENT_ACCEPTED { set hsl [HSL::open -proto UDP -pool loghost] } when HTTP_REQUEST { set host [HTTP::host] set uri [HTTP::uri] set method [HTTP::method] } when HTTP_RESPONSE { HSL::send $hsl "iRule c-ip=[IP::client_addr]^^method=$method^^uri=$uri^^host=$host^^sip=[LB::server addr]^^pool-name=[LB::server pool]^^sport=[LB::server port]^^status=[HTTP::status]" }