Forum Discussion

Nimbostratus

Apr 24, 2015

Solved

Irule script to-log-all-traffic to RSA Security Analytics Server

Dear Team, We have RSA Security Analytics Server ( Event Source Log Server) . Let's said the IP RSA server is 192.168.248.131 . The RSA document said this is the sample irule : log l...

application delivery

BIG-IP Access Policy Manager (APM)

Apr 24, 2015

can you try something like this?

loghost is a syslog server pool e.g. 192.168.248.131:514.

when CLIENT_ACCEPTED {
  set hsl [HSL::open -proto UDP -pool loghost]
}
when HTTP_REQUEST {
  set host [HTTP::host]
  set uri [HTTP::uri]
  set method [HTTP::method]
}
when HTTP_RESPONSE {
  HSL::send $hsl "iRule c-ip=[IP::client_addr]^^method=$method^^uri=$uri^^host=$host^^sip=[LB::server addr]^^pool-name=[LB::server pool]^^sport=[LB::server port]^^status=[HTTP::status]"
}

nitass_89166

Noctilucent

can you try something like this?

loghost is a syslog server pool e.g. 192.168.248.131:514.

when CLIENT_ACCEPTED {
  set hsl [HSL::open -proto UDP -pool loghost]
}
when HTTP_REQUEST {
  set host [HTTP::host]
  set uri [HTTP::uri]
  set method [HTTP::method]
}
when HTTP_RESPONSE {
  HSL::send $hsl "iRule c-ip=[IP::client_addr]^^method=$method^^uri=$uri^^host=$host^^sip=[LB::server addr]^^pool-name=[LB::server pool]^^sport=[LB::server port]^^status=[HTTP::status]"
}

Wahyudi_118345

Nimbostratus

Apr 24, 2015

Thanks a lot Nitas...i will try

Forum Discussion

Irule script to-log-all-traffic to RSA Security Analytics Server

Recent Discussions

how can I find the software version is 32 bit or 64 bit from LTM 15.1.10.4

(How) can I get two client certificates in one APM session?

Open Redirection Mitigation

BIG-IP DNS iRule issue with static variable

Using okta as SSO to login F5 GUI

Related Content

F5 Analytics iApp

Using ChatGPT for security and introduction of AI security

Auditing Security Policy Updates

HTTP Multipart and Security Implications

Using Distributed Application Security Policies in Secure Multicloud Networking Customer Edge Sites