Forum Discussion
Aug 29, 2016
Something like this? Make sure you setup the syslog pool (hsl_syslog_pool).
when RULE_INIT {
High speed logging setup - local7.info
set static::bigip [info hostname]
set static::facility <190>
set static::hsl_prefix "$static::facility|host=$static::bigip"
}
when CLIENT_ACCEPTED {
Open a connection for high speed logging to hsl_syslog_pool & define log prefix
set hsl [HSL::open -proto UDP -pool hsl_syslog_pool]
set hsl_prefix "${static::hsl_prefix}|client=[IP::client_addr]:[TCP::client_port]"
}
when CLIENTSSL_CLIENTCERT {
if { [SSL::cert count] == 0 } {
set log_message "No Certificate Provided"
HSL::send $hsl "$hsl_prefix|$log_message"
drop
}
else {
set log_message "Client Certificate Recieved - IP:[IP::client_addr] Serial:[X509::serial_number [SSL::cert 0]]"
HSL::send $hsl "$hsl_prefix|$log_message"
if { [class match [X509::serial_number [SSL::cert 0]] equals ValidCertificates] } {
set log_message "Client Accepted - IP:[IP::client_addr] Serial:[X509::serial_number [SSL::cert 0]]"
HSL::send $hsl "$hsl_prefix|$log_message"
}
else {
set log_message "Client Rejected -IP:[IP::client_addr] Serial:[X509::serial_number [SSL::cert 0]]"
HSL::send $hsl "$hsl_prefix|$log_message"
reject
}
}
}