Wahyudi_118345
Apr 24, 2015Nimbostratus
Solved
Irule script to-log-all-traffic to RSA Security Analytics Server
Dear Team,
We have RSA Security Analytics Server ( Event Source Log Server) . Let's said the IP RSA server is 192.168.248.131 .
The RSA document said this is the sample irule :
log local0. "iRule c-ip=[IP::client_ addr]^^method=[ HTTP::- method]^^uri=[HTTP::uri]^^host=[HTTP::host]^^sip=[ LB::server addr]^^pool-name=[LB::server pool]^^sport=[ LB::server port]^^status=[HTTP::status]"
But when i created the irule , the syntax is error.
Could someone please help me how to create the correctly syntax so can send traffic log to RSA server ( the IP is 192.168.248.131) ?
can you try something like this?
loghost is a syslog server pool e.g. 192.168.248.131:514.
when CLIENT_ACCEPTED { set hsl [HSL::open -proto UDP -pool loghost] } when HTTP_REQUEST { set host [HTTP::host] set uri [HTTP::uri] set method [HTTP::method] } when HTTP_RESPONSE { HSL::send $hsl "iRule c-ip=[IP::client_addr]^^method=$method^^uri=$uri^^host=$host^^sip=[LB::server addr]^^pool-name=[LB::server pool]^^sport=[LB::server port]^^status=[HTTP::status]" }