Forum Discussion
3 Replies
Sort By
You could make use of High Speed Logging (HSL) to send SSL connection information to a syslog server
1) Create a pool containing the syslog server
tmsh create ltm pool HSL-POOL-514 members add { :514 }
2) Create an iRule which uses HSL to send SSL connection information to a syslog server
when CLIENT_ACCEPTED { set hsl [HSL::open -proto UDP -pool HSL-POOL-514] } when HTTP_REQUEST { set HOST [HTTP::host] set METHOD [HTTP::method] set URI [HTTP::uri] set HTTP_VERSION [HTTP::version] } when CLIENTSSL_HANDSHAKE { set SSL_VERSION [SSL::cipher version] set SSL_CIPHER [SSL::cipher name] } when HTTP_RESPONSE { HSL::send $hsl "<190> SSL Version: $SSL_VERSION, SSL Cipher: $SSL_CIPHER, Source: [IP::client_addr]:[TCP::client_port], Destination: [clientside {IP::local_addr}]:[clientside {TCP::local_port}], Pool Member: [IP::server_addr]:[TCP::server_port], Host: $HOST, $METHOD $URI HTTP/$HTTP_VERSION, Status: [HTTP::status]" }
An example of a log line you will see:
11-13-2017 21:47:38 Local7.Info 192.168.1.252 SSL Version: TLSv1.2, SSL Cipher: DHE-RSA-AES256-GCM-SHA384, Source: 192.168.1.124:45886, Destination: 192.168.1.100:443, Pool Member: 172.24.32.11:80, Host: www.example.com, GET /index.html HTTP/1.1, Status: 200
- Chetan_Puri_368Nimbostratus
Sir,
I need this /CN=Name/OU=UNIT/O=ORG/C=US of client certificate in Http header. When we are sending this to server.
- Anthony_GraberEmployee
You can add the client certificate subject using information provided in this example. https://clouddocs.f5.com/api/irules/CLIENTSSL_CLIENTCERT.html