Forum Discussion
youssef1
Apr 05, 2018Cumulonimbus
Hello,
you can just add log command in order to send logs you define in /var/log/ltm. This logs is send to your syslog server if you configure IT. Then you can just enter the following command in order to retrieve all blocked user:
more /var/log/ltm | grep 'Blocked'
or (for gz file)
zcat /var/log/ltm.1.gz | grep 'Blocked'
when HTTP_REQUEST {
if { [class match [HTTP::uri]] equals ibp-uri } {
if { [class match [IP::client_addr] equals ifbyphone] } {
Let the request pass...
} else {
HTTP::respond 403 content "Access Denied"
log local0. "Blocked IP: [IP::client_addr]"
}
} else {
Let the request pass...
}
}
If you want to send this logs directly to your Syslog server you can use HSL (better performance). And you can easly set notification for this use case.
Regards