Thanks for catching the mistake with displaying the variable, "%" instead or "$".
Start by looking at the /var/log/ltm to make sure you don't have a syntax error in the iRule.
The check agent_id. Does the agent_id you specified in the VPE for the IRULE_AGENT match the iRule "if" condition:
if { [ACCESS::policy agent_id] eq "time_to_inspect_username" } {
There are a couple of options for troubleshooting. You can define the variable before you scan the datagroup like this:
when ACCESS_POLICY_AGENT_EVENT {
ACCESS::session data set session.logon.last.username_found_in_list [ACCESS::policy agent_id]
if { [ACCESS::policy agent_id] eq "time_to_inspect_username" } {
set user [ACCESS::session data get session.logon.last.username]
if { [class match $user equals DataGroupList_A] } {
ACCESS::session data set session.logon.last.username_found_in_list 1
} else {
ACCESS::session data set session.logon.last.username_found_in_list 0
}
}
}
Now, check the variable in the message box again. If it is equal to the agent_id, you know that the first "if" is not matching and the agent_id is not recognized.
Another option is to add log commands to the iRule and view the traces in the /var/log/ltm file.
when ACCESS_POLICY_AGENT_EVENT {
log local0. "Agent ID: [ACCESS::policy agent_id], Username: [ACCESS::session data get session.logon.last.username]"
if { [ACCESS::policy agent_id] eq "time_to_inspect_username" } {
set user [ACCESS::session data get session.logon.last.username]
if { [class match $user equals DataGroupList_A] } {
ACCESS::session data set session.logon.last.username_found_in_list 1
log local0. "Found username in datagroup, [ACCESS::session data get session.logon.last.username_found_in_list]"
} else {
ACCESS::session data set session.logon.last.username_found_in_list 0
log local0. "Did NOT Find username in datagroup, [ACCESS::session data get session.logon.last.username_found_in_list]"
}
}
}
Remember to remove, or comment out, the log commands when you are done troubleshooting.
HTH