Forum Discussion
hooleylist
Mar 23, 2010Cirrostratus
If you're not decrypting the SSL, you wouldn't want to add an HTTP profile to the VIP and therefore shouldn't be able to add an iRule to the VIP which references HTTP events. I'd expect your first example to work. Just add it to the VIP on the resources tab and then check /var/log/ltm for the rule output.
when CLIENT_ACCEPTED {
log local0. "[IP::client_addr]:[TCP::client_port]: SSL sessionid is: [SSL::sessionid]"
}
If you have a Safari browser you can reproduce the issue with, I'd restrict the iRule to log only your client IP address:
when CLIENT_ACCEPTED {
if {[IP::addr [IP::client_addr] equals 1.1.1.1]}{
log local0. "[IP::client_addr]:[TCP::client_port]: SSL sessionid is: [SSL::sessionid]"
}
}
Aaron