ok, thanks for the information
i don't have a great deal of experience with syslog, so i'm just trying to get my head around this issue. basically, i just need a log of all ssl re-negotiation attempts and i thought the following command (included in lupo's irule) would indeed log them all...
log "\[VS [IP::local_addr]:[TCP::local_port] client [IP::remote_addr]:[TCP::remote_port]\]:TLS/SSL renegotiation"
however, when we implemented lupo's irule and initiated some ssl-renegotiations, nothing was logged. which left me puzzled. a colleague advised that we should use the following command to log all ssl-renegotiations instead of the command above...
log user.warn "\[VS [IP::local_addr]:[TCP::local_port] client [IP::remote_addr]:[TCP::remote_port]\]:TLS/SSL renegotiation"
from my point of view, i don't care where or how it is logged... i just need to ensure that it is logged! (hope that makes sense!)
thanks