Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Converting iRules to LTM Policies

Hi,

I know the rule that if you can do it in the GUI, you should before writing an iRule as it's a bit more optimized. So, I'm starting to look to covert some iRules over to LTM policies. We do set a lot of variables within our iRules and for troubleshooting purposes, we write to log local. I see the "Set variable" option within the Policy rule but I'm not able to get it written to the log. I'm trying to convert this iRule to a policy. Any help is greatly appreciated!

when CLIENTSSL_CLIENTHELLO {

set userip [IP::client_addr]
set ssl_version [SSL::cipher name]
set ssl_protocol [SSL::cipher version]

if {$ssl_protocol == "TLSv1"} {

    log local0. "Warning:  $userip - $ssl_version - $ssl_protocol"

}

}

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

It seems CLIENTSSL_CLIENTHELLO (policy is ssl client hello) event is not available when the condition is ClientSSL protocol is TLSv1

but you can use following log message to include same information:

tcl:Warning: [IP::client_addr] - [SSL::cipher name] - [SSL::cipher version]
0
Comments on this Answer
Comment made 2 months ago by Shann_P 355

Thanks @Stanislas! I had everything working but the logging.

0