Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Logging APM Username and XFF Address

I'm trying to create a single log entry that is triggered by an ACCESS_POLICY_AGENT_EVENT containing a user's username (after successful logon) and their X-Forwarded-For address. This log needs to be triggered immediately after successful authentication. Here is my iRule:

when ACCESS_POLICY_AGENT_EVENT {
    log local0. "SESSION_STARTED, User=[ACCESS::session data get session.logon.last.username], IP=[HTTP::header X-Forwarded-For]"
}

However, I'm getting this as my log entry: Rule /Common/UserID_Logger <ACCESS_POLICY_AGENT_EVENT>: SESSION_STARTED, User=testuser, IP=

It seems that the http headers are not accessible from within the APM event. Any suggestions?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Use this code

when ACCESS_SESSION_STARTED {
    ACCESS::session data set session.custom [HTTP::header X-Forwarded-For]
}
when ACCESS_POLICY_COMPLETED {
    log local0. "SESSION_STARTED, User=[ACCESS::session data get session.logon.last.username], IP=[ACCESS::session data get session.custom.xff]"
}
0
Comments on this Answer
Comment made 2 months ago by Ryan M 163

Thank you!

0