iRule to log browser type (client)

Question

I've got a thread running on Adv. Config about an issue I'm having with SSL connections and Apple Safari for a website we host.  I'm looking to track down the behavior of the F5 when a connection request comes through the F5 but am having trouble in a few areas.  First I'd like to log the ssl sessionid but none of my iRules that I'm trying ever get executed. 
&nbsp; NEW 
&nbsp; when CLIENT_ACCEPTED { 
&nbsp;   log local0. "SSL sessionid is: [SSL::sessionid]" 
&nbsp; } 
&nbsp; NEW 
&nbsp; when HTTP_REQUEST { 
&nbsp;   log local0. "SSL sessionid is: [SSL::sessionid]" 
&nbsp; } 
&nbsp; NEW 
&nbsp; when SERVER_CONNECTED { 
&nbsp;   log local0. "SSL sessionid is: [SSL::sessionid]" 
&nbsp; } 
&nbsp;  
&nbsp; As for logging a client browser type I don't know where to start as the list of events and what to log tell me this isn't possible (but I hope I'm wrong). 
&nbsp;  
&nbsp; Thanks, 
&nbsp;  
&nbsp; - Dave

naladar_65658 · Answer

For the client browser type you will want to use: 
&nbsp;  
&nbsp; HTTP::header User-Agent  
&nbsp;  
&nbsp;  
&nbsp;  &nbsp;

naladar_65658 · Answer

Sorry, the line that you would want to add to your iRule code is:  
&nbsp;    
&nbsp;  log local0. "The User Agent String is: [HTTP::header User-Agent]"  
&nbsp;    
&nbsp; I checked out your other post and left you a URL that explains how to obtain that Session ID that you are looking for.

dave_jensen_201 · Answer

What event should I trigger off of to write this log out? 
&nbsp;  
&nbsp; - Dave

naladar_65658 · Answer

when HTTP_REQUEST would be the event trigger.  
&nbsp;    
&nbsp;  What is your level of access on the BIG-IP device you are running?  I have a QA F5 for testing stuff on, but when I have to test something on the production unit, I just set up another virtual server using a private IP and utilize all the same iRules, pools and profiles of the Virtual Server that I am debugging.  Then I create an entry on my windows unit's host file that aims the url to the new virtual sever that I created.  Then you can send requests back and forth from your own machine, using a valid url to analyze and debug things at will.  
&nbsp;    
&nbsp;  I had to get approved to have my own test VIP on the unit, but it can save a lot of time when troubleshooting things like this and keeps you from stepping on production traffic.

hooleylist · Answer

&nbsp; What is your level of access on the BIG-IP device you are running? I have a QA F5 for testing stuff on, but when I have to test something on the production unit, I just set up another virtual server using a private IP and utilize all the same iRules, pools and profiles of the Virtual Server that I am debugging. Then I create an entry on my windows unit's host file that aims the url to the new virtual sever that I created. Then you can send requests back and forth from your own machine, using a valid url to analyze and debug things at will. 
&nbsp; &nbsp; 
&nbsp;  
&nbsp; This is a great option if you don't have a separate test unit.  It limits the impact of errors on a test iRule affecting a live virtual server. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

iRule to log browser type (client)

6 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

URL/URI rewrite without changing in Client browser

iRule based RADIUS Client Stack

Display a warning on client browser when cipher suite mismatch

Check Client for APM Browser Components

Client-Certificate and IP-Whitelisting via Policy or iRule?