Rosieodonell_16
Apr 28, 2016Cirrus
Irule for logging user connections for the APM portal
I have been asked by my security department to basically log information about all users that log in or try to log into one of our portals being hosted on the F5 APM. I basically need the following information if possible in two scenarios.
If they authenticate successfully:
- Client source IP address
- time stamp of the connection
- which Virtual server they are connecting too
- username they logged in with
- what kind of browser or device etc...
- a message saying they succeeded
If they don't authenticate successfully:
- Client source IP address
- time stamp of the connection
- which Virtual server they are trying to connect too
- username they tried to log in with
- what kind of browser or device etc...
- a message saying they failed
Not sure where i would put this irule. An example i have stolen so far from others:
when SERVER_CONNECTED {
log local0. "Client Source IP: [IP::client_addr]:[TCP::client_port]and tried to connect to [IP::server_addr]:[TCP::server_port]"
}
But if the authentication fails, then i am not sure if this would work and i know it doesn't have all teh info i need!