Cipher Logging iRule

Question

Hi folks,
I'm currently using an iRule to log cipher usage. It works great. However, I need to modify to include the Virtual Server name in the log entry. Here's what I've been using:
when HTTP_REQUEST {
if { [info exists logged] &amp;&amp; $logged == 1 }{
     Do nothing. Already logged for this connection
} else {
    set host [HTTP::host]
    set useragent [HTTP::header "User-Agent"]
    set logged 1

log local0. "[IP::client_addr] - [SSL::cipher name] - [SSL::cipher version] - [SSL::cipher bits] - [HTTP::header "User-Agent"]"

}

}
...and here's what I was going to try to get the virtual server name added:
    log local0. "[virtual name] - [IP::client_addr] - [SSL::cipher name] - [SSL::cipher version] - [SSL::cipher bits] - [HTTP::header "User-Agent"]"

Does anyone have any thoughts on whether or not that will work? If not any suggestions?

jurgenvdmark_14 · Answer

It looks fine to me,
I have a similar rule which logs when the SSL handshake takes place:
when CLIENTSSL_HANDSHAKE {
    log local0.info "virtual=[virtual name], src_ip=[IP::client_addr], ssl_cipher=[SSL::cipher name], ssl_protocol=[SSL::cipher version], ssl_bits=[SSL::cipher bits]"
}

Starting in version 11. A virtual consists of the partition and the virtual-name, f.i. /Common/test using the following command you can get the virtual name without the partition:
set env_vserver [getfield [virtual] "/" 3]

Forum Discussion

Cipher Logging iRule

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Cannot see floating MAC address outside of ESXi

Rewrite uri translation not working

Related Content

Cipher Suites Supported (12.1.5.3)

iRule to log traffic details

irule logging question

Disabling Weak Ciphers

Cipher suite mismatch advertisement/warning