Combine SSL Handshake failed messages with cause
Hello,
if an SSL Handshake fails the F5 LTM creates for example the following log entry
info tmm1[11382]: 01260013:6: SSL Handshake failed for TCP S_IP:S_Port -> Dest_IP:Dest_Port
and for example
warning tmm1[11382]: 01260009:4: Connection error: ssl_hs_rxhello:8519: unsupported version (70)
This makes it difficult to query the cause of the ssl handshake error. If I query our log server with query criteria “source ip of our the specific customer” to find out why the ssl handshake has failed, I only find the SSL Handshake failed message.
Would it be possible to combine both messages like this way?
info tmm1[11382]: 01260013:6: SSL Handshake failed for TCP S_IP:S_Port -> Dest_IP:Dest_Port Connection error: ssl_hs_rxhello:8519: unsupported version (70)
This request is similar to any other ssl related messages like certificate revoked (44)certificate expired (45) …
This may be realized by an iRule, but I think it would be more useful to change this behavior by default.
Best regards
Bjoern