AltostratusHello Folks,
I got a requirement to collect stats for various protocol stats with information on who are initiating those requests.
I know that we can use irule to log live requests protocol version but that would not give me the stats in a correct report format.
Any suggestions on this ?
CirrostratusHi,
you can refer client ssl statistics via tmsh or gui..
tmsh show ltm profile client-ssl < client ssl profile name>
Thx
Srini
MVPi don't believe there is anything built in that will give you both the protocol version and the sources in one nice report. you will have to do some work yourself to make that happen.
CirrostratusThats right, we cant see source IPs commign on which version but stats will give ovarall communnication of the vip which its talking.
Thx
Srini
EmployeeI know that we can use irule to log live requests protocol version but that would not give me the stats in a correct report format.
is istats applicable?
Introduction to iStats Part 1: Overview by Colin Walker
https://devcentral.f5.com/articles/introduction-to-istats-part-1-overviewe.g.
// config
root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.24.10:443
ip-protocol tcp
mask 255.255.255.255
pool foo
profiles {
clientssl {
context clientside
}
tcp { }
}
rules {
qux
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vs-index 7
}
root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
when CLIENTSSL_HANDSHAKE {
ISTATS::incr "ltm.virtual [virtual name] counter [SSL::cipher version]:[IP::client_addr]" 1
}
}
// stats
[root@ve13a:Active:In Sync] config tmsh show ltm virtual bar |awk '/User-defined/,0'
User-defined Value
tlsv1_172_28_24_1 1
tlsv1_2_172_28_24_1 1