ZacW
Feb 07, 2014Nimbostratus
Logging SSL information through iRule
Hello,
We are migrating an application in an older DC, but before doing so the application team would like to collect some information that they are unable to at the server level. We are offloading SSL to to the F5 running version 10.0.1, and I would like to log the client ip, ssl cipher name and version. The issue is not with the actual iRule as it works, but that it logs the same message for each step in the SSL handshake. I'm looking for a way to only log on the initial client hello packet as the corresponding event is not available for this version of code.
when CLIENTSSL_HANDSHAKE {
set hsl [HSL::open -proto UDP -pool Pool-Syslog]
HSL::send $hsl "Connection from Client: [IP::client_addr] with Cipher: [SSL::cipher name] and SSL Version: [SSL::cipher version]"
}
Any help would be greatly appreciated. This is more of a nuisance than a problem.
Thanks,
Zac