Jnon
Jul 18, 2016Nimbostratus
I need to be able to capture source IP on FTPS connection.
I need to capture the source IP for ftps traffic, and match that IP to a FTP session. It is easy enough to create an irule to capture source IP, and have that sent to a logging server, where then splunk can query the logs. After I have the list of source IP's I need to be able to match that up with a user. Because the data is being passed through the load balancer as secure, I can not do any inspection at the LTM, and I don't see time stamps as being a good enough match for busy servers to positively match a ftp session to a source IP.