Forum Discussion

Roflcopter's avatar
Roflcopter
Icon for Nimbostratus rankNimbostratus
May 01, 2018

Log result of APM AAA HTTP

I am using a AAA HTTP server to send request to a SMS provider as part of an access policy.

 

As part of this AAA HTTP server we are using a custom post to send a custom body to the SMS provider which then sends the SMS to the end user for 2 factor authentication.

 

What I am trying to do is log the response from the SMS provider.

 

I am expecting a specific response from the provider which I have configured and works. So if the incorrect response is received the AAA HTTP fails and the users is not allowed through.

 

Successful Logon Detection Match Type is setup and working as expected.

 

I can see in the APM debug logs - HTTP module: VerifyResultByString(): String Match found

 

What I want to be able to do is log is the VerifyResultByString

 

For the life of me I can figure out how.

 

Thanks in advance.

 

APM
application delivery
security

5 Replies

Sort By
  • KeesvandenBos's avatar
    KeesvandenBos
    Icon for MVP rankMVP
    May 04, 2018

    You could enable logging in the VPE, use the session variable session.http.last.* to log all responses from the HTTP-Auth.

     

    Or perform a tcpdump and analyse the response from the SMS provider.

     

    Cheers,

     

    Kees

     

  • Roflcopter's avatar
    Roflcopter
    Icon for Nimbostratus rankNimbostratus
    May 14, 2018

    Thanks from the session.http.last.* I was able to get the session.http.last.response_status is 200.

     

    From there if it doesn't == 200 then we know it stuffed and we can issue an alert from our syslog.

     

    Cheers,

     

    Isaac