NimbostratusWe have a requirement that when a users logs in remotely a syslog message is generated containing the following -
Username: Device: IP: Country of origin:
Has anyone has any experience doing this?
NacreousHi,
What kind of authentication are talking about "system" or apm ?
For apm, you can use a email block in your vpe. The attributes you need can be found in variables of the apm session.
For system, you can deliver locally generated email but you will not able to include all required information : https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13180.html
Nimbostratus
CirrusHi,
What kind of authentication are talking about "system" or apm ?
For apm, you can use a email block in your vpe. The attributes you need can be found in variables of the apm session.
For system, you can deliver locally generated email but you will not able to include all required information : https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13180.html
NimbostratusCirrusHi,
In the VPE, you can add a logging block (General Purpose) at the end of the policy with the following settings. This will be appended to the apm log :
Log Message : Username:%{session.logon.last.username} Device:%{session.client.platform} IP:%{session.user.clientip} Country of origin: %{session.user.ipgeolocation.country_code}You also have those information by default in the apm log :
/Common/sp_ap:Common:e627e57f: Received User-Agent header: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36.
/Common/sp_ap:Common:e627e57f: New session from client IP 192.168.20.1 (ST=/CC=/C=) at VIP 192.168.20.222 Listener /Common/vs_test (Reputation=Unknown)