Forum Discussion

Scott_Smith_860's avatar
Scott_Smith_860
Icon for Nimbostratus rankNimbostratus
Aug 06, 2012

Lease Pool IPV4 Allocation

Running Edge Gateway - BIG-IP 11.1.0 Build 2179.6 Engineering Hotfix HF3 v

 

 

Our security team had found an end user connected to edge gateway that is showing infected behavior. They only have in their logs the DHCP allocated lease pool address assigned by edge gateway. I see no way of reporting against this IP address in EG. The only way I see to see the user associated with the leased address is to drill down into every session ID manually to find the Assigned PPP IPv4Assigned PPP IPv4 output. This can take hours. I also can't seem to find the assignments in any var/logs directories.

 

 

  • Scott,

     

     

    We had the same issue with the IP address not getting logged correctly to our syslog server. We had to get an ENHF to resolve the issue with tmm and tmm1 logging incorrectly. If you open a case and reference my case C1143974 you should be able to get the HotFix applied. Currently the HotFix is cut for 11.2 HF-1 so you would have to upgrade to get this. I was also told that this fix would be included in 11.3 when it is released which is supposed to be end of 2012 beginning of 2013.

     

     

    Now we can use or SEIM tool or just unix commands on our syslog server to start matching everything up and see what user has what IP address.

     

     

    Seth