Logging client username and assigned IP on logout
I'm trying to log a user's APM assigned IP and their username upon APM SSLVPN logout (either via timeout or hitting the "disconnect" button). We need both components in a single line. I have attempted this via an iRule:
when HTTP_REQUEST {
if { [HTTP::uri] equals "/vdesk/timeoutagent-i.php" } {
log local0. "SESSION_ENDED, User=[ACCESS::session data get session.logon.last.username], IP=[ACCESS::session data get session.assigned.clientip]"
ACCESS::session remove
HTTP::redirect "https://[HTTP::host]"
}
}
This generates the log message:
Rule /Common/APM_Logout_Test : SESSION_ENDED, User=, IP=
Basically, it appears as if the APM session variables have already been released by the time the user reaches this point. Does anyone know if this is the correct URL to be watching for?
Hello Ryan
Off the top of my head, I think that logout url is a little too late to trigger the iRule based off of an HTTP request. Instead of triggering your irule on solely an HTTP request event, break it up in to two parts. Use an event that triggers during the access session to set the variables (probably either on session start or with an access policy agent event)as you have done above.
You could then keep your http event above, having it function solely to log the information as users disconnect from the VPN (instead of having it set the variables), or you could use an access session ended event to trigger the logging instead of the http request. If you were to implement on an access session end, you wouldn't even need to worry about the url.
At the very least, change where your variables are set to be earlier in the access session. This should give you some broad strokes ideas for troubleshooting.
Feel free to ask if you have any follow-up questions,
Austin