Balanced

Best way to have a good idea, is to have lots of ideas

Gather SSL cipher statistics from your F5 device

With the new PCI DSS requirements around the corner it might be interesting to gather some SSL cipher statistics from your F5’s. If you have a syslog server this is a piece of cake using the HSL function in iRules.

To use the iRule below, first create a pool called syslog-514_pool, or simply replace the name with a pool containing your syslog server(s). Then, for each virtual server attach the following iRule:

 

Essentially, what it does is to send a syslog message for every new SSL session established. This data could easily be indexed by Splunk or Elastic search to generate a report.

PS. If you have a Firewall between your loadbalancer and your syslog server you might want to verify that it’s open first.

Previous

Protecting BigIP Report behind an APM – By Shannon Poole

1 Comment

  1. Hey, Patrik,
    I’ve been doing something similar with a iRule I found on devcentral, courtesy of David Holmes, that lets you show a page with a pie chart indicating client cipher usage. You don’t even need a syslog server – it uses iStats.
    Cheers,
    Joel

Leave a Reply

Powered by WordPress & Theme by Anders Norén