Forum Discussion

JimW_156953's avatar
JimW_156953
Icon for Nimbostratus rankNimbostratus
Jan 04, 2016

APM - Collecting smartcard session variable

Hello:

 

successfully deployed SSLVPN solution using smartcard to a government customer. All works great except when the client uses SmartCard the username is not captured in APM session logs. It is only visible when the debug mode is turned on - this create a bloated and unnecessary information.

 

What are my choices for APM to exclusively capture a particular session variable on successful login and perhaps add it to default session information?

 

Thanks in advance,

 

  • Hmm, that's a bit strange. Can you please check and see which session variables get set/populated during your policy execution? I don't recall exactly which one is used for username reporting, but it's one of these two:

     

    session.logon.last.logonname session.logon.last.username

     

    You can check the value of those variables from the CLI by using the sessiondump command(so check what is set under non-debug mode). If you discover that one or the other is NOT set, try assigning the missing value during the VPE execution and see what happens.

     

  • Lucas_Thompson_'s avatar
    Lucas_Thompson_
    Historic F5 Account

    One of the available items in the VPE is "logging agent" where you can log a session variable of your choice at notice level.

     

  • you can add an action item "Logging" in the VPE and populate it with the variable. That will populate it in all case (logon allowed or denied)