root@(sslo1)(cfg-sync Standalone)(TimeLimitedModules::Active)(/Common)(tmos)# list ltm virtual sslo_demoL3.app/sslo_demoL3-in-t-4
ltm virtual sslo_demoL3.app/sslo_demoL3-in-t-4 {
    app-service /Common/sslo_demoL3.app/sslo_demoL3
    creation-time 2024-02-07:20:48:21
    description "transparent proxy (2024-2-7 22:26:20)"
    destination 0.0.0.0:any
    ip-protocol tcp
    last-modified-time 2024-02-07:22:26:31
    mask any
    per-flow-request-access-policy ssloP_demoL3.app/ssloP_demoL3_per_req_policy
    pool sslo_demoL3.app/sslo_demoL3-ex-pool-4
    profiles {
        f5-tcp-wan {
            context serverside
        }
        ssloT_demoL3.app/ssloT_demoL3-cssl {
            context clientside
        }
        ssloT_demoL3.app/ssloT_demoL3-sssl {
            context serverside
        }
        sslo_demoL3.app/sslo_demoL3-http { }
        sslo_demoL3.app/sslo_demoL3-http-proxy-connect { }
        sslo_demoL3.app/sslo_demoL3-tcp-lan {
            context clientside
        }
        sslo_demoL3.app/sslo_demoL3_accessProfile { }
    }
    rules {
        sslo_demoL3.app/sslo_demoL3-in_t
        sslo_demoL3.app/sslo_demoL3-lib
        ssloS_FEYE.app/ssloS_FEYE-port_remap
        ssloS_IPS.app/ssloS_IPS-port_remap
        decrypt_ssl
    }
    serverssl-use-sni disabled
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address disabled
    translate-port disabled
    vlans {
        client-vlan
    }
    vlans-enabled
    vs-index 95
}

root@(sslo1)(cfg-sync Standalone)(TimeLimitedModules::Active)(/Common)(tmos)# list ltm rule decrypt_ssl
ltm rule decrypt_ssl {
when CLIENTSSL_HANDSHAKE {
 if {[IP::addr [getfield [IP::client_addr] "%" 1] equals 10.1.10.50] } {
   log local0. "CLIENT_Side_IP:TCP source port: [IP::client_addr]:[TCP::remote_port]"
   log local0. "CLIENT_RANDOM [SSL::clientrandom] [SSL::sessionsecret]"
   log local0. "RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
 }
}
when SERVERSSL_HANDSHAKE {
 if {[IP::addr [getfield [IP::client_addr] "%" 1] equals 10.1.10.50] } {
   log local0. "SERVER_Side_IP:TCP source port:[IP::local_addr]: [TCP::local_port]"
   log local0. "CLIENT_RANDOM [SSL::clientrandom] [SSL::sessionsecret]"
   log local0. "RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
 }
}
}

sed -e 's/^.*\(RSA Session-ID\)/\1/;tx;d;:x' /var/log/ltm > /var/tmp/sessionsecrets.pms
grep -h -o 'CLIENT_RANDOM.*' /var/log/ltm* >> /var/tmp/sessionsecrets.pms