Forum Discussion
Richard_22613
Nimbostratus
NimbostratusGTM iRule for DNS_RESPONSE
Hi
Im sure this is something very simple but I'm relatively new to the F5s and cant figure this out.
I'm trying to log DNS requests and replies to a syslog server. The requests work fine, however when I try the following code, I get the error 'line 1: [unknown event (DNS_RESPONSE)] [when DNS_RESPONSE {'
when DNS_RESPONSE {
This rule logs LDNS IP, Geolocation information, the DNS request and DNS Response
Use the HSL option for production environments.
use this line below for lab/test environments where there is no syslog server.
log local0. "LDNS: [IP::remote_addr] - LOCATION: [whereis [IP::remote_addr]] - QUESTION: [DNS::question name], [DNS::question type] - ANSWER: [DNS::answer]"
set hsl [HSL::open -proto UDP -pool hsl_pool]
HSL::send $hsl "<190> LDNS: [IP::remote_addr] - LOCATION: [whereis [IP::remote_addr]] - QUESTION: [DNS::question name], [DNS::question type] - ANSWER: [DNS::answer]"
}
Can anyone point me in the right direction as to why my F5 GTM doesnt like the line when DNS_RESPONSE ? I have a GTM and DNSexpress license.
Thanks
Richard
2 Replies
- Kevin_Stewart
Employee
The DNS_RESPONSE event cannot be used in a GTM iRule. User jacob gives us a pretty cleaver workaround, however, in this article:
https://devcentral.f5.com/wiki/irules.DNS-Logging-on-GTM.ashx
Essentially:
1. Create an LTM iRule with the iRule editor
2. In the editor, right click on the iRule and select properties
3. Move the listener VS to the "Using this iRule" column
GTM iRules are applied at the WideIP, and the above applies the LTM iRule at the listener. 
Richard_22613Thanks for the info, however I dont see an irule section under Local on the GTM, I dont think our GTM is licensed for LTM.
