GTM iRule for DNS_RESPONSE

Question

Hi&nbsp;
Im sure this is something very simple but I'm relatively new to the F5s and cant figure this out.&nbsp;
I'm trying to log DNS requests and replies to a syslog server. The requests work fine, however when I try the following code, I get the error 'line 1: [unknown event (DNS_RESPONSE)] [when DNS_RESPONSE {'&nbsp;
when DNS_RESPONSE {&nbsp;
                    This rule logs LDNS IP, Geolocation information, the DNS request and DNS Response&nbsp;
                     Use the HSL option for production environments.&nbsp;
                    &nbsp;
                     use this line below for lab/test environments where there is no syslog server.&nbsp;
                    &nbsp;
                     log local0. "LDNS: [IP::remote_addr] - LOCATION: [whereis [IP::remote_addr]] - QUESTION: [DNS::question name], [DNS::question type] - ANSWER: [DNS::answer]"&nbsp;
                    &nbsp;
                    &nbsp;
                    set hsl [HSL::open -proto UDP -pool hsl_pool]&nbsp;
                    HSL::send $hsl "&lt;190&gt; LDNS: [IP::remote_addr] - LOCATION: [whereis [IP::remote_addr]] - QUESTION: [DNS::question name], [DNS::question type] - ANSWER: [DNS::answer]"&nbsp;
    }&nbsp;
Can anyone point me in the right direction as to why my F5 GTM doesnt like the line when DNS_RESPONSE ? I have a GTM and DNSexpress license.&nbsp;
Thanks&nbsp;
Richard&nbsp;

kevin_stewart · Answer

The DNS_RESPONSE event cannot be used in a GTM iRule. User jacob gives us a pretty cleaver workaround, however, in this article: 
&nbsp;  
&nbsp; https://devcentral.f5.com/wiki/irules.DNS-Logging-on-GTM.ashx 
&nbsp;  
&nbsp; Essentially: 
&nbsp;  
&nbsp; 1. Create an LTM iRule with the iRule editor 
&nbsp; 2. In the editor, right click on the iRule and select properties 
&nbsp; 3. Move the listener VS to the "Using this iRule" column 
&nbsp;  
&nbsp; GTM iRules are applied at the WideIP, and the above applies the LTM iRule at the listener. &nbsp;

richard_22613 · Answer

Thanks for the info, however I dont see an irule section under Local on the GTM, I dont think our GTM is licensed for LTM.&nbsp;

Forum Discussion

GTM iRule for DNS_RESPONSE

2 Replies

Recent Discussions

SIGSEGV on 15.1.10.x

Deny access to F5 management from specific addresses

Ansible - Running bash commands with bigip_command module - How it's done

Adding an ASM policy to an APM VIP used for Citrix access

Problems connecting to vpn after upgrading to ubuntu 24.04

Related Content

no sync GTM configuration?

Getting GTM Pool and Wideips with Python f5-sdk

GTM Design For External DNS Queries

iRULE regsub error

GTM WIDE IP IRULE