Forum Discussion
Thiyagu_343098
Nimbostratus
Nimbostratus[HSL] log iRule events testing with DNS traffic
Hello All, I'm testing the HSL logging with an irule by triggering DNS traffic. I have the log publisher configured as "Splunk_HSL_Publisher" Could anyone check and help me to know whether the below work to test the HSL logging by triggering DNS traffic
when RULE_INIT { set static::general_remote_syslog_publisher "Splunk_HSL_Publisher" } when DNS_REQUEST { set hsl [HSL::open -publisher $static::general_remote_syslog_publisher] HSL::send $hsl "Client connect from [IP::client_addr]"
}
SnlCirrostratus
why don't you try below IRULE ( CREATE A POOL Pool-syslog) contain splunk server
when DNS_REQUEST { set client_addr [IP::client_addr] set dns_server_addr [IP::local_addr] set question_name [DNS::question name] set question_class [DNS::question class] set question_type [DNS::question type] set data_center [whereami] set geo_information [join [whereis $client_addr] ;] set gtm_server [whoami] set wideip [wideip name] set dns_len [DNS::len] set hsl [HSL::open -proto UDP -pool Pool-syslog] HSL::send $hsl "<190>,f5_irule=Splunk-iRule-DNS_REQUEST,src_ip=$client_addr,dns_server_ip=$dns_server_addr,src_geo_info=$geo_information,question_name=$question_name,question_class=$question_class,question_type=$question_type,data_center=$data_center,gtm_server=$gtm_server,wideip=$wideip,dns_len=$dns_len\r\n" }