Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Thiyagu_343098's avatar
Thiyagu_343098
Icon for Nimbostratus rankNimbostratus
Oct 23, 2018

[HSL] log iRule events testing with DNS traffic

Hello All, I'm testing the HSL logging with an irule by triggering DNS traffic. I have the log publisher configured as "Splunk_HSL_Publisher" Could anyone check and help me to know whether the below ...
application delivery
irules
LTM
Snl's avatar
Snl
Icon for Cirrostratus rankCirrostratus
Oct 23, 2018

why don't you try below IRULE ( CREATE A POOL Pool-syslog) contain splunk server

when DNS_REQUEST {
    set client_addr [IP::client_addr]
    set dns_server_addr [IP::local_addr]
    set question_name [DNS::question name]
    set question_class [DNS::question class]
    set question_type [DNS::question type]
    set data_center [whereami]
    set geo_information [join [whereis $client_addr] ;]
    set gtm_server [whoami]
    set wideip [wideip name]
    set dns_len [DNS::len]

    set hsl [HSL::open -proto UDP -pool Pool-syslog]
    HSL::send $hsl "<190>,f5_irule=Splunk-iRule-DNS_REQUEST,src_ip=$client_addr,dns_server_ip=$dns_server_addr,src_geo_info=$geo_information,question_name=$question_name,question_class=$question_class,question_type=$question_type,data_center=$data_center,gtm_server=$gtm_server,wideip=$wideip,dns_len=$dns_len\r\n"
}