Forum Discussion

Thiyagu_343098's avatar
Thiyagu_343098
Icon for Nimbostratus rankNimbostratus
Oct 24, 2018

[HSL] log iRule events testing with DNS traffic

Hello All, I'm testing the HSL logging with an irule by triggering DNS traffic. I have the log publisher configured as "Splunk_HSL_Publisher" Could anyone check and help me to know whether the below ...
application delivery
iRules
LTM
Snl's avatar
Snl
Icon for Cirrostratus rankCirrostratus
Oct 24, 2018

why don't you try below IRULE ( CREATE A POOL Pool-syslog) contain splunk server

when DNS_REQUEST {
    set client_addr [IP::client_addr]
    set dns_server_addr [IP::local_addr]
    set question_name [DNS::question name]
    set question_class [DNS::question class]
    set question_type [DNS::question type]
    set data_center [whereami]
    set geo_information [join [whereis $client_addr] ;]
    set gtm_server [whoami]
    set wideip [wideip name]
    set dns_len [DNS::len]

    set hsl [HSL::open -proto UDP -pool Pool-syslog]
    HSL::send $hsl "<190>,f5_irule=Splunk-iRule-DNS_REQUEST,src_ip=$client_addr,dns_server_ip=$dns_server_addr,src_geo_info=$geo_information,question_name=$question_name,question_class=$question_class,question_type=$question_type,data_center=$data_center,gtm_server=$gtm_server,wideip=$wideip,dns_len=$dns_len\r\n"
}