Forum Discussion

duckhead_25081's avatar
duckhead_25081
Icon for Nimbostratus rankNimbostratus
Oct 21, 2010

iRule for logging purposes

Hello all,     I tried searching the forums but I was not able to find a relevant post. I am in the process of troubleshooting a DNS issue on our BigIP 8900's and I need to create a logging iRul...
application delivery
dev
devops
iRules
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Oct 27, 2010
Hi Mark,

 

 

I think setting an immediate timeout for the UDP traffic might eliminate the high connection count problem. I'd suggest testing it on a non-production virtual server first though.

 

 

I could see DNS parsing being a useful feature for LTM. It can't hurt to open an RFE case with F5 Support.

 

 

You could log the DNS requests, but it would be binary data. You could use binary scan to parse it. Nat Thirasuttakorn added a great codeshare example for this:

 

http://devcentral.f5.com/wiki/default.aspx/iRules/DNS_decoding.html

 

 

The act of parsing and logging locally so many events itself could potentially take the box down or affect production traffic handling. You could try using the HSL:: commands to do this.

 

 

http://devcentral.f5.com/wiki/default.aspx/iRules/hsl

 

 

If it were me, I'd probably just capture a tcpdump and analyze it off the LTM. Not very sexy, but it would have the least impact.

 

 

Aaron