Forum Discussion
Atul_kumar_1994
Nimbostratus
Nimbostratusirule is unable to block all of the unwanted UDP syslog messages which is not there in the string filter
Please see the below irule
when CLIENT_ACCEPTED {
UDP::payload replace 0 0 [binary format ssssa256 255 255 255 255 [string repeat "~" 256]]
if { [class match [UDP::payload] contains syslog_strings] } {
binary scan [UDP::payload] ssssa256a* a b c d e data
UDP::payload replace 0 [UDP::payload length] $data
pool pool1
} else { discard } }
This irule is configured to only allow the UDP messages in the asa_syslog_strings to forward to the pool pool1
Please help ASAP
1 Reply
Max_Q_factorCirrocumulus
It sounds like the F5 may treat multiple messages as a single UDP connection. Have you created a specific UDP profile for the syslog servers and changed the timeout value to immediate?
SOL7535: Overview of the UDP profile
