For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

xuwen's avatar
xuwen
Icon for Cumulonimbus rankCumulonimbus
Oct 14, 2022
Solved

iRules code share,only use tcp protocol profile to log tcp dns request and A or AAAA dns answers ip

if you not have GTM/DNS license, VS in Standard mode, only use tcp protocol profile to log tcp dns request, and if query type is A or AAAA, it will also log A or AAAA dns answers ip proc decode_dns...
  • JRahm's avatar
    JRahm
    Oct 17, 2022

    Nice addition, xuwen, thanks for sharing!

    For those that find this, it's a fantastic example of how to use binary commands to decode the protocol, but I wouldn't recommend logging dns traffic to local0. unless it's for a very brief point in time for troubleshooting purposes, and even then, if your system has heavy dns traffic, it's likely to significantly reduce throughput. A better option for logging from iRules would be to use HSL and send the logs off-box for analysis.

JRahm's avatar
JRahm
Icon for Admin rankAdmin
Oct 17, 2022

Nice addition, xuwen, thanks for sharing!

For those that find this, it's a fantastic example of how to use binary commands to decode the protocol, but I wouldn't recommend logging dns traffic to local0. unless it's for a very brief point in time for troubleshooting purposes, and even then, if your system has heavy dns traffic, it's likely to significantly reduce throughput. A better option for logging from iRules would be to use HSL and send the logs off-box for analysis.