Forum Discussion

Nimbostratus

Aug 25, 2015

Log DNS queries with iRule?

We are load balancing our DNS requests through LTM. We'd like to log at the F5 so we capture the client address (LTM uses SNAT). Based on a few examples on Devcentral, they mostly use this same query...

Employee

Aug 26, 2015

That shouldn't matter. A set of those commands work with LTM, including

DNS::question

. I just tried the following for a VE licensed and provisioned for LTM (no GTM) and it did what I expected:

when DNS_REQUEST {
    log local0. "QUERY from ([IP::client_addr]) for ([DNS::question class] [DNS::question type] [DNS::question name])"
}

A log entry looks like this:

tmm1[9500]: Rule /Common/dns_test_rule : QUERY from (10.11.210.200) for (IN A www.foo.com)

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Log DNS queries with iRule?

Recent Discussions

Protect game servers

Irules Editor

SSL Server Profile

VAPT or APT tools scan prevention

High CPU utilization (100%).

Related Content

Irule query

Making SNMP queries in iRules

irule to change url with preserving query parameters and include extra names in the final url

APM configuration query

SNMP ARP table query

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS