Forum Discussion
Akshay_SK
Nimbostratus
NimbostratusSending HSL data in json format.
Just wanted to know if data can be sent via HSL in json format as below : HSL::send $hsl "{ "Attacker_IP":$remoteip, "Destination_IP":[IP::local_addr], "User-Agent":$useragent, "ISP":$isp, "Coun...
One example of how to configure this.
1.- Configure iRule.
when SERVER_CONNECTED { catch { set hsl [HSL::open -publisher /Common/HSL_PUB] } set timestamp [clock clicks -milliseconds] set cs_client_ip [clientside {IP::remote_addr}] set cs_client_port [clientside {TCP::remote_port}] set cs_server_ip [clientside {IP::local_addr}] set cs_server_port [clientside {TCP::local_port}] set ss_client_ip [serverside {IP::local_addr}] set ss_client_port [serverside {TCP::local_port}] set ss_server_ip [serverside {IP::remote_addr}] set ss_server_port [serverside {TCP::remote_port}] catch { HSL::send $hsl "{\"version\":\"1.1\",\"level\":\"6\",\"_stream_filter\":\"test\",\"_TIMESTAMP\":\"[clock clicks -milliseconds]\",\"_CLIENT\":\"[clientside {IP::remote_addr}]:[clientside {TCP::remote_port}]\",\"_VIP\":\"[clientside {IP::local_addr}]:[clientside {TCP::local_port}]\",\"_SNAT\":\"[serverside {IP::local_addr}]:[serverside {TCP::local_port}] \",\"_SERVER\":\"[serverside {IP::remote_addr}]:[serverside {TCP::remote_port}]\"}" } }2.- Configure HSL_PUB
sys log-config destination remote-high-speed-log HSL_SRV { pool-name P-WEB1_80 protocol udp } sys log-config publisher HSL_PUB { destinations { HSL_SRV { } } }3.- Apply iRule to the VS and generate traffic.
---
After capturing traffic output, that's the result.
13:13:09.553783 00:50:56:8f:8f:ec > 00:50:56:8f:ae:99, ethertype 802.1Q (0x8100), length 260: vlan 4094, p 0, ethertype IPv4, 10.130.40.41.47233 > 172.16.100.1.80: UDP, length 207 out slot1/tmm1 lis= E....?@..... .()..d....P..C.{"version":"1.1","level":"6","_stream_filter":"test","_TIMESTAMP":"1580299989553","_CLIENT":"10.130.41.41:54197","_VIP":"10.130.41.50:80","_SNAT":"10.130.40.41:54197 ","_SERVER":"172.16.100.2:80"}.......Let me know if this helps.
KR,
Dario.
Hello Akshay
Sure, you can. Let try something like this:
HSL::send $hsl "{\"TIMESTAMP\":\"[clock clicks -milliseconds]\",\"CLIENT\":\"$client_ip\", ... }"KR,
Dario.
Akshay_SKNimbostratus
NimbostratusThis worked for me. Thanks Dario!
Glad to hear this.
Please, don't forget to mark the answer as "the best".
KR,
Dario.