UDP packet duplication and send them to 2 different pools

These steps might help. I have not validated the client-ip replace logic but can tell you send raw [UDP::payload] works fine in our testing.

Be sure to match up whatever you decide to use for your Log Publisher name to the reference within the iRule.

1) Create a single pool containing all members that need the duplicated syslog data

Ex: syslog_pool

Members:

10.10.0.100:514

10.10.0.101:514

2) Create a new HSL Log Destination

a) Select your pool from step 1

b) Select 'UDP' for the protocol

c) Change distribution type from 'adaptive' to 'replicated'

3) Create a new HSL Log Publisher entitled 'syslog_publisher'

a) Select the HSL Log Destination from step 2

4) Create a new iRule that will handle the inbound traffic

when CLIENT_ACCEPTED {

set payloadLength [UDP::payload length]

set address [IP::client_addr]

set addressLength [ string length $address ]

   set hsl [HSL::open -publisher /Common/syslog_publisher]

}

when CLIENT_DATA {

   HSL::send $hsl "UDP::payload replace $payloadLength $addressLength $address"

}

5) Create a standard virtual server

a) Assign the appropriate IP and Service Port

b) Select UDP Protocol

c) Select UDP Profile

d) Assign the iRule from step 4