Apache Style Logging with HSL

After some messing around, I was able to produce the following that would grab the client's actual IP, their SNAT IP, the actual pool member IP, it's associated virtual server and the time of the initial connection. It will only log one entry when the connection to the server is torn down as opposed to multiple entries for every HTTP element that's accessed. The only concern I have with this setup is whether or not it will catch DDoS attempts. I'm not sure if the fact that it logs on SERVER_CLOSED means that it won't log when the server has too many open connections. when CLIENT_ACCEPTED { set now [clock format [clock seconds] -format "%Y/%b/%d:%H:%M:%S %z"] } when SERVER_CONNECTED { set view_clientip [IP::client_addr] set view_clientsnat [IP::local_addr] set view_serverip [IP::remote_addr] set view_servervip [clientside {IP::local_addr}] } when SERVER_CLOSED { set hsl [HSL::open -proto UDP -pool hsl_logging_servers] HSL::send $hsl "<190>snat_log: clientIP:$view_clientip {snat:$view_clientsnat} serverIP:$view_serverip {vip:$view_servervip} connected:$now\n" } The log entry looks like this: 2015-09-01 09:46:22Local7.Info10.10.0.3snat_log: clientIP:192.168.1.10 {snat:172.16.31.100} serverIP:192.168.100.10 {vip:172.31.10.50} connected:2015/Sep/01:09:45:50 -0500 edit: the comment formatting makes this look terrible.