[HSL] log iRule events testing with DNS traffic

Question

Hello All,
I'm testing the HSL logging with an irule by triggering DNS traffic.
I have the log publisher configured as "Splunk_HSL_Publisher"
Could anyone check and help me to know whether the below work to test the HSL logging by triggering DNS traffic&nbsp;

when RULE_INIT {
    set static::general_remote_syslog_publisher "Splunk_HSL_Publisher"
}
when DNS_REQUEST {
    set hsl [HSL::open -publisher $static::general_remote_syslog_publisher]
    HSL::send $hsl "Client connect from [IP::client_addr]"&nbsp;
}

snl · Answer

why don't you try below IRULE ( CREATE A POOL Pool-syslog) contain splunk server
when DNS_REQUEST {
    set client_addr [IP::client_addr]
    set dns_server_addr [IP::local_addr]
    set question_name [DNS::question name]
    set question_class [DNS::question class]
    set question_type [DNS::question type]
    set data_center [whereami]
    set geo_information [join [whereis $client_addr] ;]
    set gtm_server [whoami]
    set wideip [wideip name]
    set dns_len [DNS::len]

set hsl [HSL::open -proto UDP -pool Pool-syslog]
    HSL::send $hsl "&lt;190&gt;,f5_irule=Splunk-iRule-DNS_REQUEST,src_ip=$client_addr,dns_server_ip=$dns_server_addr,src_geo_info=$geo_information,question_name=$question_name,question_class=$question_class,question_type=$question_type,data_center=$data_center,gtm_server=$gtm_server,wideip=$wideip,dns_len=$dns_len
"
}

Forum Discussion

[HSL] log iRule events testing with DNS traffic

1 Reply

Recent Discussions

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Related Content

Khoros article scheduling test

iRule Event Order Flowchart

Security Automation with F5 BIG-IP and Event Driven Ansible

Testing the security controls for a notional FDX Open Banking deployment

DC failover test via GTM