HSL Loggin & Splunk

Question

Hi Everyone,We are trying to build to HSL logging via the irules to the splunk. Here are the steps implemented so far.1. created a UDP 514 pool with remote logging servers.when CLIENT_ACCEPTED {set client_address [IP::client_addr]set syslogpool "splunk_hsl_pool_514"set vip [IP::local_addr]set hsl [HSL::open -proto UDP -pool $syslogpool]}when CLIENTSSL_HANDSHAKE {set ssl_cipher_negotiated [SSL::cipher name]set ssl_version [SSL::cipher version]#log local0. "Ciphers: $ssl_cipher_negotiated &amp; the version :$ssl_version"HSL::send $hsl "Ciphers: $ssl_cipher_negotiated &amp; the version :$ssl_version"}3. The irule applied on to the Virtual servers.I couldnt see anything when i search in splunk. It would be great if any one can help me with this.

neeeewbie · Answer

Hi
did you see any log on /var/log/ltm ?
please check logs&nbsp;

Forum Discussion

HSL Loggin & Splunk

1 Reply

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

it-sa Expo & Congress in Germany - DevCentral Visits

Setting up F5 Telemetry Streaming with Splunk Cloud

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing

Getting Started with Automating Deployment of MCN & Edge Compute