Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

hsl logging apm

Dor
Nimbostratus
Nimbostratus

‎24-Mar-2020 08:52 - last edited on ‎05-Jun-2023 02:59 by Fog

hey,

i have configured this iRule to send syslog message to a remote server with the username and ip that a user gets once starts network access.

i see the log written on the ltm log file however i see no syslog traffic leaving the F5

when CLIENT_ACCEPTED {
    ACCESS::restrict_irule_events disable
    set hsl [HSL::open -proto UDP -pool PA-IL-SyslogUID]
}


when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/isession?sess=" } {
        after 5000 { log local0. "VPN started for [ACCESS::session data get session.logon.last.username] from IP [IP::client_addr] assigned client IP [ACCESS::session data get session.assigned.clientip]"}
        HSL::send $hsl "Network Access username:[ACCESS::session data get session.logon.last.username] client-ip:[IP::client_addr] vpn-ip:[ACCESS::session data get session.assigned.clientip]"
    }
}
Labels:
0 Kudos
1 REPLY 1

The-messenger
Cirrostratus
Cirrostratus

‎08-Feb-2022 14:03

This is an old post, no answers ?
Are you sending data to Splunk?
If so, I see you have what the Splunk docs show for "set hsl".  I ended up using the publisher, not "proto UDP -pool .."

Reply back if you're still working on this, I'll post my iRule for sending APM data to Splunk.

0 Kudos
Copyright © 2023 Khoros, LLC