Open a handle for High Speed Logging communication. After creating the
connection, send data on the connection using
HSL::send
.
When using HSL::open to directly reference a syslog pool, the virtual
server might show an available status even though the default pool
might be down.This is because the virtual server would be using the
status of the syslog pool referenced in the HSL::open command. To
work around this issue,
place the syslog pool in a variable and
reference the variable
. For more information see
Solution
14505
HSL::open -proto <UDP|TCP> -pool <poolname>
Opens and returns a handle for High Speed Logging communication. The
handle can be used with
HSL::send
to send data
over a particular protocol (TCP or UDP) to a pool comprised of one or
more logging servers.
HSL::open -publisher <publisher>
Opens and returns a handle for High Speed Logging communication for a
log publisher configured in System->Logs->Configuration->Log
Publishers. The handle should be used with the
HSL::send
command to send data to the publisher.
introduced in v11.3
Note: The protocol is case sensitive and must be specified in all
uppercase letters. Prior to 11.1 the protocol value is not validated
when an iRule is saved, but will cause a run-time error when executed
for a connection if the protocol is not valid (UDP or TCP).
The pool name is not validated when an iRule is saved but will cause
a run-time error when executed if the pool does not exist.
Examples
when CLIENT_ACCEPTED {
set hsl [HSL::open -proto UDP -pool syslog_server_pool]
when HTTP_REQUEST {
# Log HTTP request via syslog protocol as local7.info; see RFC 3164 for more info
HSL::send $hsl "<190> [IP::local_addr] [HTTP::uri]\n"
when HTTP_REQUEST {
HSL::send $hsl "<190> [IP::client_addr]:[TCP::client_port]->[IP::local_addr]:[TCP::local_port]; [HTTP::host][HTTP::uri]"
When deciding on a publisher for your log messages, bear in mind that
HSL::send will not work if the publisher is configured with some
formatted destinations like arcsight or splunk. If the log server
expects CEF or Splunk formatted messages, the iRule should craft the
data the way the server expects it to be formatted and send to a
publisher configured with an unformatted destination, such as
remote-high-speed-log.
Related Information
Valid Events:
Warning
The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.
Sample Code:
Apache Style Logging with HSL
- When SNATing to servers. the client IP is lost. This was
information our se…
Formatted Logging For W3c
- This iRule Allows you to log traffic in a W3C compliant fashion.
HTTP request cloning
- Clone HTTP requests to one or more destination pools
Log large HTTP payloads in chunks locally and
remotely
- Log POST request payloads remotely via HSL to a syslog server
and locally.
SMTP filter and forward proxy
- SMTP filter and forward proxy
Introduced: GTM-11.1.0
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor
or control community code contributions. We make no guarantees or warranties regarding the available code,
and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any
code available in the BIG-IP API reference guides is solely at your own risk.
