HSL stopped working

Question

So I'm trying to use HSL to replace our normal logging mechanisms as it appears we are going to significant increase logging.&nbsp;
When I first started testing, things were working fine.    Here is the basic rule.  There isn't much too it...&nbsp;
 &nbsp;
 &nbsp;
when CLIENT_DATA {&nbsp;
  TCP::collect&nbsp;
  set CLIENTIP [IP::client_addr]&nbsp;
  set VIP [IP::local_addr]&nbsp;
set hsl [HSL::open -proto UDP -pool Syslog_NY4]&nbsp;
   if { [IP::client_addr] != "208.89.236.196" }{&nbsp;
   log local0.info "Connection [IP::client_addr]:[TCP::client_port]&lt;-&gt;LTM&lt;-&gt;[IP::server_addr]:[TCP::server_port]"&nbsp;
if { [regexp "\x0149=(.*?)\x01" [TCP::payload] -&gt; SenderCompID] } {&nbsp;
HSL::send $hsl "Client IP:$CLIENTIP:Service Name:[virtual name]:VIP address:$VIP:client_port"&nbsp;
} else {&nbsp;
HSL::send $hsl "Client IP:$CLIENTIP:Service Name:[virtual name]:VIP address:$VIP:client_port:No SenderCompID"&nbsp;
}&nbsp;
TCP::release&nbsp;
}&nbsp;
}&nbsp;
 &nbsp;
I commented out the packet capture and regex to see if it would do simple logging.  But it doesn't anymore.  Looking at the syslog pool stats, 2 connections were made but nothing else since then.  &nbsp;
 &nbsp;
Is there something I'm  missing?&nbsp;
 &nbsp;
Standard logging is working fine.   &nbsp;

nitass · Answer

I commented out the packet capture and regex to see if it would do simple logging.  But it doesn't anymore.  Looking at the syslog pool stats, 2 connections were made but nothing else since then. there are more than two client-side tcp connections, aren't they?

brian_gibson_30 · Answer

What do you mean?  I commented out one of the HSL logging events.  Should have cleaned that up before posting but it isn't doing anything.

nitass · Answer

What do you mean?sorry to confuse. i just want to confirm if CLIENT_DATA event is triggered more than two times. by the way, in addition to checking number of connections on syslog server, can you also check syslog message there? just wondering whether bigip does not send syslog message or it sends but using only two connections.

brian_gibson_30 · Answer

Nitass, 
&nbsp;  
&nbsp; It is only logging once or at least that is what it is supposed to do.   When I set this up to log to syslog using the legacy method it works fine.   
&nbsp;  
&nbsp; I do not sethe HSL messages leaving the server.

brian_gibson_30 · Answer

Nitass, 
&nbsp;  
&nbsp; It is only logging once or at least that is what it is supposed to do.   When I set this up to log to syslog using the legacy method it works fine.   
&nbsp;  
&nbsp; I do not sethe HSL messages leaving the server.

Forum Discussion

HSL stopped working

5 Replies

Recent Discussions

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

google autenticator broken barcode

Related Content

Is your WAF as good as Tubbs and Crockette as stopping Smugglers?

HSL logging fully asycnronous? Using HSL::send via iRule - will it pause http processing of request?

BGP stops advertising after upgrade

Stop Using the Base TCP Profile!

Apache Style Logging with HSL