Forum Discussion

rmoss25's avatar
rmoss25
Icon for Altostratus rankAltostratus
Jun 05, 2018

HSL iRULE to send a copy of CEF events

Hi, Is it possible to send duplicate copy CEF events from a source IP to a Virtual Server with an HSL iRule. The destinations listening on port 8443? We have two ArcSight destinations I want to send the exact copy of CEF events too and was going to try the following iRule. My question is will this even work as its TCP based? or will it just open up a large number of connections to the target pool members? So Device Sens to VIP->VIP sends to Pool A on port 8443 and HSL iRULE sends a exact copy of data to Pool B on 8443

 

when CLIENT_ACCEPTED {

 

set hsl [HSL::open -proto TCP -pool pool_B]

 

} when CLIENT_DATA { HSL::send $hsl [TCP::payload] }

 

No RepliesBe the first to reply