Forum Discussion

bongshanks's avatar
bongshanks
Icon for Nimbostratus rankNimbostratus
Jan 18, 2018

Debugging a non functioning HSL config

Ok, I've got a pretty simple iRule that works fine when using the log local0. command. When I change the local.0 to HSL, the HSL does not log.

I check the pool and the monitor on 514 is showing green. I check the stats and all traffic is zeroed out. I check the LTM log and I don't even see an attempt to start an HSL session. (this is on 12.1.2 btw)

I have a theory that HSL won't start if TMM detects the pool having an issue. However I don't know of a good way to check that.

Do you any of you have any suggestions for troubleshooting? 

when CLIENT_ACCEPTED {
   set hsl [HSL::open -proto UDP -pool hsl_syslog_pool]
  HSL::send $hsl "SSL_CUSTOM: Connection of Client Source IP: [IP::client_addr]:[TCP::client_port]<-->[virtual name]<-->[LB::server]"
}
when CLIENTSSL_HANDSHAKE {
    HSL::send $hsl "Client: [IP::client_addr] is using [SSL::cipher version] SSL Cipher:[SSL::cipher name] Virtual:[virtual] SSL Profile:[PROFILE::clientssl name]"
    SSL::collect
  }
}
iRules
security
TMOS

1 Reply

Sort By
  • Ilian_Ivanov's avatar
    Ilian_Ivanov
    Icon for Nimbostratus rankNimbostratus
    Jan 19, 2018

    Hello,

     

    If when you use local.0 and it is working as expected, proceed troubleshooting with capturing the traffic with tcpdump in order to see if there is some outgoing traffic when the iRule is executed. When you are using HSL don`t expect to see something in the ltm logs.

     

    Also check your pool monitor. If you have applied UDP monitor only, it is not enough. You need to add also ICMP.

     

    Regards