F5 | 464708

Severity: 4-Minor ... Symptoms ... DNS logging does not support Splunk format logging. ... It fails to log the events, instead logging err messages: hostname="XXXXXXXXXXXXX.XX",errdefs_msgno="01230140:3: ... Impact ... DNS logging does not log Splunk format to HSL. ... Conditions ... DNS logging configured for Splunk format. ... Workaround ... Use an iRule to send Splunk-formatted messages to the Splunk server. ... For example: ltm rule dns_logging_to_splunk { when DNS_REQUEST { set ldns [IP::client_addr] set vs_name [virtual name] set q_name [DNS::question name] set q_type [DNS::question type] set hsl [HSL::open -proto UDP -pool splunk-servers] HSL::send $hsl "<190>,f5-dns-event=DNS_REQUEST,ldns=$ldns,virtual=$vs_name,query_name=$q_name,query_type=$q_type" } when DNS_RESPONSE { set ldns [IP::client_addr] set vs_name [virtual name] set q_name [DNS::question name] set q_type [DNS::question type] set answer [