Forum Discussion
I have the same scenario and I like the simplicity in the suggested solution. I on the other hand have netflow that I want to duplicate to two different flow collectors.
I tested it and packets are duplicated towards the two destinations but the source address is set to the self IP of the F5.
I tried adding snat under the CLIENT_ACCEPTED section and setting it to the client source address but it did not make any difference.
Is there a way to preserve the source IP address when using HSL::open/HSL::send?
- AndreasWallNov 06, 2020Nimbostratus
Yesterday I found out that HSL::send will use the self ip of the outgoing interface. Using the snat command will make no difference.
- jaikumar_f5Nov 06, 2020MVP
HSL sends logs from TMM, unlike native syslog-ng which uses mgmt. To get the mgmt, i think you have to create a static route table.
- Scott_PayneSep 12, 2024Employee
You can't do that with HSL, but you can do it with a sideband connection. What follows is an example iRule:
when CLIENT_ACCEPTED {# The client source address
set clientIP [IP::client_addr]
# The client source port
set clientPort UDP::client_portif {[catch {connect -myaddr $clientIP -myport $clientPort -timeout 1000 -idle 30 -protocol UDP -status conn_status 10.1.20.200:9995} conn_id] == 0 && $conn_id ne ""}{
log local0. "Connect returns: $conn_id and conn status: $conn_status"} else {
log local0. "Connection could not be established to sideband_virtual_server"
}}
when CLIENT_DATA {
if {$conn_id ne ""} {
# grab UDP payload
set data [UDP::payload]# Send the data out to the netflow collector using the source IP and port from the client
send -timeout 1000 $conn_id $data
#close $conn_id
}
}A version of this was used to send Netflow data to another harvester / collector (in addition to the pool on the virtual server)