Sending HSL data in json format.

One example of how to configure this.

1.- Configure iRule.

when SERVER_CONNECTED {
    catch {
        set hsl [HSL::open -publisher /Common/HSL_PUB]
    }
    set timestamp  [clock clicks -milliseconds]
    set cs_client_ip [clientside {IP::remote_addr}]
    set cs_client_port [clientside {TCP::remote_port}]
    set cs_server_ip [clientside {IP::local_addr}]
    set cs_server_port [clientside {TCP::local_port}]
    set ss_client_ip [serverside {IP::local_addr}]
    set ss_client_port [serverside {TCP::local_port}]    
    set ss_server_ip [serverside {IP::remote_addr}]
    set ss_server_port [serverside {TCP::remote_port}]
 
    catch {
        HSL::send $hsl "{\"version\":\"1.1\",\"level\":\"6\",\"_stream_filter\":\"test\",\"_TIMESTAMP\":\"[clock clicks -milliseconds]\",\"_CLIENT\":\"[clientside {IP::remote_addr}]:[clientside {TCP::remote_port}]\",\"_VIP\":\"[clientside {IP::local_addr}]:[clientside {TCP::local_port}]\",\"_SNAT\":\"[serverside {IP::local_addr}]:[serverside {TCP::local_port}] \",\"_SERVER\":\"[serverside {IP::remote_addr}]:[serverside {TCP::remote_port}]\"}"
    }
}

2.- Configure HSL_PUB

sys log-config destination remote-high-speed-log HSL_SRV {
    pool-name P-WEB1_80
    protocol udp
}
sys log-config publisher HSL_PUB {
    destinations {
        HSL_SRV { }
    }
}

3.- Apply iRule to the VS and generate traffic.

---

After capturing traffic output, that's the result.

13:13:09.553783 00:50:56:8f:8f:ec > 00:50:56:8f:ae:99, ethertype 802.1Q (0x8100), length 260: vlan 4094, p 0, ethertype IPv4, 10.130.40.41.47233 > 172.16.100.1.80: UDP, length 207 out slot1/tmm1 lis=
E....?@.....
.()..d....P..C.{"version":"1.1","level":"6","_stream_filter":"test","_TIMESTAMP":"1580299989553","_CLIENT":"10.130.41.41:54197","_VIP":"10.130.41.50:80","_SNAT":"10.130.40.41:54197 ","_SERVER":"172.16.100.2:80"}.......

Let me know if this helps.

KR,

Dario.