Aurel
Aug 30, 2013Cirrus
HSL sending issue
Hi,
From the documentation, i do understand that HSL is quite simple syntax, and should work like this :
eg :
when HTTP_REQUEST {
set hsl [HSL::open -proto UDP -pool POOL_SYSLOG]
set test ...
I don't think you caught my last recommendation. Create a NEW syslog pool that contains an IP address that isn't used ANYWHERE on your network. Use that pool in your HSL::open statement, and then watch TCPDUMP for port 514 traffic sending to that address. If you filter it down to just port 514 and this IP address, you shouldn't see any other traffic than what HSL might be sending.
By the way, what version are you running?