2.1. Log Profile

In order to Log DNS queries, responses, or both, a logging profile must be created. The log profile specifies both the formatting and destination of the log messages which is typically off the BIG-IP using High Speed Logging (HSL).

Normally due to log volume, DNS logs would be sent off the BIG-IP, but for the purpose of the lab we will use a local syslog destination to easily see log messages.

  1. Create a “Log Publisher” for local syslog.

    Navigate to: System ›› Logs : Configuration : Log Publishers

    ../../_images/system_log_publisher_flyout1.png

    Create a local syslog publisher as shown in the table below:

    Setting Value
    Name local-syslog-publisher
    Destinations local-syslog
    ../../_images/sys_syslog_publisher_details1.png

    TMSH

    tmsh create sys log-config publisher local-syslog-publisher { destinations add { local-syslog { } } }

  2. Create a “Logging Profile”

    Navigate to DNS ›› Delivery : Profiles : Other : DNS Logging

    ../../_images/dns_cache_transparent_flyout_router01.png

    Create a DNS logging profile as shown in the table below:

    Setting Value
    Name example_dns_logging_profile
    Log Publisher local-syslog-publisher
    Log Responses enabled
    Include Query ID enabled
    ../../_images/dns_cache_transparent_create_router01.png

    TMSH

    tmsh create ltm profile dns-logging example_dns_logging_profile enable-response-logging yes include-query-id yes log-publisher local-syslog-publisher