Bug ID 435078: Deterministic NAT logging: DNAT connection logging not available in Syslog/Splunk format

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP CGN(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1

Fixed In:
11.4.1 HF4, 11.4.0 HF6

Opened: Oct 23, 2013
Severity: 2-Critical
Related AskF5 Article:


In 11.4.0, HSL does not log long living connections. Instead, "LSN_ADD" and "LSN_DELETE" are logged where long living connections should be logged. However, "LSN_ADD" and "LSN_DELETE" can't replace long living connection as they're logged on the same second and doesn't provide duration of the connection. Deterministic NAT log entries for long live connections after configuration changes for Splunk/Syslog can not be used for reverse mapping.


Reverse mapping for connections around the time of configuration changes that impacted deterministic NAT reverse mapping could be incorrect.


Using deterministic NAT with log publish logging to Splunk or Syslog format utilizing the HSL mechanism, the log entries will show LSN_ADD/LSN_DELETE, these entries are not usable for reverse mapping translations.


Use LTM log if changes needs to be made to LSN Pool that affects translation.

Fix Information

LSN pool will now correctly log long-live connections usable by dnatutil.

Behavior Change