Forum Discussion
NimbostratusAlert.conf file
Any idea where to get the info on what each alert string means and does within the alert.conf file?
9 Replies
This article might help you decipher SNMP traps a bit, or at least start you down that path: https://support.f5.com/kb/en-us/solutions/public/3000/700/sol3727.html
Steven_J__WilliI need like a reference sheet that states what each snmp line does and what its alerting on?
Like:
alert BIGIP_MCPD_MCPDERR_POOL_MEMBER_MON_STATUS_UP { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.11"; email toaddress="myemail@domain.com" fromaddress="root" body="Pool Member status is UP"
What is MCPD and how is this snmp trap difference compared to:
alert BIGIP_GTMD_POOL_SNMP_STATUS_CHANGE_X "SNMP_TRAP: Pool .? state change .? --> green" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.40"
- Steven_J__Willi
I am getting very uneasy results with this. The alerts do not stop when configured. UP/DOWN emails continuously even after the pool members have been brought back online. here is the config:
/* * from bigd (CR36393) -- changed from mcpd messages in v9.2.0 (CR46190) and hotfix v9.0.5 * For the following 4 alerts, messages need to be used in pattern match to * distiguish different ipaddr, port, etc. So, if these messages are changed, * the changes in alert system need to be done accordingly.
*/ alert BIGIP_MCPD_MCPDERR_POOL_MEMBER_MON_STATUS { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.10"; email toaddress="email@domain.com" fromaddress="root" body="Pool Member status is DOWN" } alert BIGIP_MCPD_MCPDERR_POOL_MEMBER_MON_STATUS_UP { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.11"; email toaddress="email@domain.com" fromaddress="root" body="Pool Member status is UP" }alert BIGIP_MCPD_MCPDERR_NODE_ADDRESS_MON_STATUS { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.12"; email toaddress="email@domain.com" fromaddress="root" body="Node status is DOWN" } alert BIGIP_MCPD_MCPDERR_NODE_ADDRESS_MON_STATUS_UP { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.13"; email toaddress="email@domain.com" fromaddress="root" body="Node status is UP"
gsharriAltostratus
What is the frequency of the up/down email alerts? Did this start after modifying alert.conf? Do you get snmp traps or just the emails? Are there log messages in /var/log/ltm that correspond to the emails you are seeing? If so then it's likely pool members are actually being marked up/down.
- Steven_J__Willi
they are coming in every minute or so..yes it started after I dropped the posted config lines. Just emails we are not sending snmp at this point. says ltm is not a directory. but the pool is up and so are the nodes and i can still see the emails flooding inbound up/down
- gsharriThe syntax of the config lines you posted above looks correct. ltm is the log file that will contain the pool member up/down syslog messages. Use less, more, tail to view it.
- Steven_J__Willi[root@LAB-01:Active:Changes Pending] config cd /var/log/ltm -bash: cd: /var/log/ltm: Not a directory [root@LAB-01:Active:Changes Pending] config
- gsharriltm is a file not a directory. Do this command to see messages as they are written to the ltm log file: [root@inst:Active:Standalone] config tail -f /var/log/ltm Jan 29 13:35:32 inst info sshd[13349]: Accepted keyboard-interactive/pam for root from 192.168.17.30 port 57850 ssh2 Jan 29 13:58:05 inst notice mcpd[7658]: 01071682:5: SNMP_TRAP: Virtual /Common/lab10_vs has become unavailable Jan 29 13:58:05 inst notice mcpd[7658]: 01071682:5: SNMP_TRAP: Virtual /Common/vs_ssl has become unavailabl If there are no messages logged here when you see email alerts then that is odd. Does each alert message have a different timestamp? It might be time to open a case with F5 support.
