Alerts || Events triggered for audit logs too

Hi All,

I had few custom alerts configured in /config/user_alert.conf

like, so its looking for log message

jaikumar

in the ltm log,

alert testing "jaikumar" {
    exec echo "Jai is doing testing"
}

But recently I noticed, the alerts are triggered for logs of audit too. It was my understanding that alertd daemon examines the /var/log/ltm logs alone. So everytime when I wanted to test it I used to run throw a message in ltm log -

logger -p local0.notice "jaikumar"

So when I ran a dummy command like, obviously the virtual does not exist,

tmsh list ltm virtual jaikumar

alertd examines the log message (jaikumar) from audit log & triggers the custom event action thats configured.

Can someone confirm me if this behavior is normal, does alertd looks for every log messages. Can we restrict it ?

iCall

security

TMSH

Forum Discussion

Alerts || Events triggered for audit logs too

Recent Discussions

redirect not working

When F5OS r2800 appliance reboots, interfaces configured at tenant level for VLAN are lost

HIRE ADRIAN LAMO HACKER TO RECLAIM LOST CRYPTOCURRENCY

rSeries and tenant upgrades

cat and grep command for rst messages

Related Content

Leveraging Ansible Rulebooks for Streamlined Event Triggers: Advantages and Benefits

Certificate Expiry Email alert configuration

iRule Event Order Flowchart

ASM L7 DoS email alert

Security Automation with F5 BIG-IP and Event Driven Ansible