Forum Discussion

jaikumar_f5_226

Nimbostratus

Feb 04, 2018

Alerts || Events triggered for audit logs too

Hi All,

I had few custom alerts configured in /config/user_alert.conf

like, so its looking for log message

jaikumar

in the ltm log,

alert testing "jaikumar" {
    exec echo "Jai is doing testing"
}

But recently I noticed, the alerts are triggered for logs of audit too. It was my understanding that alertd daemon examines the /var/log/ltm logs alone. So everytime when I wanted to test it I used to run throw a message in ltm log -

logger -p local0.notice "jaikumar"

So when I ran a dummy command like, obviously the virtual does not exist,

tmsh list ltm virtual jaikumar

alertd examines the log message (jaikumar) from audit log & triggers the custom event action thats configured.

Can someone confirm me if this behavior is normal, does alertd looks for every log messages. Can we restrict it ?

iCall

security

TMSH

No RepliesBe the first to reply

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Alerts || Events triggered for audit logs too

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

Leveraging Ansible Rulebooks for Streamlined Event Triggers: Advantages and Benefits

Configure Generic Webhook Alert Receiver using F5 Distributed Cloud Platform

Certificate Expiry Email alert configuration

iRule Event Order Flowchart

ASM L7 DoS email alert

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS