Forum Discussion
Abdessamad_851
Nimbostratus
NimbostratusASM L7DOS snmp traps
Dear,
Do you know of any known issue about l7ddos snmp traps. For some reason they are not sent at all.
The log entry in /var/log/dosl7/dosl7d.log is well present, but no snmp trap is sent.
I c...
Abdessamad1
Cirrostratus
CirrostratusSmall update as we got some feedback from F5 support:
"Since messages generated by the dosl7d process are not processed by the alertd SNMP process there is no possible workaround, this functionality needs to be hard coded. Currently the only option to be notified of a DOS attack is by an external logging device."
"SNMP traps rely on the syslog facility, however ithe dosl7d daemon writes directly to its log file rather than using syslog facilities, which means that the messages it issues do not pass through the syslog pipe that is the source for almost everything in the syslog-ng configuration. As a result, the alertd daemon can't see the dosl7d messages too and therefore is unable to act on them and trigger SNMP traps.
Our solution article below about custom scripts based on a syslog message also makes reference to thishttps://
Messages generated by the dosl7d process in BIG-IP ASM 11.3.0 and later are not processed by the alertd SNMP process. Layer 7 (L7) denial of service (DoS) messages,therefore, cannot be used for triggering commands or custom scripts.
A Request For Enhancement (ID486827) was raised to make it possible to configure a syslog destination for dosl7 messages (which should also help resolve the issue with trap messages). This functionality is expected to become available in the future public releases only. Product Development does not have any definite details for these releases still."