Forum Discussion
Festus_50639
Jan 10, 2011Nimbostratus
ASM_REQUEST_BLOCKING and email notification
I am trying to send an email notification directly from the ASM when the blocking response page is presented.
There is a post similar to this which I now cannot find, but it seemed geared more towards sending an snmp trap rather than sending an email notification.
Background and setup info -
-Big-IP version: 10.2.0 HF2
-ASM SMTP Options configured
-Using ASM Security policy with "Trigger ASM iRule Event" checked.
-ASM iRule assigned as a Virtual Server resource
-ASM iRule name: ASM_iRule_app1
-ASM iRule content:
when ASM_REQUEST_BLOCKING {
log local0. "ASM_BLOCK_app1 - Request for Support ID: ts.request.id has been blocked"
}
-/config/user_alert.conf entry information:
alert ASM_BLOCK_app1 "ASM_BLOCK_APP1" {
emailtoaddress="user1@domain.com,pager2@site.com"
fromaddress="ASM_ALERTS"
body="The ASM Blocking response page was just presented for an app1page request"
}
Questions -
1. Is an "snmptrap OID=" line required in the user_alert.conf file for each alert created? Based on the Solutions articles I've found, that appears to be the case. ( I would like to send an email alert without creating an snmptrap message.)
2. How can I add the SupportID to both the /var/log/ltm entry and the email that is sent by the alert daemon? (My thought is that I can add " . ts.request.id" to the end of the "body" line in the user_alert.conf entry.)
3. Has anyone successfully implemented something similar?
4. Does anyone know if this has been requested as a feature in a future release so that email notifications can be configured from the web UI when the blocking response page is presented?
- samstepCirrocumulusFirst of all ASM SMTP Options in 10.2 are for something else - for new scheduled reports feature. (Application Security/Reporting/Charts/Chart Scheduler)
alert ASM_BLOCK "ASM_REQUEST_BLOCKING" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.555"; email toaddress="youremailhere@yourcompany.com" fromaddress="ASM@mybigipdevice.com" body="ASM Block" }
when ASM_REQUEST_BLOCKING { log local0. "SupportID: [lindex [ASM::violation_data] 1]" }
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects