Forum Discussion

aaperson's avatar
aaperson
Icon for Cirrus rankCirrus
Dec 09, 2019

Can LTM 15.x send an email when someone logs in?

I'd like to receive and email when someone logs or attempts to log in to LTM. Basically I would like the Logins History log sent to me via email in real time. I already have SMTP set up and it work...
BIG-IP
devops
LTM
Notify
Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Dec 09, 2019

Hi aaperson,

Can you add following lines in /config/user_alert.conf?

alert login_history "(.*)pam_audit(.*)" {
	email toaddress="root@example.com"
	fromaddress="f5root"
	body="Your message."
}

Restart alertd service and try login.

tmsh restart sys service alertd
  • aaperson's avatar
    aaperson
    Icon for Cirrus rankCirrus
    Dec 10, 2019

    This iworks great but it only caught the login failures. I'd like the successes, too. Is that possible?

     

    Thanks in advance!

    • Enes_Afsin_Al's avatar
      Enes_Afsin_Al
      Icon for MVP rankMVP
      Dec 10, 2019

      I think, it send successful login emails. Both successful and failed logs contains "pam_audit" string.

      Example login fail log:

      Tue Dec 10 16:32:01 EET 2019	admin	0-0	httpd(pam_audit): User=admin tty=(unknown) host=172.16.11.135 failed to login after 1 attempts (start="Tue Dec 10 16:32:35 2019" end="Tue Dec 10 16:32:37 2019").:

      Example login success log:

      Tue Dec 10 16:32:37 EET 2019	admin	0-0	httpd(pam_audit): user=admin(admin) partition=[All] level=Administrator tty=(unknown) host=172.16.11.135 attempts=1 start="Tue Dec 10 16:32:01 2019" end="Tue Dec 10 16:32:01 2019".: