Forum Discussion

Josh_41258's avatar
Josh_41258
Icon for Nimbostratus rankNimbostratus
Nov 07, 2011

Custom SNMP Trap Definition

My goal is to create a custom SNMP trap that will alert me when a SSL certificate is expiring soon. I have had Deb's article (http://devcentral.f5.com/Default.as...icleId=256) but still have a few questions that I'm hoping someone can help me with.

 

First, I'm a bit confused at the regex that I should be using to match the log. An example syslog message is:

 

 

 

Certificate 'mywork.com' in file mywork.com.crt will expire on Fri Nov 11 23:59:59 2011 GMT

 

 

 

.. so, my thought is to create a regexp that will match something similar to "Certificate * in file * will expire on," but I haven't gotten this to work correctly yet. Here is what I tried using:

 

 

 

"Certificate \'[\w\.]+\' in file \'[\w\.]+\' will expire"

 

 

 

That did not work, so I'm guessing it is not correct. I was able to match it via "will expire on," but this is a bit too generic and I would rather match it more accurately.

 

 

 

Next, how do I name the trap like the pre-defined traps are. The trap is coming through to my NMS as something generic like "bigIpNotifications.300"

 

 

 

The log message is contained in bigipNotifyObjMsg, but is there a way that I can separate the variable fields (such as the certificate file name, date, etc) into separate fields like bigipSSLCertName, etc so I can parse them on my NMS? All of the pre-defined traps seem to be parsed separately like this.

 

 

Thanks,

 

 

 

Josh

 

 

 

 

 

management
monitoring
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Nov 08, 2011
    i am not familiar with regex. this is mine. 

    [root@ve1023:Active] config  cat user_alert.conf
alert CERT_EXPIRE "Certificate (.*?w.*?) in file (.*?w.*?) will expire on (.*?)" {
        snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.300"
}

[root@ve1023:Active] config  logger -p local0.warning "Certificate 'mywork.com' in file mywork.com.crt will expire on Fri Nov 11 23:59:59 2011 GMT"

[root@ve1023:Active] config  tcpdump -nni 0.0 -s0 udp port 162
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:08:13.288342 IP 172.28.65.150.44961 > 192.168.206.102.162:  V2Trap(192)  .1.3.6.1.2.1.1.3.0=10469 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.3375.2.4.0.300 .1.3.6.1.4.1.3375.2.4.1.1="Certificate 'mywork.com' in file mywork.com.crt will expire on Fri Nov 11 23:59:59 2011 GMT" .1.3.6.1.6.3.1.1.4.3.0=.1.3.6.1.4.1.3375.2.4 out slot1/tmm0 lis=

    Next, how do I name the trap like the pre-defined traps are. The trap is coming through to my NMS as something generic like "bigIpNotifications.300"

    The log message is contained in bigipNotifyObjMsg, but is there a way that I can separate the variable fields (such as the certificate file name, date, etc) into separate fields like bigipSSLCertName, etc so I can parse them on my NMS? All of the pre-defined traps seem to be parsed separately like this.i guess we have to modify f5 mib file; anyway, i have never done it before and not sure if it is supported. hope someone here knows. i am interested too. 🙂