Forum Discussion
Jeremy_Bridges_
Nimbostratus
NimbostratusCustom SNMP Trap Delay
I have configured some custom SNMP traps in /config/user_alert.conf following this article:
http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=256
Here is the alert definition I have defined:
alert BIGIP_CUSTOM_TEST "testing notification" {
snmptrap OID=".1.3.6.1.4.1.3375.1.1.110.200"
}
The article is excellent. However, it seems there is an odd delay that shows up. If I trigger a trap using the logger command:
logger -p local0.warning "testing notification"I will see a SNMP trap (using WireShark). However, if I immediately repeat the logger command, no trap is sent. After waiting some time (30-60 seconds), running the logger command again will trigger another trap.
Is this normal behavior? If so, why does it work this way?
2 Replies
hoolioCirrostratus
I think that's syslog-ng suppressing duplicate messages:
http://devcentral.f5.com/wiki/default.aspx/iRules/log
Note There is a significant behavioral difference when the optional . is specified. When iRule logs messages without the facility and/or level, they are rate-limited as a class and subsequently logged messages within the rate-limit period may be suppressed even though they are textually different. However, when the and/or are specified, the log messages are not rate-limited (though syslog-ng will still perform suppression of repeated duplicates).
Aaron
Jeremy_Bridges_That makes sense. Fortunately, this kind of supression should be ok. We want to know when a pool member is marked down, but we don't care if it supresses messages about the same pool member being marked down several times in a short time period. Thanks for the info.
