Email alert for failed and successful login

Nacreous

Jun 18, 2015

Hi,

if I'm not wrong, those OIDs are obsolete in LTM v.11.6.

I've made an example of how you could do in case of having no standard way. I've done with two different OIDs, in order to differentiate the access type.

Add the following in /config/user_alert.conf with appropriate values:

alert BIGIP_CUSTOM_GUI_LOGIN_FAILED "httpd\(pam_audit\): User=(.*) tty=(.*) host=(.*) failed to login after (.*) attempts" {
    snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.300";
    email toaddress="toaddress@mydomain.com"
    fromaddress="fromaddress@mydomain.com"
    body="This is a custom alert OID .1.3.6.1.4.1.3375.2.4.0.300"
}
alert BIGIP_CUSTOM_SSH_LOGIN_FAILED "sshd\(pam_audit\): User=(.*) tty=(.*) host=(.*) failed to login after (.*) attempts" {
    snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.301";
    email toaddress="toaddress@mydomain.com"
    fromaddress="fromaddress@mydomain.com"
    body="This is a custom alert OID .1.3.6.1.4.1.3375.2.4.0.301"
}

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-11-6-0/11.html?sr=46312739

if your outbound smtp setup was successful, it should work.

Regards.

Forum Discussion

Email alert for failed and successful login

Recent Discussions

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Related Content

SkyNet Is Coming For Email First... Thankfully!

Certificate Expiry Email alert configuration

BIGIP OAUTH : Transmit "Application id" to backend server after a successful atuthentication

ASM ser input type email doesn't allow valid emails

ASM L7 DoS email alert