I have searched for a while now, and have not found a solution. Alertd appears to be the method of sending an email alert; how do I tell it a node is down? Or a custom scripted monitor looked like a candidate. I am not necessarily looking for the solution - just guidance of where to investigate further.

Hello, First, you'd want to associate a monitor on the pool. Then you need to configure postfix to send mail remotely. And then configure alertd to send email. There are a few related solutions on AskF5 that you can use as a guide for this: SOL3667: Configuring SNMP trap alerts to send email notifications https://support.f5.com/kb/en-us/solutions/public/3000/600/sol3667.html?sr=392739 SOL3664: Configuring BIG-IP to deliver locally-generated email messages https://support.f5.com/kb/en-us/solutions/public/3000/600/sol3664.html And if you want to generate a message based on a custom log event, refer to SOL3727: SOL3727: Configuring custom SNMP traps https://support.f5.com/kb/en-us/solutions/public/3000/700/sol3727.html Aaron

Posted By hoolio on 01/28/2008 10:19 AM There are a few related solutions on AskF5 that you can use as a guide for this: SOL3667: Configuring SNMP trap alerts to send email notifications https://support.f5.com/kb/en-us/solutions/public/3000/600/sol3667.html?sr=392739 Aaron Regardiong this one, is there a way to add a default recipient email address? The example only says about per alert config: alert BIGIP_BIGPIPE_BP_CONFIGURATION_LOADED { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.28"; email toaddress="demo@askf5.com" fromaddress="root@bigip1.askf5.com" body="The test of this Solution worked!" } regards

As far as I'm aware, you need to configure each field individually for every alert definition. I think there are some variables available for the hostname of the unit, but after digging through old notes, I can't find any documentation of this. Does anyone else know how you can use a variable which is resolved to the hostname of the unit in the alert.conf file? Also, once you configure the alert.conf, make sure to back it up as I think it gets overwritten in upgrades. Aaron

Aaron, I just wanted to thank you for your helpful post. I was looking to do something similar to the original poster and your links were exactly what I needed. Thanks, d

I'd like to do the same thing. But how am I able to tell BigIP that a node is down?

Email notification of node/vs down

51 Replies

e71joy_25623
Nimbostratus
Sep 15, 2010
-----------------------------------------------------------------------------------------------

alert BIGIP_REVERSE_PROXY_DOWN "Pool member 192.168.1.1:8080 monitor status down." {

snmptrap OID=".1.2.6.1.4.1.3375.2.4.0.200";

email toaddress="joe@example.com,joe2@example.com"

fromaddress="BigIP@example.com"

body=""

}

-----------------------------------------------------------------------------------------------

above,how about calculating the OID NO,thank you very much!

if you have any suggestion,please let me now

e-mail:joy_yang@pegatroncorp.com

best regards

david
Hamish
Cirrocumulus
Sep 15, 2010
Well... If you don't want to workout what the OID will be, you could always watch the traps come out using tcpdump or wireshark or similar (tcpdump on the F5 linux host would be better, then transfer the dump file to something with wireshark on it). Find the trap for the event you want to alert for and copy the OID from it.

H
e71joy_25623
Nimbostratus
Sep 15, 2010
hi Hamish,

thanks.

by the way,how to do tcpdump?
Hamish
Cirrocumulus
Sep 15, 2010
On the linux host (i.e. ssh into the F5, or go in via the console for bash shell command line access) and type

tcpdump -i 0.0 -p -w /var/tmp/snmp_traps.dump -s 3000 port 162

Then that sits in the background putting a copy of all the packets that match the filter 'port 162' into the file /var/tmp/snmp_traps.dump (The -w parameter) without putting the interface into promiscuous mode (-p, although it's a bit of a moot point with the way the F5 packet capture works) and is listening on interface 0.0 (Which on f5 is a special ALL interfaces pseudo device).

Once a trap has been sent, ctrl-c the tcpdump, and copy the file off to where there's a copy of wireshark (tcpdump could do this for you as well, but unless you're familiar with it I'd recommend wireshark) and load the dumpfile. Find the trap and have a look at the OID that it was sent with.

H
e71joy_25623
Nimbostratus
Sep 15, 2010
hello Hamish,

I did it several times,but i didn't got anything,please help again,thanks!
Hamish
Cirrocumulus
Sep 16, 2010
You need to find whether the problem is with the traps not going out, or the tcpdump not capturing the packets. Is the file completely empty?

H
e71joy_25623
Nimbostratus
Sep 22, 2010
i traps several times for serveral minutes,but i got nothing and the file completely empty,would you please help me?

thanks!
e71joy_25623
Nimbostratus
Oct 11, 2010
Hello H,

I've done it several times for serveral minutes,but i got nothing and the file completely empty,would you please help me?

thank you very much!
lipos_54863
Nimbostratus
Nov 02, 2010
Is the how to apply o v10.2 as described for 9.x?
David_Dennison
Nimbostratus
Jul 28, 2012
Instead of mucking with syslog configs on the load balancer itself (which IMO this obvious request of an email alert when a node, pool, or critical event should never have to be implemented at a CLI level on each individual BIGIP box with the premimium people pay for F5 devices), try using SEC. Just parse the SNMP traps from the F5 box on the server running SEC to trigger the event you want...basically to see the trap...parse it...then shell out and email you of the event)...why this is still not a part of EM I do not know...