Forum Discussion
F5 iCall not working
Hi Team,
My iCall is not working in my setup. i am taking help of various online article and now exhausted. Please help !!!!!
=================================================
User -----------------VS (10.10.10.110) Pool Name PHP- member: lampio - 192.168.18.128:80
===============================================
Task: Create i call to check pool member is down and run packet capture.
Step 1: Created the alert:
===================================================================
[root@lab:Active:Standalone] config # cat user_alert.conf
alert local-http-192-168-18-128-80-DOWN "Pool/common/PHP /common/192.168.18.128:80 monitor status down" {
exec command="tmsh generate sys icall event tcpdump context { { name ip value 192.168.18.128 } { name port value 80 } { name vlan value servers } { name count value 20 } }"
}
==================================================================
Step 2: Setup the i call script
=======================================================================
modify script pool_down_script {
app-service none
definition {
exec tcpdump -ni servers -w /var/tmp/dhruv.pcap
}
description none
events none
=======================================================================
Step 3: Configure the handler
========================================
modify triggered pool_down {
script pool_down_script
subscriptions replace-all-with {
tcp-dump {
event-name tcp-dump
}
}
}
========================================
When i manually pull down the pool member, nothing happens and below is the output.
=======================================================================
root@(lab)(cfg-sync Standalone)(Active)(/Common)(tmos)# show sys icall
------------------------------------------------
Sys::iCall::Event Triggered Handler: pool_down
------------------------------------------------
Events matching filters 0
Events causing handler to run 0
Creation time 11/14/19 02:11:08
Current status active
Time since last status change 11/14/19 02:11:08
===================================================================
Kindly help...!!
Hi Dhruv,
I think your event name in the alert config file is wrong which is supposed to be called in the event handler.
For I call there are 3 items to be focused,
- Alert file event
- Script
- Handler
Well you have created those, but nevertheless I'll try to cover them again.
- Create an alert with below, remember to put the alert message with the right keywords.
alert myserver-down "Pool /Common/PHP member /Common/192.168.18.128:80 monitor status down" { exec command="tmsh generate sys icall event unique-tcpdump context { { name ip value 192.168.18.128 } { name port value 80 } { name vlan value servers } { name count value 20 } }" }
So basically when the LTM see's the logs of "Pool /Common/PHP member /Common/192.168.18.128:80 monitor status down", it will trigger the event unique-tcpdump. This event we have to call on the handler.
But before we move to the handler, we need the script 1st, because script will be called in the handler.
2. Create the script.
#tmsh create sys icall script pool_down_script
modify script pool_down_script { app-service none definition { exec tcpdump -ni servers -w /var/tmp/dhruv.pcap } description none events none
3. We create the handler,
#tmsh create sys icall handler triggered pool_down script pool_down_script subscriptions add { tcp-dump { event-name unique-tcpdump } }
Testing:
# logger -p local0.notice "Pool /Common/PHP member /Common/192.168.18.128:80 monitor status down"
Once you the above command is run, it will log on the ltm file.
Ultimately your alert event will be triggered. This will inturn put a log on the audit file - "generate sys icall event unique-tcpdump"
Thus once the handler is triggered, the script will be triggered too.
In your case, your alert event name and the handler event names dint match. Hope you got it.
Keep me posted.
Hi Dhruv,
I think your event name in the alert config file is wrong which is supposed to be called in the event handler.
For I call there are 3 items to be focused,
- Alert file event
- Script
- Handler
Well you have created those, but nevertheless I'll try to cover them again.
- Create an alert with below, remember to put the alert message with the right keywords.
alert myserver-down "Pool /Common/PHP member /Common/192.168.18.128:80 monitor status down" { exec command="tmsh generate sys icall event unique-tcpdump context { { name ip value 192.168.18.128 } { name port value 80 } { name vlan value servers } { name count value 20 } }" }
So basically when the LTM see's the logs of "Pool /Common/PHP member /Common/192.168.18.128:80 monitor status down", it will trigger the event unique-tcpdump. This event we have to call on the handler.
But before we move to the handler, we need the script 1st, because script will be called in the handler.
2. Create the script.
#tmsh create sys icall script pool_down_script
modify script pool_down_script { app-service none definition { exec tcpdump -ni servers -w /var/tmp/dhruv.pcap } description none events none
3. We create the handler,
#tmsh create sys icall handler triggered pool_down script pool_down_script subscriptions add { tcp-dump { event-name unique-tcpdump } }
Testing:
# logger -p local0.notice "Pool /Common/PHP member /Common/192.168.18.128:80 monitor status down"
Once you the above command is run, it will log on the ltm file.
Ultimately your alert event will be triggered. This will inturn put a log on the audit file - "generate sys icall event unique-tcpdump"
Thus once the handler is triggered, the script will be triggered too.
In your case, your alert event name and the handler event names dint match. Hope you got it.
Keep me posted.
Hi Dhruv,
Can you try this in alert.conf?
alert local-http-192-168-18-128-80-DOWN "(.*) Pool /Common/PHP member /Common/192.168.18.128:80 monitor status down." { exec command="tmsh generate sys icall event tcpdump context { { name ip value 192.168.18.128 } { name port value 80 } { name vlan value servers } { name count value 20 } }" }
and restart service.
tmsh restart sys service alertd
- Dhruv_SharmaNimbostratus
Hi,
Thank you for your response. Unfortunately, it didn't helped. I am clueless. When i manually pull down the pool member, logs are generated in the var/ltm logs. But i do not see any logs for icall, nor in messages or in var/tmp/script.log. I am not sure where to start troubleshooting.
Log Messages:
=====================================================================================
Nov 18 01:35:56 notice mcpd[7064]: 01070638:5: Pool /Common/PHP member /Common/lampio:80 monitor status down. [ /Common/http: down; last error: /Common/http: Host is unreachable.; Unable to connect @2019/11/18 01:35:56. ] [ was up for 0hr:13mins:35sec ]
Nov 18 01:35:56 notice mcpd[7064]: 01071682:5: SNMP_TRAP: Virtual /Common/OB-Server has become unavailable
Nov 18 01:35:56 notice mcpd[7064]: 01071912:5: Virtual Address /Common/10.10.10.111 general status changed from BLUE to RED.
Nov 18 01:35:56 notice mcpd[7064]: 01071913:5: Virtual Address /Common/10.10.10.111 monitor status changed from UNCHECKED to DOWN.
Nov 18 01:35:56 err tmm1[16370]: 01010028:3: No members available for pool /Common/PHP
Nov 18 01:35:56 err tmm[16370]: 01010028:3: No members available for pool /Common/PHP
Nov 18 01:38:30 notice tmm[16370]: 01010029:5: Clock advanced by 489 ticks
==========================================================================================
root-cfg-sync Standalone)(Active)(/Common)(tmos)# show sys icall
------------------------------------------------
Sys::iCall::Event Triggered Handler: pool_down
------------------------------------------------
Events matching filters 0
Events causing handler to run 0
Creation time 11/14/19 02:11:08
Current status active
Time since last status change 11/14/19 02:11:08
==================================================
Regards,
Hi,
alert local-http-192-168-18-128-80-DOWN "(.*) Pool /Common/PHP member /Common/lampio:80 monitor status down(.*)" { exec command="tmsh generate sys icall event tcpdump context { { name ip value 192.168.18.128 } { name port value 80 } { name vlan value servers } { name count value 20 } }" }
- Dhruv_SharmaNimbostratus
Hi,
This doesn't work either.
- output.
=================================================================
root@(n)(cfg-sync Standalone)(Active)(/Common)(tmos)# show sys icall
------------------------------------------------
Sys::iCall::Event Triggered Handler: pool_down
------------------------------------------------
Events matching filters 0
Events causing handler to run 0
Creation time 11/14/19 02:11:08
Current status active
Time since last status change 11/14/19 02:11:08
--------------------------------------------------------------
Sys::iCall::Publisher
--------------------------------------------------------------
Publisher Event Context
failover FAILOVER_STATE /Common/traffic-group-1
========================================================
2. Message logs
Nov 18 03:53:10 nbs notice mcpd[7064]: 01071682:5: SNMP_TRAP: Virtual /Common/OB-Server has become unavailable
Nov 18 03:53:10 nbs notice mcpd[7064]: 01071912:5: Virtual Address /Common/10.10.10.111 general status changed from GREEN to RED.
Nov 18 03:53:10 nbs notice mcpd[7064]: 01071913:5: Virtual Address /Common/10.10.10.111 monitor status changed from UP to DOWN.
Nov 18 03:53:11 nbs err tmm[16370]: 01010028:3: No members available for pool /Common/PHP
Nov 18 03:53:11 nbs err tmm1[16370]: 01010028:3: No members available for pool /Common/PHP
I wonder, why there are no logs for the activity.
Regards,
- Dhruv_SharmaNimbostratus
Thank you !! it worked !!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com