F5 iCall not working
- Nov 18, 2019
Hi Dhruv,
I think your event name in the alert config file is wrong which is supposed to be called in the event handler.
For I call there are 3 items to be focused,
- Alert file event
- Script
- Handler
Well you have created those, but nevertheless I'll try to cover them again.
- Create an alert with below, remember to put the alert message with the right keywords.
alert myserver-down "Pool /Common/PHP member /Common/192.168.18.128:80 monitor status down" { exec command="tmsh generate sys icall event unique-tcpdump context { { name ip value 192.168.18.128 } { name port value 80 } { name vlan value servers } { name count value 20 } }" }
So basically when the LTM see's the logs of "Pool /Common/PHP member /Common/192.168.18.128:80 monitor status down", it will trigger the event unique-tcpdump. This event we have to call on the handler.
But before we move to the handler, we need the script 1st, because script will be called in the handler.
2. Create the script.
#tmsh create sys icall script pool_down_script
modify script pool_down_script { app-service none definition { exec tcpdump -ni servers -w /var/tmp/dhruv.pcap } description none events none
3. We create the handler,
#tmsh create sys icall handler triggered pool_down script pool_down_script subscriptions add { tcp-dump { event-name unique-tcpdump } }
Testing:
# logger -p local0.notice "Pool /Common/PHP member /Common/192.168.18.128:80 monitor status down"
Once you the above command is run, it will log on the ltm file.
Ultimately your alert event will be triggered. This will inturn put a log on the audit file - "generate sys icall event unique-tcpdump"
Thus once the handler is triggered, the script will be triggered too.
In your case, your alert event name and the handler event names dint match. Hope you got it.
Keep me posted.