Forum Discussion
Fabrizio1366
Altostratus
AltostratusF5 Send email and snmp trap from LTM log event
Hello Guys,
I would like to send email and snmp trap with ltm log event "HA Connection with peer %la:%d for traffic-group %s lost". I tried to set custom alert on /config/user_alert.conf and try to trig the event with the logger command but nothing occurs. Email alerts are working for certificate expire. So I don't understand what's wrong. Thanks for help.
I gone through these KB:
https://my.f5.com/manage/s/article/K15521451
https://my.f5.com/manage/s/article/K11127
https://my.f5.com/manage/s/article/K3667
https://my.f5.com/manage/s/article/K3727
https://my.f5.com/manage/s/article/K13180
https://my.f5.com/manage/s/article/K3667
https://my.f5.com/manage/s/article/K72087447
CONF.
cat /var/run/bigip_error_maps.dat | grep "HA Connection with peer"
0 LOG_ERR 01340002 BIGIP_HA_HAERR_CONNECTION_LOST "HA Connection with peer %la:%d for traffic-group %s lost."
alert BIGIP_HA_HAERR_CONNECTION_LOST "01340002:3: HA Connection with peer (.*) for traffic-group-1 lost." {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.302";
email toaddress="fabrizio.crestani@esterni.bancaditalia.it"
fromaddress="cdm-edget-lb01@utenze.bankit.it"
body="HA Connection with peer lost from cdm-edget-lb01.utenze.bankit.it"
}
logger -p local0.notice "HA Connection with peer test for traffic-group-1 lost."
May 12 11:43:12 cdm-edget-lb01.utenze.bankit.it notice keli078[28683]: HA Connection with peer test for traffic-group-1 lost.
Hello JRahm,
thank you for the reply. I was using an incorrect alert description on file user_alert.conf, I set "BIGIP_HA_HAERR_CONNECTION_LOST "HA Connection with peer %la:%d for traffic-group %s lost." from /var/run/bigip_error_maps.dat file and it worked. I used "(.*) for traffic-group-1 lost" that didn't match with specific alert.
Thank you for support.
Have a nice day.
Bye
- JRahm
Admin
Hi Fabrizio1366,
I'm not sure if your fromaddress is the same on both alerts, but if so this likely doesn't matter, but if not, since you are using a non-default fromaddress, you need to configure the RewriteDomain and FromLineOverride.
Have you tried removing the leading "01340002:3: " from your match? If you kick off a test message with the logger command, what are you seeing?
Fabrizio1366Hello JRahm,
thank you for the reply. I was using an incorrect alert description on file user_alert.conf, I set "BIGIP_HA_HAERR_CONNECTION_LOST "HA Connection with peer %la:%d for traffic-group %s lost." from /var/run/bigip_error_maps.dat file and it worked. I used "(.*) for traffic-group-1 lost" that didn't match with specific alert.
Thank you for support.
Have a nice day.
Bye
