For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Fabrizio1366's avatar
Fabrizio1366
Icon for Altostratus rankAltostratus
May 17, 2023
Solved

F5 Send email and snmp trap from LTM log event

Hello Guys,

I would like to send email and snmp trap with ltm log event "HA Connection with peer %la:%d for traffic-group %s lost". I tried to set custom alert on /config/user_alert.conf and try to trig the event with the logger command but nothing occurs. Email alerts are working for certificate expire. So I don't understand what's wrong. Thanks for help.

I gone through these KB:

https://my.f5.com/manage/s/article/K15521451

https://my.f5.com/manage/s/article/K11127

https://my.f5.com/manage/s/article/K3667

https://my.f5.com/manage/s/article/K3727

https://my.f5.com/manage/s/article/K13180

https://my.f5.com/manage/s/article/K3667

https://my.f5.com/manage/s/article/K72087447

 

CONF.

cat /var/run/bigip_error_maps.dat | grep "HA Connection with peer"

0 LOG_ERR       01340002 BIGIP_HA_HAERR_CONNECTION_LOST "HA Connection with peer %la:%d for traffic-group %s lost."

alert BIGIP_HA_HAERR_CONNECTION_LOST "01340002:3: HA Connection with peer (.*) for traffic-group-1 lost." {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.302";
email toaddress="fabrizio.crestani@esterni.bancaditalia.it"
fromaddress="cdm-edget-lb01@utenze.bankit.it"
body="HA Connection with peer lost from cdm-edget-lb01.utenze.bankit.it"
}

logger -p local0.notice "HA Connection with peer test for traffic-group-1 lost."

May 12 11:43:12 cdm-edget-lb01.utenze.bankit.it notice keli078[28683]: HA Connection with peer test for traffic-group-1 lost.

application delivery
  • Fabrizio1366's avatar
    Fabrizio1366
    May 30, 2023

    Hello JRahm,

    thank you for the reply. I was using an incorrect alert description on file user_alert.conf, I set "BIGIP_HA_HAERR_CONNECTION_LOST "HA Connection with peer %la:%d for traffic-group %s lost." from /var/run/bigip_error_maps.dat file and it worked. I used "(.*) for traffic-group-1 lost" that didn't match with specific alert.

    Thank you for support.

    Have a nice day.

    Bye

2 Replies

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    May 25, 2023

    Hi Fabrizio1366,

    I'm not sure if your fromaddress is the same on both alerts, but if so this likely doesn't matter, but if not, since you are using a non-default fromaddress, you need to configure the RewriteDomain and FromLineOverride

    Have you tried removing the leading "01340002:3: " from your match? If you kick off a test message with the logger command, what are you seeing?

  • Fabrizio1366's avatar
    Fabrizio1366
    Icon for Altostratus rankAltostratus
    May 30, 2023

    Hello JRahm,

    thank you for the reply. I was using an incorrect alert description on file user_alert.conf, I set "BIGIP_HA_HAERR_CONNECTION_LOST "HA Connection with peer %la:%d for traffic-group %s lost." from /var/run/bigip_error_maps.dat file and it worked. I used "(.*) for traffic-group-1 lost" that didn't match with specific alert.

    Thank you for support.

    Have a nice day.

    Bye