Forum Discussion

Fabrizio1366's avatar
Fabrizio1366
Icon for Altostratus rankAltostratus
May 17, 2023

F5 Send email and snmp trap from LTM log event

Hello Guys,

I would like to send email and snmp trap with ltm log event "HA Connection with peer %la:%d for traffic-group %s lost". I tried to set custom alert on /config/user_alert.conf and try to trig the event with the logger command but nothing occurs. Email alerts are working for certificate expire. So I don't understand what's wrong. Thanks for help.

I gone through these KB:

https://my.f5.com/manage/s/article/K15521451

https://my.f5.com/manage/s/article/K11127

https://my.f5.com/manage/s/article/K3667

https://my.f5.com/manage/s/article/K3727

https://my.f5.com/manage/s/article/K13180

https://my.f5.com/manage/s/article/K3667

https://my.f5.com/manage/s/article/K72087447

 

CONF.

cat /var/run/bigip_error_maps.dat | grep "HA Connection with peer"

0 LOG_ERR       01340002 BIGIP_HA_HAERR_CONNECTION_LOST "HA Connection with peer %la:%d for traffic-group %s lost."

alert BIGIP_HA_HAERR_CONNECTION_LOST "01340002:3: HA Connection with peer (.*) for traffic-group-1 lost." {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.302";
email toaddress="fabrizio.crestani@esterni.bancaditalia.it"
fromaddress="cdm-edget-lb01@utenze.bankit.it"
body="HA Connection with peer lost from cdm-edget-lb01.utenze.bankit.it"
}

logger -p local0.notice "HA Connection with peer test for traffic-group-1 lost."

May 12 11:43:12 cdm-edget-lb01.utenze.bankit.it notice keli078[28683]: HA Connection with peer test for traffic-group-1 lost.

  • Hello JRahm,

    thank you for the reply. I was using an incorrect alert description on file user_alert.conf, I set "BIGIP_HA_HAERR_CONNECTION_LOST "HA Connection with peer %la:%d for traffic-group %s lost." from /var/run/bigip_error_maps.dat file and it worked. I used "(.*) for traffic-group-1 lost" that didn't match with specific alert.

    Thank you for support.

    Have a nice day.

    Bye

  • Hi Fabrizio1366,

    I'm not sure if your fromaddress is the same on both alerts, but if so this likely doesn't matter, but if not, since you are using a non-default fromaddress, you need to configure the RewriteDomain and FromLineOverride

    Have you tried removing the leading "01340002:3: " from your match? If you kick off a test message with the logger command, what are you seeing?

  • Hello JRahm,

    thank you for the reply. I was using an incorrect alert description on file user_alert.conf, I set "BIGIP_HA_HAERR_CONNECTION_LOST "HA Connection with peer %la:%d for traffic-group %s lost." from /var/run/bigip_error_maps.dat file and it worked. I used "(.*) for traffic-group-1 lost" that didn't match with specific alert.

    Thank you for support.

    Have a nice day.

    Bye