For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

smp_86112's avatar
smp_86112
Icon for Cirrostratus rankCirrostratus
Apr 16, 2014

Generic log levels in alertd.conf (v11)

I was hoping someone could help me understand where these directives in the /etc/alertd/alertd.conf come from. It seems that they do what I would expect, which is send trap on every message of the co...
management
Mike_Kahler_488's avatar
Mike_Kahler_488
Historic F5 Account
Apr 16, 2014

Hmm. Never really looked at the exact regex in the alert. My guess is that the trap looks for any map number of priority x as denoted after the :x: and as designated as the standard syslog log levels. So for the 1st example:

 

"^[0-9a-f]{8}:0: (.*)"

 

Would be log level 0 which is Emergency.

 

Log levels are listed in the .map files and the F5 device will log this as a log level number after the colon. For example:

 

err tmm3[9818]: 01010221:3:

 

is log level Error as denoted by :3:

 

Mike_Kahler_488's avatar
Mike_Kahler_488
Historic F5 Account
Apr 16, 2014
I believe the BIGIP_LOG_* traps in alert.conf are commented out. They were meant to be used as a catch all for alerts that were not defined. So I think they are irrelevant. The alerts defined in user_alert.conf have a higher priority than alert.conf. I am a little surprised that the map name would match the log. Perhaps the map number has a direct relationship with the string. But if this works for you and is your intent, then the map name should be good enough.