Forum Discussion
nitass_89166
Noctilucent
But what I don't understand is why BIGIP_LOG_EMERG also works when that is not predefined.
isn't it predefined in /etc/alertd/alert.conf?
[root@ve11a:Active:In Sync] config grep BIGIP_LOG_EMERG /etc/alertd/alert.conf
alert BIGIP_LOG_EMERG "^[0-9a-f]{8}:0: (.*)" {
The first line of an alert definition may also optionally contain the match string, as in this example, which uses a regular expression to catch all local authentication failure log messages:
alert BIGIP_AUTH_FAIL "FAILED LOGIN (.*) FROM (.*) FOR (.*), Authentication failure" {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.27"
}
If, as in our original example, the match string is not defined in the alert definition itself, you can find it in the /var/tmpfs/run/bigip_error_maps.dat by searching for the alert name with this command:
grep BIGIP_MCPD_MCPDERR_POOL_MEMBER_MON_STATUS /var/tmpfs/run/bigip_error_maps.dat
Custom SNMP Traps by Deb Allen
https://devcentral.f5.com/articles/custom-snmp-traps.U1UeC1dhcdUnitass_89166
Apr 21, 2014Noctilucent
i understand matching string can be defined in either /etc/alertd/*.h or /etc/alertd/alert.conf file. BIGIP_MCPD_MCPDERR_POOL_MEMBER_MON_STATUS is defined in /etc/alertd/bigip_mcpd_error_maps.h) but BIGIP_LOG_EMERG is defined in /etc/alertd/alert.conf. i do not know the underlying reason why they all are not defined in maps file (/etc/alertd/*.h).