Forum Discussion

dubdub's avatar
dubdub
Icon for Nimbostratus rankNimbostratus
Sep 15, 2011

How to set the priority of a custom SNMP trap?

One of my users would like to receive notifications of pool member status changes through a third-party monitoring suite we have installed here (not via email, unfortunately). I currently have my LTMs configured to send all warning and higher messages to a single syslog server, which is working well.

After doing some poking around and reading Deb's excellent article at http://devcentral.f5.com/Default.as...icleId=256, I think I can set up some custom SNMP traps to trigger on the specific pool member changes. Where I'm getting a little lost is how to get these messages to my syslog. Since my base syslog configuration is set for warnings and higher, and pool member status changes are logged as notice-level events, how can I get these events through to my syslog? I don't want to drop my entire LTM logging level to notice, that will be way too much noise. Is there some way in the following block to indicate a priority?


alert BIGIP_MCPD_MCPDERR_POOL_MEMBER_MON_STATUS_server "Pool member 10.0.0.1:80 monitor status (.*?)." {
   snmptrap OID="1.3.6.1.4.1.3375.2.4.0.300" 
}

I'm running 10.2.2. HF1. Once I get these events in my syslog, I can manage communicating it the rest of the way to the monitoring suite.

Thanks,

Jen

management
monitoring
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Sep 15, 2011
    i'm a bit confused. what do you want? is it syslog message or snmp trap?

     

     

    if it's syslog message, why are you looking at alert definition?
  • dubdub's avatar
    dubdub
    Icon for Nimbostratus rankNimbostratus
    Sep 16, 2011
    I apologize for the confusion, let me try again...

     

     

    I want to get a pool member status change message to my syslog server. It looks like those are currently logged as notice-level events. My syslog configuration on my LTMs is not set to let notice messages through. How can I get the pool member status change messages (for a specific set of pool members) to my syslog server without opening the floodgates of all notice-level events?

     

     

    i.e. can I change the priority to "warning" for just a couple of pool members?

     

     

    Thanks,

     

    Jen
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Sep 16, 2011

    can u try copy and paste? btw, pls feel free to revise.

     

     

    b syslog include '"

     

    destination remote_server {

     

    udp(\"192.168.206.96\" port (514));

     

    };

     

    filter f_error_emerg {

     

    level(error...emerg) or

     

    (level(notice) and match(\"01070638:5:\"));

     

    };

     

    log {

     

    source(local);

     

    filter(f_error_emerg);

     

    destination(remote_server);

     

    };"'

     

     

  • dubdub's avatar
    dubdub
    Icon for Nimbostratus rankNimbostratus
    Sep 20, 2011
    Sorry for the delay in replying - my test LTM was unavailable for a bit. I tried it this morning and it worked great! Thanks, nitass!

     

     

    Thanks,

     

    Jen