Forum Discussion
bsb
Nimbostratus
NimbostratusiRule to trigger email for captured logs
team, have an iRule for capturing logs which works as expected. now i would like to send the log which was captured with commment.
irule used
when CLIENT_ACCEPTED { if { not [class match [IP::client_addr] equals datagrid] } { log local0. "Rejecting this request [IP::client_addr] " reject } }
requirement is to send the message "Rejecting this request [IP::client_addr] " via mail.
tried with test mail like below case including in above iRule, but didnt succeed. echo "ssmtp test mail" | mail -vs "Rejecting this request [IP::client_addr] " myemail@mydomain.com
jaikumar_f5MVP
Have you configured your bigip to send locally generated mails. Refer - Article
bsbyes, its already configured and works well for all VIP (up/down/disable/enabled), also other device parameters.
- nitass
Employee
yes, its already configured and works well for all VIP (up/down/disable/enabled), also other device parameters.
can you post the /config/user_alert.conf?
- bsb
alert BIGIP_SYSTEM_CHECK_E_CPU_TEMP_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.4"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device CPU Temp too high Alert" } alert BIGIP_SYSTEM_CHECK_E_CPU_FAN_SPEED_LOW { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.5"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device CPU fan too slow Alert" } alert BIGIP_SYSTEM_CHECK_E_CPU_FAN_SPEED_BAD { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.6"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device CPU fan bad Alert" } alert BIGIP_SYSTEM_CHECK_E_CHASSIS_TEMP_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.7"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device detected Chassis temperature too high Alert" } alert BIGIP_SYSTEM_CHECK_E_CHASSIS_FAN_BAD { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.8"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device detected Chassis fan failure Alert" } alert BIGIP_SYSTEM_CHECK_E_CHASSIS_POWER_BAD { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.9"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device detected Chassis power supply failure Alert" } alert BIGIP_SOD_SODERR_SOD_STANDBY { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.14"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Unit going standby Alert" } alert BIGIP_SOD_SODERR_SOD_ACTIVE { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.15"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Unit going Active Alert" } alert BIGIP_AUTH_FAIL { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.27"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Login Failure Alert" } alert BIGIP_SYSTEM_CHECK_E_AOM_CPU_TEMP_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.93"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Air temperature near host F5_LTM_Device CPU is too high Alert" } alert BIGIP_SYSTEM_CHECK_E_TEMP_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.113"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Temperature too high Alert" } alert BIGIP_SYSTEM_CHECK_E_VOLT_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.114"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Voltage too high Alert" } alert BIGIP_SYSTEM_CHECK_E_FAN_SPEED_LOW { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.115"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Fan speed too low Alert" } alert BIGIP_SYSTEM_CHECK_E_VOLT_LOW { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.123"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Voltage too low Alert" } alert BIGIP_SYSTEM_CHECK_E_MILLI_VOLT_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.124"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Milli-voltage too high Alert" } alert BIGIP_SYSTEM_CHECK_E_CURRENT_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.125"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Current too high Alert" } alert BIGIP_SYSTEM_CHECK_E_POWER_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.126"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Power too high Alert" } alert BIGIP_SYSTEM_CHECK_E_MILLI_VOLT_LOW { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.127"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Milli-voltage too low Alert" } alert BIGIP_SYSTEM_CHECK_E_CURRENT_LOW { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.128"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Current too low Alert" } alert BIGIP_SYSTEM_CHECK_E_POWER_LOW { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.129"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Power too low Alert" } alert BIGIP_MCPD_MCPDERR_VIRTUAL_AVAIL { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.135"; email toaddress="xxx@xxx.com,pnmoorthy@infosys.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Alert" } alert BIGIP_MCPD_MCPDERR_VIRTUAL_UNAVAIL { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.136"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Alert" } alert BIGIP_MCPD_MCPDERR_VIRTUAL_ENABLED { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.137"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Alert" } alert BIGIP_MCPD_MCPDERR_VIRTUAL_DISABLED { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.138"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Alert" } alert BIGIP_LIBHAL_CHASSIS_PS_IS_POWERED_ON { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.147"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Power supply powered on Alert" } alert BIGIP_LIBHAL_CHASSIS_PS_IS_POWERED_OFF { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.148"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Power supply powered off Alert" } alert BIGIP_SYS_SHUTDOWN { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.151"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Shutting down Alert" }
- nitass
where is the alert definition for the reject log (Rejecting this request [IP::client_addr])? did i misunderstand something?
- jaikumar_f5
@Saravanan,
You are required to add new snmp trap in the alert conf file. Refer this article and configure your log string. something like below, but i'm not sure of the ip:port logic, does it need regex.
alert Reject_request_alert "Rejecting this request (%s:%d) " { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.301"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Rejecting this request (%s:%d)" }I referred the /etc/httpd/run/bigip_error_maps.dat file, so the above should be okay.
nitass_89166Noctilucent
yes, its already configured and works well for all VIP (up/down/disable/enabled), also other device parameters.
can you post the /config/user_alert.conf?
- bsb
alert BIGIP_SYSTEM_CHECK_E_CPU_TEMP_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.4"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device CPU Temp too high Alert" } alert BIGIP_SYSTEM_CHECK_E_CPU_FAN_SPEED_LOW { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.5"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device CPU fan too slow Alert" } alert BIGIP_SYSTEM_CHECK_E_CPU_FAN_SPEED_BAD { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.6"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device CPU fan bad Alert" } alert BIGIP_SYSTEM_CHECK_E_CHASSIS_TEMP_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.7"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device detected Chassis temperature too high Alert" } alert BIGIP_SYSTEM_CHECK_E_CHASSIS_FAN_BAD { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.8"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device detected Chassis fan failure Alert" } alert BIGIP_SYSTEM_CHECK_E_CHASSIS_POWER_BAD { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.9"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device detected Chassis power supply failure Alert" } alert BIGIP_SOD_SODERR_SOD_STANDBY { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.14"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Unit going standby Alert" } alert BIGIP_SOD_SODERR_SOD_ACTIVE { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.15"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Unit going Active Alert" } alert BIGIP_AUTH_FAIL { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.27"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Login Failure Alert" } alert BIGIP_SYSTEM_CHECK_E_AOM_CPU_TEMP_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.93"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Air temperature near host F5_LTM_Device CPU is too high Alert" } alert BIGIP_SYSTEM_CHECK_E_TEMP_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.113"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Temperature too high Alert" } alert BIGIP_SYSTEM_CHECK_E_VOLT_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.114"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Voltage too high Alert" } alert BIGIP_SYSTEM_CHECK_E_FAN_SPEED_LOW { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.115"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Fan speed too low Alert" } alert BIGIP_SYSTEM_CHECK_E_VOLT_LOW { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.123"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Voltage too low Alert" } alert BIGIP_SYSTEM_CHECK_E_MILLI_VOLT_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.124"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Milli-voltage too high Alert" } alert BIGIP_SYSTEM_CHECK_E_CURRENT_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.125"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Current too high Alert" } alert BIGIP_SYSTEM_CHECK_E_POWER_HIGH { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.126"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Power too high Alert" } alert BIGIP_SYSTEM_CHECK_E_MILLI_VOLT_LOW { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.127"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Milli-voltage too low Alert" } alert BIGIP_SYSTEM_CHECK_E_CURRENT_LOW { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.128"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Current too low Alert" } alert BIGIP_SYSTEM_CHECK_E_POWER_LOW { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.129"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Power too low Alert" } alert BIGIP_MCPD_MCPDERR_VIRTUAL_AVAIL { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.135"; email toaddress="xxx@xxx.com,pnmoorthy@infosys.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Alert" } alert BIGIP_MCPD_MCPDERR_VIRTUAL_UNAVAIL { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.136"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Alert" } alert BIGIP_MCPD_MCPDERR_VIRTUAL_ENABLED { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.137"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Alert" } alert BIGIP_MCPD_MCPDERR_VIRTUAL_DISABLED { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.138"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Alert" } alert BIGIP_LIBHAL_CHASSIS_PS_IS_POWERED_ON { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.147"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Power supply powered on Alert" } alert BIGIP_LIBHAL_CHASSIS_PS_IS_POWERED_OFF { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.148"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Power supply powered off Alert" } alert BIGIP_SYS_SHUTDOWN { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.151"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Device F5_LTM_Device Shutting down Alert" }
- nitass_89166
where is the alert definition for the reject log (Rejecting this request [IP::client_addr])? did i misunderstand something?
- jaikumar_f5
@Saravanan,
You are required to add new snmp trap in the alert conf file. Refer this article and configure your log string. something like below, but i'm not sure of the ip:port logic, does it need regex.
alert Reject_request_alert "Rejecting this request (%s:%d) " { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.301"; email toaddress="xxx@xxx.com" fromaddress="yyy@yyy.com" body="Rejecting this request (%s:%d)" }I referred the /etc/httpd/run/bigip_error_maps.dat file, so the above should be okay.
- nitass
this is mine.
// config [root@ve13a:Active:In Sync] config cat user_alert.conf alert TEST "Rejecting this request (.*)" { email toaddress= fromaddress="root@bigip.local" body="The test of this Solution worked!" } // log [root@ve13a:Active:In Sync] config tail /var/log/ltm Dec 29 18:42:49 ve13a info root: Rejecting this request 1.2.3.4 // email -----Original Message----- From: root@bigip.local [mailto:root@bigip.local] Sent: Friday, December 29, 2017 6:43 PM To: Subject: Rejecting this request 1.2.3.4 The test of this Solution worked!- bsb
wonderful, it worked. thanks. so alert TEST "Rejecting this request (.*)" checks the log file with string starting with "rejecting"
- bsb
@jaikumar_f5 I had a query in one of the post which you posted, not sure how to route this question directly to you, posted in forum with subnet " Fetch all details about VS, POOLS, Nodes, etc.", could you please guide on that.
- nitass_89166
this is mine.
// config [root@ve13a:Active:In Sync] config cat user_alert.conf alert TEST "Rejecting this request (.*)" { email toaddress= fromaddress="root@bigip.local" body="The test of this Solution worked!" } // log [root@ve13a:Active:In Sync] config tail /var/log/ltm Dec 29 18:42:49 ve13a info root: Rejecting this request 1.2.3.4 // email -----Original Message----- From: root@bigip.local [mailto:root@bigip.local] Sent: Friday, December 29, 2017 6:43 PM To: Subject: Rejecting this request 1.2.3.4 The test of this Solution worked!- bsb
wonderful, it worked. thanks. so alert TEST "Rejecting this request (.*)" checks the log file with string starting with "rejecting"
- bsb
@jaikumar_f5 I had a query in one of the post which you posted, not sure how to route this question directly to you, posted in forum with subnet " Fetch all details about VS, POOLS, Nodes, etc.", could you please guide on that.