login to OWA and alert if failed..

Hi Barry,

 

 

Can you clarify what you are actually trying to accomplish?

 

 

Are you trying to detect brute force attacks against the app?

 

 

Or are you trying to monitor an OWA server to see if a login attempt with valid credentials fails?

 

 

Do you want LTM to initiate the traffic or monitor live traffic?

 

 

What authentication method(s) are you using with OWA (basic auth, NTLM, etc)?

 

 

Thanks,

 

Aaron

i am trying to get LTM to initiate a login attempt with valid credentials on MS exchange forms base to check to see if the server is up and running.

 

Thanks for the quick responce.

 

 

Barry

Which authentication methods does the server accept? Basic auth would be simple to do in a standard HTTP or HTTPS monitor. NTLM auth would require using an external monitor.

 

 

Either option would allow you to set up an email alert based on the pool failing. Here is a post which covers both monitor options:

 

 

HTTP Monitor that follows redirects

 

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=32&tpage=1&view=topic&postid=56552

 

 

And a post which describes how to configue alertd to send an email for an alert:

 

 

Email notification of node/vs down

 

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=31&tpage=1&view=topic&postid=20167

 

 

 

First, you'd want to associate a monitor on the pool. Then you need to configure postfix to send mail remotely. And then configure alertd to send email. There are a few related solutions on AskF5 that you can use as a guide for this:

 

 

SOL3667: Configuring SNMP trap alerts to send email notifications

 

https://support.f5.com/kb/en-us/solutions/public/3000/600/sol3667.html?sr=392739

 

 

SOL3664: Configuring BIG-IP to deliver locally-generated email messages

 

https://support.f5.com/kb/en-us/solutions/public/3000/600/sol3664.html

 

 

And if you want to generate a message based on a custom log event, refer to SOL3727:

 

 

SOL3727: Configuring custom SNMP traps

 

https://support.f5.com/kb/en-us/solutions/public/3000/700/sol3727.html

 

 

 

 

Aaron

thanks very much it worked perfectly. I do have one more question in more like best practice. We presently have 2 ltm f5 boxes and was wondering if i should just change one of the boxes over to do the alertd notifacations or should we configure both boxes?

 

 

again i thank you for all the great help.

It's always a good idea to have the same config for both units in a redundant pair to ensure a config sync from one unit to the other works and doesn't overwrite the changes you make. It's also good to have the same config in case one unit becomes unavailable. For monitors, the standby unit needs to know the pool member status from it's own place in the network. So I'd suggest enabling the monitoring and alerting from both units. If "duplicate" emails are a problem, maybe you could filter them on the host that receives them.

 

 

Aaron