Looking to create an alert monitor when a specific user creates, modifies, and/or deletes an object

Question

Hey Community,&nbsp;I am looking to configure an alert that sends an email when a specific user creates, modifies, and/or deletes an object. I found this page:&nbsp;https://support.f5.com/csp/article/K30371285&nbsp;I found this code on the page:&nbsp;alert &lt;filter_name&gt; "object (.*) - create" {email toaddress="&lt;email address&gt;"fromaddress="&lt;bigip user&gt;"body="&lt;text message&gt;"&nbsp;}&nbsp;alert &lt;filter_name&gt; "object (.*) - obj_delete" {email toaddress="&lt;email address&gt;"fromaddress="&lt;bigip user&gt;"body="&lt;text message&gt;"&nbsp;}&nbsp;alert &lt;filter_name&gt; "object (.*) - modify" {email toaddress="&lt;email address&gt;"fromaddress="&lt;bigip user&gt;"body="&lt;text message&gt;"}&nbsp;And it works but it always sends an email when any user makes a change. Just wondering if there is a way to tweak this so i don't receive emails when admin or root makes changes etc....

jg · Answer

You can use the respective regex as follows:^((?!.*user (admin|root) -.*).)*object (.*) - modify.*$
^((?!.*user (admin|root) -.*).)*object (.*) - create.*$
^((?!.*user (admin|root) -.*).)*object (.*) - obj_delete.*$.This could be resource intensive, though.

Forum Discussion

Looking to create an alert monitor when a specific user creates, modifies, and/or deletes an object

Recent Discussions

Statistics ›› Analytics : HTTP : Overview

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

Related Content

Create a DevCentral account

iRule to modify a content-security-policy header

Installing and Locking a Specific Version of F5 NGINX Plus

Create F5 BIG-IP Next Instance on Proxmox Virtual Environment

modified domain cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS