Forum Discussion
Ferg_104721
Nimbostratus
NimbostratusOTP Email Setup
Hi,
I am going a little crazy here, I am tryng out the email option for the otp setup:
https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086432/One-Time-Passwords-via-an-SMS-Gateway-with-BIG-IP-Access-Policy-Manager.aspx
I have altered the bash a little for me needs, as I need the user email to send the request. I am sending the email to a smtp server which sends to a sms provider who sms's me.
I know the command works manually (tseted it), but i can see that the grep otp is not catching from the tail. My log gets a lot of traffic.
Any suggestions?
OTP.sh
!/bin/bash
while true
do
tail-n0 -f /var/log/ltm | grep OTP | while read line
do
var2="echo $line | grep otp | awk -F'[,]' '{ print $2 }'"
var3="echo $line | grep otp | awk -F'[,]' '{ print $3 }'"
var4="echo $line | grep otp | awk -F'[,]' '{ print $4 }'"
var6="echo $line | grep otp | awk -F'[,]' '{ print $6 }'"
if [ "$var3" = "otp" -a -n "$var4" ]; then
echo Sending pin $var4 to $var2
echo One Time Password is $var4 | mail $var6@onlinesms.com -- -f $var2
fi
done
done
5 Replies
hoolioCirrostratus
Hi Ferg,
Do you have a space between tail and -n0? Do you get any output from the script for $2, $3, $5 or $6?
Aaron
Ferg_104721Hi Aaron
Yes I have a space between tail and -n0, I have been unable to get an variable output. I have been thinking extremes like
https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1084377/Writing-to-and-rotating-custom-log-files.aspx
but this really should work- Ferg_104721OK i think i know what the issue is, my bash script is not monitoring the log (as i can run it manually), so I have created a custom log and all I need to know now is how to make my script monitor continually. I have installed the script in /config at the moment. any thoughts.
- hoolioHi Ferg,
I think it would be more effective to configure an alertd script in the /config/user_alert.conf file to trigger the email. You can check this post for details:
https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/44/aft/1178752/showtab/groupforums/Default.aspx1227184
Aaron - Ferg_104721I have asked for approval to add this comment to the OTP link but i put it here also incase its not approved.
Hi,
I would like to add some additional info I have experienced during the implementation of the email based OTP design. The build I have implemented is based on a version of the F5 Tutorial provided with a slight difference. My client is not using a sms gateway or email server to send emails to the user but a mixture of both: the principle is still the same for the email based OTP.
My build works like this, the F5 points to an smtp server as a relay server, which sends an email to mysmsserviceonline@telco.com to send the text message to the user.
I followed the instructions to setup mail relay from the guide
http://support.f5.com/kb/en-us/solutions/public/3000/600/sol3664.html
ltm01 ~ cat /etc/postfix/main.cf | grep relay
relayhost = [smtp.server.com]
To provide accountability and auditable for my client, I created a custom log, using the guide below:
https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1084377/Writing-to-and-rotating-custom-log-files.aspx
OTP EMAIL Scipt
I amended the script to my needs,
!/bin/bash
while true
do
tail -n0 -f /var/log/customlog | while read line
do
var2=`echo "$line" | grep -i otp | awk -F'[,]' '{ print $2 }'`
var3=`echo "$line" | grep -i otp | awk -F'[,]' '{ print $3 }'`
var4=`echo "$line" | grep -i otp | awk -F'[,]' '{ print $4 }'`
Mobile number from AD
var6=`echo "$line" | grep -i otp | awk -F'[,]' '{ print $6 }'`
Strips whitespaces from mobile number
var6=`echo "$var6" | sed 's/ //g'`
if [ "$var3" = "otp" -a -n "$var4" ]; then
I was required to amend header to lock down who was requiring access by using '-- -f ', email address pulled from AD
echo One Time Password is $var4 | mail $var6@telcosmsgateway.com -- -f user@myclient.com
fi
done
done
I had several issues with the script being called; basically, if I ran it manually it would work however the script wouldn’t get called automatically. I tried several options before I came up with my solution; one suggestion was to use user_alerf config file to call my program, this worked in a fashion, but the delay between when it was called was too great for the APM session.
https://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/44/aft/1178752/showtab/groupforums/Default.aspx1227184
https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/256/Custom-SNMP-Traps.aspx
To get round my issue I came up with two custom scripts to ensure the script ruan in the background. The first would run every 5 minutes to check the script is still running and restart if necessary and the other would restart the script at 4:05am.
The reason for the second script was I encountered some issues with the log file rollover; the script was still running but would not process requests. I believe the issue was due to the customlog being tarred and so the ‘while true’ was no longer valid.
I tested this by manually deleting the log and testing. It held true, I had to manually restart syslog-ns to make the script write to the log again.
These are the scripts I used:
OTPEmailCheck.sh
!/bin/bash
RUNNING=`ps -ef | grep OTPEmail.sh | grep -v grep | awk '{print $2}'`
echo $RUNNING
If the variable RUNNING has not been define i.e. is empy then run
if [[ -z $RUNNING ]]; then
/config/OTPEmail.sh &
echo "script stated"
else
echo "already running"
fi
OTPEmailRestart.sh
!/bin/bash
RUNNING=`ps -ef | grep OTPEmail.sh | grep -v grep | awk '{print $2}'`
echo $RUNNING
if [[ -z $RUNNING ]]; then
echo "OTPEmail.sh is not running. OTPEmailCheck.sh will start program within 5mins"
else
KILL=`kill -9 $RUNNING`
echo $KILL
/config/OTPEmail.sh &
echo "OTPEmail.sh was restated"
fi
Crontab
5 * * * * /bin/bash /root/scripts/OTPEmailCheck.sh
5 4 * * * /bin/bash /root/scripts/OTPEmailRestart.sh
After that it worked as desired.
Hope this helps someone else who’s having issues
Ferg.
