Forum Discussion
midhun_108442
Nimbostratus
NimbostratusSending logs about Certification Expiry
Hi,
I am having F5 Box with lot of Client Certificate Configured , Is there any way to get the logs about Certification Expiry in Spectrum Device , I can see that Certification logs are senting to F5 box by running a script weekly , Same logs i need to sent in Spectrum Device.
Wil F5 can send Syslog logs to Spectrum device?
Can anyone help on my queries.
Regards,
Midhun P.K
7 Replies
hoolioCirrostratus
Hi Midhun,
You can check SOL7574 for details on the cert checking LTM performs. That SOL has details on configuring a custom SNMP trap. You could also configure syslog-ng to send syslog messages to your monitoring station.
sol7574: Monitoring SSL certificate expiration on the BIG-IP system
http://support.f5.com/kb/en-us/solutions/public/7000/500/sol7574.html?sr=19110082
sol5527: Configuring the BIG-IP system to log to a remote syslog server (9.x - 10.x)
http://support.f5.com/kb/en-us/solutions/public/5000/500/sol5527.html
sol7342: Overview of the syslog-ng.conf file
http://support.f5.com/kb/en-us/solutions/public/7000/300/sol7342.html
Aaron- midhun_108442Hi Aaron,
Thanks for the Update . Is it Possible to send Same certification information weekly to any email address , Im thinking instead of senting to Syslog server , sent the Certification Expiry information to My mail.
Kindly advice
Regards,
Midhun P.K - midhun_108442Hi Aaron,
Thanks for the Update . Is it Possible to send Same certification information weekly to any email address , Im thinking instead of senting to Syslog server , sent the Certification Expiry information to My mail.
Kindly advice
Regards,
Midhun P.K - midhun_108442Hi Aaron,
Thanks for the Update . Is it Possible to send Same certification information weekly to any email address , Im thinking instead of senting to Syslog server , sent the Certification Expiry information to My mail.
Kindly advice
Regards,
Midhun P.K - nitass
Employee
you may set syslog-ng to send email notification. according to sol7574, checkcert is called weekly already.
Syslog NG Email Configuration by lrhazi
http://devcentral.f5.com/wiki/AdvDesignConfig.SyslogNGEmailConfiguration.ashx
hope this helps. - midhun_108442Hi,
Is it possible to send same Syslog message as a SNMP trap to remote server , The Idea is Certification expiry is a syslog message , but we are using SPectrum in our environment and its listening SNMP Trap , So we are not receving Certification expiry logs in Spectrum ,
Is there anyway to send syslog message as snmp trap to Spectrum server, Kindly advice.
Regards,
Midhun P.K - nitassCustom SNMP Traps by Deb
http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/256/Custom-SNMP-Traps.aspx
e.g.[root@ve1023:Active] config b snmpd trapsess list snmpd { trapsess i192_168_206_154_1 { auth password none auth protocol NONE community "public" engine id none host "192.168.206.154" port 162 privacy password none privacy protocol NONE security level noAuthNoPriv security name none version 2c } } [root@ve1023:Active] config cat /config/user_alert.conf alert CERT_EXPIRE "Certificate (.*?) in file (.*?) will expire on (.*?)" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.300" } [root@ve1023:Active] config logger -p local0.notice "01380002:4: Certificate 'askf5' in file askf5.crt will expire on Sat Jul 14 18:15:24 2007 GMT" on trap receiver (192.168.206.154) C:\>nc -l -u -p 162 0ü┼☻☺☺♦♠publicºü╖☻♦←bDG☻☺ ☻☺ 0ü¿0+♠☺☻☺☺♥ C♥ û░0→♠ +♠☺♠♥☺☺♦☺ ♠♀+♠☺♦☺Ü/☻♦ é,0`♠♂+♠☺♦☺Ü/☻♦☺☺♦QCertificate 'askf5' in file askf5.crt w ill expire on Sat Jul 14 18:15:24 2007 GMT0↨♠ +♠☺♠♥☺☺♦♥ ♠ +♠☺♦☺Ü/☻♦
