Forum Discussion
Brandon_12607
Nimbostratus
NimbostratusSNMP TRAP
BIG IP 3600 11.5 So I have use these SNMP MIBs on quite a few F5s in our organization and it always works. On this 3600 I can't seem to get the MIBs to catch the certs.
alert CERTIFICATE_EXPIRED "Certificate (.*) expired" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.300"; email toaddress="email" body="Certificate Expired on F5LTM1" }
alert CERTIFICATE_WILL_EXPIRE "Certificate (.*) will expire" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.301"; email toaddress="email" body="Certificate will Expire on email"
BrandonCirrostratus
We have placed some test certs in common partition and it works, but certs place in other partitions don't seem to be alerted on. Is there a way at alert on expiring certs in other partitions besides the common partition?
Thank you for your help!
cjuniorNacreous
If I'm not wrong, this checking just run to the Common partition by this script:
/etc/cron.weekly/5checkcertSo, I think that the script content should be like that:
cd /var/core /usr/bin/tmsh -c "cd /; run /sys crypto check-cert stdout disabled"instead of:
cd /var/core /usr/bin/tmsh run sys crypto check-cert stdout disabledPlease, take a look at this link bellow and ask for help to F5 support.
https://support.f5.com/kb/en-us/solutions/public/14000/300/sol14318.html?sr=58190131
Regards.
- Brandon
Yes and then u have to update the few things
In the file /etc/cron.weekly/5checkcert (delete the line in the file and add the one below)
cd /var/core
/usr/bin/tmsh -c "cd /; run /sys crypto check-cert stdout disabled"
Then you have to add all of the Partition Names into the alert.conf file. example Common, Partation2 and 3.
vi /config/user_alert.conf Type: I
alert CERTIFICATE_EXPIRED "Certificate (.) in file /Common/(.) expired" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.300"; email toaddress="cccc@yahoo.com" body="Certificate Expired on F5hostname1" }
alert CERTIFICATE_EXPIRED "Certificate (.) in file /Common/(.) will expire" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.301"; email toaddress="cccc@yahoo.com" body="Certificate will Expire on F5hostname1" }
alert CERTIFICATE_EXPIRED "Certificate (.) in file /Partition2/(.) expired" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.302"; email toaddress="cccc@yahoo.com" body="Certificate Expired on F5hostname1" }
alert CERTIFICATE_EXPIRED "Certificate (.) in file /Partition2/(.) will expire" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.303"; email toaddress="cccc@yahoo.com" body="Certificate will Expire on F5hostname1" }
alert CERTIFICATE_EXPIRED "Certificate (.) in file /Partition3/(.) expired" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.304"; email toaddress="cccc@yahoo.com" body="Certificate Expired on F5hostname1" }
alert CERTIFICATE_EXPIRED "Certificate (.) in file /Partition3/(.) will expire" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.305"; email toaddress="cccc@yahoo.com" body="Certificate will Expire on F5hostname1" }