Forum Discussion
Zuke_254875
Feb 05, 2019Altostratus
Triggering SNMP traps for SSL Certificates
I've read a few different SOL articles and posts here on DevCentral on how to generate SNMP traps locally from the F5. We use Solarwinds for SNMP alert notification (not sure if that's relevant or not)
Last week, I ran the command
tmsh run sys crypto check-cert ignore-large-cert-bundles enabled
command on a guest with one expiring certificate and that triggered an email. I have the email. It's real.
I haven't generate that trap with that identical command on the same guest, or other guests. Here is the email and the output of /config/user_alert.conf file.
[username@f5-guest:/S1-green-P:Standby:In Sync] ~ cat /config/user_alert.conf
alert CERTIFICATE_EXPIRED "Certificate (.*) expired" {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.300"
alert CERTIFICATE_WILL_EXPIRE "Certificate (.*) will expire" {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.301"
}
- ZukeCirrostratus
It's not the F5. Traps were being sent, but the Solarwinds config changed.
Should've known. Sigh.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects