Forum Discussion
nitass
Mar 01, 2013Employee
can you try something like this?
[root@ve10:Active] config cat /config/user_alert.conf
alert TEST_1 "Packet rejected remote IP (.*) port (.*) local IP (.*) port 4848 proto UDP: Connection limit exceeded." {
}
alert BIGIP_IP_REJECT_CONN_LIMIT {
email toaddress="someone@somedomain.com"
fromaddress="root"
body="this is message body."
}
contain "port 4848 proto UDP"
[root@ve10:Active] config logger -p local0.notice "01200001:5: Packet rejected remote IP 10.10.10.10 port 4848 local IP 172.25.25.23 port 4848 proto UDP: Connection limit exceeded."
[root@ve10:Active] config tcpdump -nni 0.0 port 25
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel
not contain "port 4848 proto UDP"
[root@ve10:Active] config logger -p local0.notice "01200001:5: Packet rejected remote IP 10.10.10.10 port 4848 local IP 172.25.25.23 port 1234 proto UDP: Connection limit exceeded."
[root@ve10:Active] config tcpdump -nni 0.0 port 25
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
17:44:21.039226 IP 172.28.19.253.49068 > 192.168.10.13.25: S 2008166789:2008166789(0) win 5840
17:44:21.204574 IP 192.168.10.13.25 > 172.28.19.253.49068: S 440775781:440775781(0) ack 2008166790 win 4380
17:44:21.205208 IP 172.28.19.253.49068 > 192.168.10.13.25: . ack 1 win 46