user alert on apm logs

Question

I try to trigger a command when a specific log is written on /var/log/apm

It works on 2 different non prod big-ip, but on a third one in production it only works with /var/log/ltm logs.

user_alert.conf

"failed" is commun in my ltm logs. "New session" is commun in apm logs.

So this works (triggered from ltm logs):

alert test "failed" { exec command="logger -p local0.notice 'test'" }

This doesn't (not triggered from apm logs):

alert test "New session" { exec command="logger -p local0.notice 'test'" }

Do you have any idea why?

enes_afsin_al · Answer

Hello Fab,
BIG-IP APM messages are not processed by the alertd SNMP process, and therefore custom scripts/traps cannot be triggered based on syslog messages for BIG-IP APM systems.
REF: https://my.f5.com/manage/s/article/K6414

fab · Answer

Thanks.&nbsp;It's very strange because it does work on 2 different bigip but not on the 3rd. This misled me...

fab · Answer

Actually it works on v15 and not anymore on v17. This is why it was working on some devices and not on some others.

Forum Discussion

user alert on apm logs

user_alert.conf

3 Replies

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

HA Failover between two Datacenters

AST Configuration Assistance

Identify which virtual servers are using a specific SSL certificate

APM VPN LDAP POOL can't contact ldap server.

Users account sessions mixed up..

Related Content

Remove alerts showing r-series LCD/Dashboard.

F5 XC Session tracking and logging with User Identification Policy

Certificate Expiry Email alert configuration

DEVCENTRAL END-USER LICENSE AGREEMENT

F5 Distributed Cloud Telemetry (Logs) - Loki

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS