How I did it – Configure F5 Distributed Cloud to Send Alert Notifications to PagerDuty

F5 Distributed Cloud – F5 XC for short – has a robust alerting mechanism with a wide range of different alert types.  Most alerts are generated because something unexpected has occurred, but alerts are also generated for what is considered normal activity.

As an example, when a new user is created in F5 XC to provide access to the console, an alert is generated, and the same thing happens when a user is updated or deleted.

Examples of alerts that are generated when something unexpected happens range from F5 XC login failures to an excessive number of web application firewall attacks to a pod in the virtual Kubernetes layer (vk8s) of F5 XC crash looping and everything in-between.

F5 XC alerts are categorized by severity in to minor, major and critical. Alerts are also named, and a few examples are WAFTooManyAttacks, UserCreated and SiteCertificateExpiration

Additionally, alerts are also divided into groups such as security, infrastructure, user access management and others.  As examples, the alerts WAFTooManyAttacks and MaliciousUserDetected are both in the security alert group and SiteCertificateExpiration is part of the infrastructure alert group.

 While F5 XC has a robust alerting mechanism, users must either view them in the alerts dashboard of the console or make API calls to retrieve the alerts.

Instead of having to periodically check the alerts dashboard or make API calls, F5 XC provides a mechanism to send alert notifications to an external system – which is called an alert receiver.  The alert receivers supported are Email, Slack, OpsGenie, SMS and PagerDuty.  By configuring one or more of these receivers, customers can integrate F5 XC alerts with alerts from other systems in their environment.

 The following walkthrough video steps through the process of configuring F5 XC to send alert notifications to PagerDuty.  The video covers the steps in detail; the process is fairly straightforward.

  • Create a service – or use an existing – in PagerDuty
  • Assign a custom integration to the PagerDuty service
  • Create a PagerDuty receiver in F5 XC using the integration key and URL from PagerDuty
  • Create an alert policy in F5 XC
  • Create alert policy rules that define which alerts to send by severity, name or group.  An alert policy can have multiple rules.

By configuring F5 XC to send alert notifications, customers that use PagerDuty can include these alerts as part of their escalation policies and workflows, allowing them to consolidate F5 XC alerts along with those generated by other systems in their environment.

Check it Out
This video provides a step-by-step walkthrough of how to configure F5 Distributed Cloud to send alert notifications to PagerDuty

 

Additional Links
F5 Distributed Cloud (XC) Services
F5 XC PagerDuty Alert Receiver Configuration

Published Mar 15, 2023
Version 1.0
No CommentsBe the first to comment