pool_member_new_session_enable, and pool_member_monitor_state, etc. values?

AlanMoen · ‎28-Feb-2022

I'm pushing all of my logs into Splunk and want to create a dashboard to show all recent changes made to an LTM. What I cannot find anywhere (unless my google-fu has completely failed me) is a listing of all possible values and their meanings for the 'pool_member_update_status', 'pool_member_new_session_enable', 'pool_member_monitor_state', and other, similar fields that appear in the AUDIT log.

The only thing that I have found that references these values is here: https://support.f5.com/csp/article/K30252226 and that is very far from a comprehensive listing. There's also an iRule that posts things to twitter, but that's not helpful in this context, either.

I suppose I could just create a test VS/pool/node and try all combinations of things an operator could do to them, but I have to believe that F5 has these listed somewhere.

JRahm · ‎01-Mar-2022

Are these helpful?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

AlanMoen · ‎02-Mar-2022

I should have been more clear in my request.

What I need are the meanings of the numeric codes as in the below:

pool_member { pool_member_pool_name \"/someapi/pool-prod-someapi\" pool_member_node_name \"/someapi/hrxpapi02.mycompany.com\" pool_member_port 443 pool_member_new_session_enable 2 pool_member_monitor_state 3 }
or
pool_member { pool_member_pool_name \"/someapi/pool-prod-someapi\" pool_member_node_name \"/someapi/hrxpapi01.mycompany.com\" pool_member_port 443 pool_member_new_session_enable 1 pool_member_monitor_state 20 }

This comes from the /var/log/audit file and I need a dictionary of the numeric codes; not limited to the pool member info there. This: https://support.f5.com/csp/article/K30252226 (see below) shows the meaning of exactly two of the values; I'd like a more comprehensive list.

In /var/log/audit:

Note: The "pool_member_monitor_state 20" indicates the pool member is manually forced offline.

[...]
In /var/log/audit:

Note: The "pool_member_monitor_state 3" means the pool member is manually disable.

Thanks!

JRahm · ‎02-Mar-2022

gotcha. I left feedback on that AskF5 solution and reached out to someone on the team. I'll post back what/when I find out.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

AlanMoen · ‎18-Mar-2022

Just checking in to see if anything has come back.

HroShib · ‎18-Mar-2022

Thank you for your patience, we are working on this now. If anything progresses, we will let you know.

AlanMoen · ‎04-May-2023

Checking back 😎

JRahm · ‎04-May-2023

Hi @AlanMoen it looks like in the below response from @HroShib and in the knowledge article the information has been updated. Is there something still missing that needs to be addressed?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

HroShib · ‎23-Mar-2022

Thank you for your paticence, we have some update for you.

First of all, K30252226 information is when we operate via Configuration utility not tmsh, threfore we fixed and update title and some information.
Also we put info the logs when manually enabled in Additional Information section.

Regarding audit log, you can see its state with these combinations.
-- Enabled "pool_member_new_session_enable 2 pool_member_monitor_state 3".
-- Disabled "pool_member_new_session_enable 1 pool_member_monitor_state 3".
-- Forced Offline "pool_member_new_session_enable 1 pool_member_monitor_state 20".

We can see those numbers in F5-BIGIP-LOCAL-MIB file.

K13322: Overview of BIG-IP MIB files

-- pool_member_new_session_enable:

ltmPoolMemberNewSessionEnable OBJECT-TYPE
SYNTAX INTEGER {
user-disabled(1), <----------- !!!
user-enabled(2), <----------- !!!
monitor-enabled(3),
monitor-disabled(4)
}

-- pool_member_monitor_state:

ltmPoolMemberMonitorState OBJECT-TYPE
SYNTAX INTEGER {
unchecked(0),
checking(1),
inband(2),
forced-up(3), <----------- !!!
up(4),
down(19),
forced-down(20), <----------- !!!
irule-down(22),
inband-down(23),
down-manual-resume(24),
disabled(25)
}

Changes via Configuration utility we can also see in TMSH command results. For example, "pool_member_new_session_enable" is session and "pool_member_monitor_state" is state

CloudDocs Home > F5 TMSH Reference > ltm pool

-- Disabled:

# tmsh
(tmos)# list ltm pool pool_example pool_example members { 192.168.0.59:http { session state } }
ltm pool pool_example {
    members {
        192.168.0.59:http {
            session user-disabled  <----------- !!!
            state up
        }
    }
}

-- Forced Offline:

# tmsh
(tmos)# list ltm pool pool_example pool_example members { 192.168.0.59:http { session state } }
ltm pool pool_example {
    members {
        192.168.0.59:http {
            session user-disabled  <----------- !!!
            state user-down  <----------- !!!
        }
    }
}

Regarding more comprehensive list, we are checking. We might send a message you directory.

HroShib · ‎28-Mar-2022

We updated K30252226 once again and mentioned about we can check numeric codes of pool_member_new_session_enable and pool_member_monitor_state from MIB file.

DevCentral

pool_member_new_session_enable, and pool_member_monitor_state, etc. values?

MFA required on DevCentral