I've been looking for a way to send out an email from a F5 BIG-IP (12.1.2) but I cannot find anything that tells me if a) this can be done and b) how to do that. I do have ASM's running around that I send emails from using the alert.conf on the CLI but that /var/log/ltm message of "Bandwidth exceeded by 75% ... " etc. etc, I want that to be send out as well.
Any tips are greatlly appreciated.
Witih kind regards,
P.s.: We do not log from these specific F5's to a SIEM of any kind otherwise I could have gotten my information that way 🙂
Whitout a SIEM, I would do something with a cron, a grep and the command mail.
About the cron not surviving the upgrades, what I like to do is "export the cron". I've a linux box with a cron, and this cron execute command remotely via SSH.
For example, install this following command (replace "SEND MAIL" by the method you use to send mail obviously 😅) on a cron of a computer with the SSH Key added authorized key and the user must have the advanced shell (let me know if you have question about this) :
ssh youruser@yourF5IP grep "Bandwidth exceeded by 75" /var/log/ltm > /dev/null if [ $? == 0 ] ; then echo "SEND MAIL"; fi
That said, I don't like this solution, it would be far better for you to lose time installing a Nagios or anything that can monitor and keep link usage by SNMP.