cancel
Showing results for 
Search instead for 
Did you mean: 

Use debug on health monitor to retrieve lost radius secret

Daniel_Abrahams
Nimbostratus
Nimbostratus

Hi

 

Is it possible to use debug function on health monitors to retreive the radius secret?

Found this old blogpost http://socpuppet.blogspot.com/2016/11/how-to-recover-lost-big-ip-f5-secret.html and followed the steps

 

1) Created a health monitor with a random username and password plus a random secret. Enabled debug

2) Edit the health monitor and entered the hashed secret from the radius setup

3) Added the health monitor to a pool and attached the pool to a new virtual server used to test

4) Check in /var/log but no debug log is created

 

Is something missing or is it not possible to do this anymore?

 

Best regards

Daniel

 

 

 

1 REPLY 1

Hi Daniel,

 

This has been fixed in from v13.1.0. If you look at the monitor debug logs, you will see "SECRET=<sensitive data redacted>".

 

https://cdn.f5.com/product/bugtracker/ID670893.html

cat /var/log/monitors/<MonitorPartition>_<MonitorName>-<NodePartition>_<NodeName>-<port>.log | grep SECRET