application monitors
8 TopicsHTTP and HTTPS monitor using node.js
Problem this snippet solves: HTTP and HTTPS monitor using node.js. Beginning with 12.0 you can run node.js from the CLI just like you do Perl, Python, or TCL or Bash. This script uses the node.js engine to run a client. It also conforms to the standards used by external monitors. You can use the same monitor for both HTTP and HTTPS. How to use this snippet: 1) Import into BigIP as an external monitor file under: System ››File Management >>External Monitor Program File List. 2) Create an external monitor using name entered in step 1. Under Local Traffic ›› Monitors 3) Add variables to monitor as follows, order is not important: path: This is the path and page name which you use for testing. e.g. /myapp/default.aspx, or /, or /owa recv: This is the receive string which will indicate proper operation. timeout_seconds: This is the request time out after which node will stop waiting for a response. secure: Any value for this variable will indicate that you want to use HTTPS. Omit this if you want HTTP. 4) Assign monitor to a pool Code : /** * HTTP/HTTPS monitor for use with node.js which is built into Bigip CLI starting with version 12.0. * Written by John Alam, nov-2016. * * no dependencies other than built-in http and https modules. * use as a replacement for external HTTP monitors. node.js scales very well. In theory this can be used * when deploying thousands of http or https monitors. * * To use this you must define the following variables in the monitor definition screen: * path: this is the path and page name which you use for testing. e.g. /myapp/default.aspx, or simply /, or /owa * recv: This is the receive string which will indicate proper operation. * timeout_seconds: This is the request time out after which node will stop waiting for a response. * secure: Any value for this variable will indicate that you want to use https instead of http. * * The IP address and port number are passed along from tmm to the monitor. These are picked up as arguments. * * To use this file: * 1) import it as an external monitor under: System ›› File Management : External Monitor Program File List, and give it a name * 2) create an external type monitor referencing the name in step 1) * 3) add variables as mentioned above. * 4) assign monitor to the pool. * * */ #!/usr/bin/node if(typeof process.env.secure !== "undefined") { var http = require('https'); } else { var http = require('http'); } var recv = process.env.recv; var timeout_seconds = process.env.timeout_seconds * 1000; var path = process.env.path; var ip_addr = process.argv[2].substr(7); var port = process.argv[3]; var options = { host: ip_addr, port: port, path: path, headers: { 'User-Agent': 'Http monitor', 'acpet' : '*/*' } }; callback = function(response) { var str = ''; //another chunk of data has been recieved, so append it to `str` response.on('data', function (chunk) { str += chunk; }); //the whole response has been recieved, so we just inspect response.on('end', function () { if ( str.indexOf(recv) > 0 ) { console.log('UP'); } else { console.log('Not found'); } }); } var req = http.request(options, callback); req.setTimeout(timeout_seconds, function() { this.abort(); }); req.on('error', function(err) { console.log(err); return; }); req.end(); Tested this on version: 12.01.5KViews1like1CommentHTTPS health monitor with username and credential check
on F5 12.1.1 I would like to check the functionality of a login page and noticed the health monitors have a username/password field. If I have a user account for the webpage how do I word the send/receive string? I'm assuming I have to use POST but I don't know what format I need to put it in. I found an article saying the username:password needs to be changed to base64. I just want some guidance on how to format a monitor that logs into a URL. Looking this up I found that you can test logging into a webpage from the shell using: openssl s_client -host -port <443> but I don't know what POST I should do after that.Solved1.1KViews0likes2CommentsLTM - Setting dependancy between monitors
Not sure if this is even possible but here is the scenario: I have a pool of IIS servers configured as members of two sets of pools based on TCP ports configured in IIS. (I was told that you need to create a separate VS per port you want to load balance). So... per the web devs, port 10000 is for responding to TCP traffic (restful web calls, etc.). Port 10001 is responding to http requests. Virtual Server 1 (TCP port 10000) Virtual Server 2 (TCP port 10001) Pool 10000 (has Servers 1-3/port 10000 as members) Pool 10001 (has Servers 1-3/port 10001 as members) I have an http monitor which is working correctly which monitors pool 10001 for successful get responses and works as expected. Disable web service on Server1, the Pool 10001 shows Server1 as down. My problem is that Pool 10000 shows Server 1 as still being up as its just using the standard icmp monitor, thus traffic is still being passed to that server. Is it possible to set a dependency on the icmp monitor to the http monitor associated with pool 10001? So if the web server is down on a server, no traffic is sent to that server regardless if its still responding to ping? If it's not responding to ping, then obviously the web monitor would be down as well. Sorry, really new to LTM concepts so still learning this awesome system. Thanks, George599Views0likes6CommentsBIG-IP DNS SNI monitoring
We are trying to get a SNI monitor to work on a BIG-IP DNS to a generic host. Using the external ADFS monitors the checks fail. When running a CURL to the destination servers we receive Unknown SSL protocol error in connection while a openssl test returns the cert and the CN we are grepping for but the moniotr still fails. We have tried with the standard ADFS external monitor provided by F5 along with the amended version for TLS1.1 and above. Also tried another custom one from Devcentral. Can anyone provide any pointers in how we could get this to work? Monitor 1: !/bin/sh These arguments supplied automatically for all external monitors: $1 = IP (nnn.nnn.nnn.nnn notation) $2 = port (decimal, host byte order) This script expects the following Name/Value pairs: HOST = the host name of the SNI-enabled site URI = the URI to request RECV = the expected response Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format) NODE= echo ${1} | sed 's/::ffff://' if [[ $NODE =~ ^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then NODE=${NODE} else NODE=[${NODE}] fi PORT=${2} PIDFILE="/var/run/ basename ${0} .sni_monitor_${HOST}_${PORT}_${NODE}.pid" if [ -f $PIDFILE ] then echo "EAV exceeded runtime needed to kill ${HOST}:${PORT}:${NODE}" | logger -p local0.error kill -9 cat $PIDFILE > /dev/null 2>&1 fi echo "$$" > $PIDFILE (echo -e "GET $URI HTTP/1.1\r\nHost: $HOST\r\nConnection: Close\r\n\r\n"; sleep 2) | openssl s_client -cipher 'ECDHE-RSA-AES256-SHA' -servername '$HOST' STATUS=$? rm -f $PIDFILE if [ $STATUS -eq 0 ] then echo "UP" fi exit Monitor 2 !/bin/sh These arguments supplied automatically for all external monitors: $1 = IP (nnn.nnn.nnn.nnn notation) $2 = port (decimal, host byte order) This script expects the following Name/Value pairs: HOST = the host name of the SNI-enabled site URI = the URI to request RECV = the expected response Remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format) NODE= echo ${1} | sed 's/::ffff://' if [[ $NODE =~ ^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ ]]; then NODE=${NODE} else NODE=[${NODE}] fi PORT=${2} PIDFILE="/var/run/ basename ${0} .sni_monitor_${HOST}_${PORT}_${NODE}.pid" if [ -f $PIDFILE ] then echo "EAV exceeded runtime needed to kill ${HOST}:${PORT}:${NODE}" | logger -p local0.error kill -9 cat $PIDFILE > /dev/null 2>&1 fi echo "$$" > $PIDFILE curl-apd -k -i --resolve $HOST:$PORT:$NODE https://$HOST$URI | grep -i "${RECV}" > /dev/null 2>&1 STATUS=$? rm -f $PIDFILE if [ $STATUS -eq 0 ] then echo "UP" fi exit Monitor 3 !/bin/bash pidfile="/var/run/$MONITOR_NAME.$1..$2.pid" if [ -f $pidfile ] then kill -9 - cat $pidfile > /dev/null 2>&1 fi echo "$$" > $pidfile node_ip= echo $1 |sed 's/::ffff://' node_port=$2 getscript () { echo 'GET / HTTP/1.1' echo 'Host: ..*.com' echo '' while sleep 0; do echo 'quit\n' done } docurl () { IFS=$'\n' arr=($(getscript | openssl s_client -connect ...:443 -servername ...com 2>/dev/nul |grep -E CN=...com)) unset IFS } docurl echo ${arr[0]} if [ -n "${arr[0]}" ] then Remove the pidfile before the script echoes anything to stdout and is killed by bigd rm -f $pidfile echo "up" fi Remove the pidfile before the script ends rm -f $pidfile367Views0likes0CommentsHealth Monitor with NTLM authentication - iApp generated vs Custom built
I have been working on creating a Health Monitor for SharePoint which uses NTLM authentication. I basically mirrored an existing HTTPS Health Monitor that the Exchange 2010 iApp generated and then adjusted for the SharePoint application. After hours of troubleshooting it was determined that I can't specify "domain\username" in the username field and I needed to remove the trailing "/r/n" on the send string. I have seen other forum topics regarding this but can someone explain why the Exchange 2010 iApp monitor generated\included both "domain\username", as well as, the trailing "/r/n" and it works. I ran the iApp generated monitor from the CLI using cUrl and I didn't specify username and password. The receive string that the iApp expected "OutlookSession=" is returned. Is the Exchange monitor somehow not using the "domain/username" account and was just placed there by the iApp template? iApp generated: ltm monitor https exchange_2010.app/exchange_2010_testmail_owa_https_monitor { app-service /Common/exchange_2010.app/exchange_2010 cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from https destination : interval 30 password pswd-removed recv OutlookSession= send "GET /owa/auth/logon.aspx\?url=https://removed/owa/&reason=0 HTTP/1.1\r\nUser-Agent: Mozilla/4.0\r\nHost: host-removed\r\n" time-until-up 0 timeout 91 username domain-removed\user-removed Custom Built: ltm monitor https sharepoint_2010_https_monitor { cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from https destination : interval 30 password pswd-removed recv "Home" send "GET /removed HTTP/1.1\r\nUser-Agent: Mozilla/4.0\r\nHost: host-removed" time-until-up 0 timeout 91 username user-removed I also have a TAC case on this topic as well.Solved363Views0likes3Commentstmsh test-monitor : external executable not found
Hi, I'm trying to use the "test-monitor" function in tmsh but every time I use it I get the same answer: root@(lb07067)(cfg-sync In Sync)(Active)(/Common)(tmos) test-monitor http address 10.221.62.23 port 8180 can't run 'http' monitor manually: external executable not found (http) Even on the basic http default monitor. Any clue ? Thanks343Views0likes1CommentMonitoring Individual Application Tiers
We have a web application which consists of two web servers: webserverA and webserverB. The web servers are in a pool which is assigned to a VS. Each web server is tied to its own application server and its own processing server. The web server communicates to the application server over tcp/8825 and the processing server over tcp/8925. I have been requested to mark the web server down if either the application or processing servers are down. The application and processing servers cannot be load balanced according to the third party developers. VS >> webserverA and webserverB webserverA >> appserverA and procserverA webserverB >> appserverB and procserverB Can and should this monitoring reside on the F5? My inital thought is to setup a monitoring service on each of the two web servers which would shut down the HTTP service in the event the APP or processing servers were down. The F5 would no longer send traffic to the web server once the HTTP service was down. Any help would be appreciated.169Views0likes1Comment