health monitor
70 TopicsF5 Health Monitor Receive String as JSON
Hello, We have to set up Health Monitor where the received string in response header is in json format. And therefore, I am wondering, how to configure the proper string that F5 will understand: Received String: {"status":"started","services":[{"name":"nae-kmip","status":"started"}]} It seems to except RegEx like the following: HTTP/1.1 200 OK|name:name-kmip,status:started However, I am not sure if this would match. I would appreciate any advise. Thanks,122Views0likes7CommentsHTTPS health monitor with binary values
We have security appliances behind F5 as pool members. These requires probing with binary strings. We have configured "TCP" health monitor with send/receive strings as binary values in BIG-IP syntax as mentioned in article-K01524704 This tcp monitor is working as expected. However the new requirement is to setup mTLS between F5 and pool members. I have installed server-side certificate and the same has been installed at pool member servers (with mTLS feature enabled at pool member servers). The same TCP binary health monitor making the pool members down, however it is working with default tcp monitor (only tcp handshake to check port status). I have tried using HTTPS health monitor with same binary values in send/receive strings with server SSL profile in monitor advance setting but it didn't work. Any advise would be appreciated.110Views0likes3CommentsLoad balancing based on file content
Hi All, I've done some reading but I can't seem to find a solution to what I'm trying to achieve. I would like to set up load balancing based on the receive string from a file on a server. My setup is as follows: 2 Servers in a pool, A & B Each server has a file that needs to be queried. If the receive string is "ok" traffic is distributed based on the round robin method. If the receive string from 1 of the servers is changed load balancing is then based on priority group setting, where server A=1 and B=5. Unlike like a health monitor, I need both servers to be able to received traffic, but distributed based on the priority group setting for the server. Somehow this was accomplished on the A10, but I'm having a hard time trying to replicate it on the F5. Any thoughts or suggestions on our I can achieve. Thanks in advance for your help. Cheers Deena42Views0likes1CommentHealth Monitor
Hi comminity, I have a puzzling health monitor that I can't get working. I can curl to the server from CLI # curl server-name.domain:1936/healthz -k ok But when I try to produce a health monitor via the GUI to do the same/similar I get no valid response and the pool is marked down. This is an OpenShift server that doesn't respond to a request on 1936 so I need to craft some form of https command to mimic the above. If I point directly at https I get the folloiwng error: # curl https://server-name.domain/healthz -k returnscurl: (35) Unknown SSL protocol error in connection to server-name.domain:443 Has anyone seen similar issues when monitoring OpenShift pools and got a working solution / suggestion? I need something better than TCP-half-open monitoring.862Views0likes3CommentsWSDL Url monitor issues
Hi Friends, I am facing some weird behaviour from F5 while using health monitor for wsdl url. I am using the health monitor as follows Send String: GET /app/xyz/AdminService.wsdl HTTP/1.1\r\nHost: myapp.myname.com \r\nConnection: Close\r\n\r\n Revieve String: HTTP/1.1 200 OK Health monitor works fine but the end server is loaded with so many HTTP 500 error while F5 performing health checks. I have verified and found the wsdl respond back with a complete x ml page and this xml page contains url which in turn give HTTP 500 Error. How can we solve this issue? Any idea? -Jinshu203Views1like0CommentsHow to create a External Monitor?? Please help
Hi, how to create an external monitor for below curl command. Below curl command giving an output "200" when running manually from F5 curl --header "Content-Type: text/xml;charset=UTF-8" --header "SOAPAction:http://mybase.xyz.com/mybaseService/HealthCheck" --data "" -o /dev/null -s -w %{http_code} http://servername:8080/mybaseWS/mybaseService Please help. -Jinshu291Views0likes1CommentGTM https health monitor has never worked
I'm trying to construct a health monitor in GTM 11.5.4 that looks for text on an https web page. I have never been able to get the monitor to go green so I am trying to troubleshoot it. gtm monitor https mhconnect_https { cert /Common/default.crt cipherlist DEFAULT:+SHA:+3DES:+kEDH compatibility enabled defaults-from https description "Look for specific text" destination *:* interval 30 key /Common/default.key probe-timeout 5 recv "Please sign in to begin your secure session." send "GET /dana-na/auth/url_default/welcome.cgi" timeout 120 } The /var/log/gtm log shows this: 011ae0f2:1: Monitor instance /Common/mhconnect_https x.x.x.x:443 UNKNOWN_MONITOR_STATE --> DOWN from x.x.x.x (connect: server error search result false) From the GTM in question, I can use CURL and see the text in the HTML page that the health monitor keys on: curl --insecure -v https://x.x.x.x/dana-na/auth/url_default/welcome.cgi This returns many lines of text, including HTML containing the text I'm looking for. A telnet test fails: [root@F5-GTM-MC-01:Active:Standalone] monitors telnet x.x.x.x 443 Trying x.x.x.x... Connected to x.x.x.x. Escape character is '^]'. GET /dana-na/auth/url_default/welcome.cgi Connection closed by foreign host. [root@F5-GTM-MC-01:Active:Standalone] monitors I have also tried using this as the send string, to force HTTP 1.0: GET /dana-na/auth/url_default/welcome.cgi HTTP/1.0\r\n ..and that doesn't work either. If I open the IP and path () in a web browser, it works fine. I have used tcpdump to capture the traffic, and I can see the regular health monitor TCP traffic flowing, but the application data is all encrypted so that's been no help. The "011ae0f2:1" error seems to be somewhat well documented but I've seen nothing that relates to my problem. What should I do next to troubleshoot this?906Views0likes6CommentsHTTP SOAP XML monitor help needed
Hi All, I am attempting to implement HTTPS heath monitor that sends SOAP POST request to an XML gateway. I have had my request sorted out through SOAP UI which work as expected. The response I am getting in XML format indicates that back-end service is up and running. With some trial and error, I have converted SOAP UI request into send sting as below: POST /servcie HTTP/1.1\r\nHost: applicaiton.companyname.com:8443\r\nAccept-Encoding: gzip,deflate\r\nUser-Agent: Apache-HttpClient/4.1.1 (java 1.5)\r\nContent-Type: text/xml;charset=utf-8\r\nSOAPAction: http://www.companyname.com/EnterpriseServices/Scheduling/v1.0.0/GetDemographics\r\nContent-Length: 1314\r\nConnection: Close\r\n\r\n<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"><soap:Header><wsse:Security soap:mustUnderstand = \"1\" xmlns:wsse = \"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"><wsse:UsernameToken wsu:Id = \"UsernameToken-7198221\" xmlns:wsse = \"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsu = \"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"><wsse:Username xmlns:wsse = \"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">serviceuser</wsse:Username><wsse:Password Type = \"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\" xmlns:wsse = \"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">somepassword</wsse:Password></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><GetDemographics xmlns=\"http://www.companyname.com/EnterpriseServices/Scheduling/v1.0.0\"><getDemographicsRequestParam><Body><ClientCode>ABC</ClientCode><ProgramCode>ABC</ProgramCode><examCode>2NE</examCode></Body></getDemographicsRequestParam></GetDemographics></soap:Body></soap:Envelope>\r\n I see the request from the monitor and successful response on XML gateway appliance. As a receive string I am expecting message status below: <Success>true</Success> While the response is HTTP 200, my monitor still seems to fail with response string match . Looking at the monitor log I see the request and response. However, the format of response shows as heximal representation. This is weird. I have checked against some other monitors and they show response content in readable format. [0][16420] 2021-04-06 16:50:06.599136: ID 367 :(_recv_active_service_ping): rcvd 715 bytes: -->HTTP/1.1 200 OK\x0d\x0aServer: Apache-Coyote/1.1\x0d\x0aContent-Encoding: gzip\x0d\x0aContent-Type: text/xml;charset=utf-8\x0d\x0aContent-Length: 530\x0d\x0aDate: Tue, 06 Apr 2021 20:50:06 GMT\x0d\x0aConnection: close\x0d\x0a\x0d\x0a\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\x00\xad\x95\xc9n\xdb0\x10\x86_e\xa0K\x93CL;\xe9\xa10h\x05\x8d\xb7\x04\xb0\x03#\x02\xd2^Yr"\x11\x15I\x81\x8bl\xbf})\xc7n\xed\x14i \xd57\x91\xd4\xf7\xcfp8\x0b\xbd\xdd\xa8\x12j\xb4N\x1a=J\x06\xbd~\x02\xa8\xb9\x11R\xe7\xa3$\xf8\x97\xab/\xc9mJ\x9da\xd5p\xaak,M\x85\x10\x11\xed\x86\xcd\xde()\xbc\xaf\x86\x848^\xa0b\xae\x17\x8f\x9a\xfd\x9e\xb19i>\x08\xee!\x92\xec\xb1\x8d\x93\xbf\xa9\xf5z\xdd[\xdf\xec~\xbe\xee\xf7\x07\xe4\xfbr\x91\xed\x84\xae\xa4v\x9ei\x8e\x7f(\xf11\x95\xec\x1d\xbd3b\x9b\xd29\xfa\x09*\x93[V\x15\x92\xbb't\x95\xd1n\xef\xfd\x89\xd8\xca\x1a\x85\xdeJ\xde\xe3F\x91\xa9\xf6h++\x1dfhk\xc9\xd1\x91F^\x842\xc6\x84\xd41D1H\xef\xca\xa7\xf4\x1e\x99@\x9b\xd2%:\xc7r\xcc<\xf3\xc1\xa54\x0b<J\xb9\xd4\xdb\x80\x94\x1cV\x94\xbc\xf9\x8d\x1c\xf0\xd7K\x1c\x9b8Y\xa5\xf4\x91)Lg\xd2:\x0f\x17sY\xa3\xbe\x84f\x8b\x92\xdd\x01}fe@ Q\xf1\x84\xfa[b)\x85(\xb1\x1b\xbb`\x8d\xf5\x19S\xb2\xdcv4?6\xaabz\xdb\x0d\xce\xbcE\xf4\xf0U\x08\x1b\xc3\x08\x0b\xa9\x11\x06gQ\xb9>\x8b\xca\xcdYT>\xb7\x0f\xaa\xf4\xdb\x0e\xa6\x99G\x12\x8b\xa1\x96\xb1\xf2Z\xe3+\x13K\xb6\x84\xb1\x11]\x92 ho\xdb\xbb<UL\x96\x87`\xb5\xa6\xbf\x19\xfb\x93L\xd8\x16V\x85\xd1\xed\x9d>\xc5a\xba\xf1\xa8\x9b6\xdaZ\xe8>\xb6\x1f\xb8\x98\xc6\x12\x8e\x1d\xe6\xb2\xa373\xb6\xe9HN\xe2\xb3\x83y\x81;i}\xd1>k\x0c\x97\xf1\xd93\xe4\xc1\xc6\xac\x83\xc7\xa0~\xa0m\xdf\x85\x8c/\xd0~r\xb0dR\xa0\xee\xd6\x0e\xe6&N2\xadP{x\x98\xfc\x1f\x0d\x0f\xce\x85\xf8\x1c\xd055\xc7\xc6\xda\xddL\x88\xb7\xe1\x08\x0b\xa6\xf3\x10\xfb\xfc\x07:\xc7\xabf\x1a\xbcN\x01\xf2\xee\xb0\xf9\xc7\xc9\xd1($'\xf3;\xfd\x05,\xa4\x8a2\xf5\x07\x00\x00<-- [ tmm?=false td=true tr=false addr=::ffff:10.2.1.123:8443 srcaddr=::ffff:10.2.1.2%0:49550 ] It almost looks like LTM is failing to interpret response properly. Any Ideas? Has anyone seen something like this before? All help is greatly appreciated. Thanks, AlexSolved1.7KViews0likes4CommentsNotifications via External Monitor
Hi, I have an external monitor that sends a notification (email) when it fails. I don't want it failing so I just had it create a file when if fails. If that file doesn't exist, it will notify. If it does exist, it just marks it down but doesn't send the alert. The way I thought to clean it up was just to rm-f the file when the status goes back to UP. This works fine if the script is run manually, but will not work when it runs through F5. Here are the basics of the script: curl -s -v -k -H "Host: ${HOST}" -k https://${NODE}${URI} 2>&1 > /dev/null | grep -i "${RECV}" STATUS=$? rm -f $PIDFILE if [ $STATUS -eq 0 ] then rm -f /shared/tmp/service-${NODE} echo "UP" else if [ ! -f /shared/tmp/service-${NODE} ] then touch /shared/tmp/service-${NODE} chmod 777 /shared/tmp/service-${NODE} curl -s -o /shared/tmp/service-${NODE}.html -H "Host: ${HOST}" -k https://${NODE}${URI} EMAIL NOTIFICATION PART fi fi exit Is there something that I am missing? Is there a better way?196Views0likes1CommentHTTP Web Login Health Monitor
Hello all, I'm pretty new with cURL and using that syntax with creating health monitors to validate whether nodes are available or not. The type of health monitor I am looking to create is one that validates that a user account is able to log into a website. Based off of research I created the following cURL statement and was able to validate it works in my environment: Code curl -v http://10.10.10.10/Home/Logon?ReturnUrl=%2F -d "UserName=DummyUser&Password=Test1234&RememberMe=false" When I enter that command within bash it returns a "302 Found". If I enter a bad password it returns a "200 OK" message. So how do I go about making this a health monitor? Also is the only way to send this data as encrypted to enable 443 on the server? At the moment that port is not open. Cheers, Brian252Views0likes4Comments