Icall script argument
Hello! How I can translate to icall script argument from APM via iRule? Example. I want generate user certificate SSL via APM. I wrote bash script, but it should be called with two argument - UserName and UserDomain. Thank you! sys icall script gcc_script { app-service none definition { exec /home/root/scripts/certificates.sh $UserDN $DomainDN exec istats remove "GCC generate for UserDN" } description none events none }
Regular expression format in user_alert.conf
I'm trying to use iCall and an event from user_alert.conf to fail over a BIG-IP VE cluster if an arbitrary BGP neighbor goes down. I have the handler and script working just fine if the event only looks in my logs for a static phrase, but when I have it look for a regex instead, it no longer works. However, if I test in a tool like regex101 with my expression and a log entry, it matches just fine. Here's my user_alert.conf (sanitized of course) alert bgp_neighbor_down "neighbor 100.200.[0-9]{1,3}.[0-9]{1,3} Down" { exec command="tmsh generate sys icall event neighbordown context { { name protocol value bgp } }" } And one of the logs I'm trying to match on: 2024/06/20 15:04:32 informational: BGP : %BGP-5-ADJCHANGE: neighbor 100.200.30.4 Down BGP Notification CEASE If I then runimish and shut down a neighbor that should match that regex, the device I'm on stays active. Any thoughts on what else I can try?
Run a sync-config from iCall
Hi, I am wrinting a iCall which modify the configuration with tmsh::modify. I have a cluster of Big-IP so after the command tmsh::modify change the configuration, I have to run a config-sync. My question is how to run a config-sync from a iCall? I can not find any command unless maybe with exec. Thank you. Regards,
F5 LTM customized Packet cloning
Hello every body I have an application using SMPP, SMPP is TCP based protocol and it establish sessions to send traffic, SMPP has unique command IDs to Establish session and tear them up, below image is simple protocol flow: In below example in packet 8 in attached tcpdump, you will see under SMPP (Short Message Peer to Peer) layer a command ID: 0x00000009 which represent bind command (establish a connection/SMPP session). What I need to similar to customized clone pool concept but on pool member level and on certain condition, I need an iRule or may be an iCall procedure to check for SMPP bind command by scanning packet PDU, similar example is below: https://devcentral.f5.com/questions/balancing-smpp-traffic-based-on-recipient-address when CLIENT_ACCEPTED { set s_seq_idx 1 set first_bind_resp 1 set smsc1 set smsc2 TCP::collect } when CLIENT_DATA { while { [TCP::payload length] > 16 } { binary scan [TCP::payload] IH8IIa* len oper status seq p if { [TCP::payload length] < $len &&} // We need here to add check for bind command id as well { TCP::collect $len return } My challenge is to replicate SMPP bind packet to all available pool members in certain pool 😃 , Once SMPP Bind packet is replicated, as result we will get established SMPP sessions with all available pool members, and F5 LTM then will be able to load-balance other incoming traffic with all pool members as far as connection is established. If concept is OK, the rest is not challenging as we need to consider other bind command IDs to be replicated (0x00000001, 0x00000002 and 0x00000009), and of course we need to replicate unbind as well 0x00000006 if possible. Thank you so much in advance. Sincerely, SAMIcall, get availability status of gtm virtual server.
Hello everyone, I have an iCall script which checks the status of DNS VS and if the VS is offline the script will do something. Now I trying to check the status via next command: [tmsh::get_field_value [lindex [tmsh::get_status "/gtm server /Common/server virtual-servers { /Common/some_vs }"] 0] "status.availability-state"] But this command return the status of DNS server, not DNS VS. How I can take the status only DNS VS? Help needed! Thanks.
Alerts || Events triggered for audit logs too
Hi All, I had few custom alerts configured in /config/user_alert.conf like, so its looking for log message jaikumar in the ltm log, alert testing "jaikumar" { exec echo "Jai is doing testing" } But recently I noticed, the alerts are triggered for logs of audit too. It was my understanding that alertd daemon examines the /var/log/ltm logs alone. So everytime when I wanted to test it I used to run throw a message in ltm log - logger -p local0.notice "jaikumar" So when I ran a dummy command like, obviously the virtual does not exist, tmsh list ltm virtual jaikumar alertd examines the log message (jaikumar) from audit log & triggers the custom event action thats configured. Can someone confirm me if this behavior is normal, does alertd looks for every log messages. Can we restrict it ?
how to set up variables in iCall?
I set up iCall to collect tcpdump at status "session status forced disabled" alert: alert POOL-MEMBER-DOWN "Pool (.*?) member (.*?):(.*?) session status forced disabled" { exec command="tmsh generate sys icall event tcpdump context none" } script: modify script tcpdump { app-service none definition { set date [clock format [clock seconds] -format "%Y%m%d%H%M%S"] exec tcpdump -ni any -s0 -w /var/dmp/${date}.dmp -c 100 host and port } description none events none } That works for one server. How set up this script for other servers but use one alert? I tried to other values for variables, but still don't work.Returning a configuration object changes its type
Hey, I'm building a cli script to automate some of the configuration tasks I have to do. I've encountered some strange behaviour, which I don't understand. So this example prints me the description of the sys ntp configuration object. set ntp [lindex [tmsh::get_config /sys ntp] 0] puts "[tmsh::get_field_value $ntp description]" As you probably know tmsh::get_config always returns a collection. I sometimes only want to get a single item (and make sure that it really is only a single item). That's why I thought it would be great to have a procedure that does that check every time: proc get_single_config {args} { set items [tmsh::get_config $args] if {[llength $items] eq 1} { return [lindex $items 0] } else { error "list $args yielded [llength $items] results" } } Then I run: set ntp [get_single_config /sys ntp] puts "[tmsh::get_field_value $ntp description]" And I get the following error: test: script failed to complete: can't eval proc: "script::run" unexpected TCL object type while executing "tmsh::get_field_value $ntp description" (procedure "script::run" line 4) invoked from within "script::run" line:1 script did not successfully complete, status:1 When I add a get_field_value just before the return on get_single_config it works. But after it is returned from the procedure, it seems like the object type changes. Since I'm somewhat new to TCL it might just be I'm using TCL wrong. It's not like I can't work around this, but I'm curious to know what is causing this.
