monitoring
1519 TopicsDifference between ICMP and GATEWAY_ICMP
Hi All, This is a pretty dumb question, but what's the difference between using the ICMP and GATEWAY_ICMP health monitors. I've read up on it but still not 100% sure what the difference is. https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip9_0config/ConfigGuide9_0-11-1.html In relation to a NODE, an ICMP and GATEWAY_ICMP health check would both do the same thing (ie: ping the node) - is that correct? So choosing either one will achieve the same result. Whereas with a POOL, there is only the option to use GATEWAY_ICMP which will ping every member in the pool - is that correct? Thanks. Andy5.8KViews0likes5CommentsGet ClientIP Address Behind LoadBalancer
Hi, I am facing an issue to capture the actual IP address of the customers. The Web application is developed in ASP.NET 2.0 version (IIS version is 6.0) and it is hosted in Windows 2003 server behind the F5 Load Balancer. I have tried to capture the customer IP address through the REMOTE_ADDR server variable, however it is capturing the actual IP address. I have also tried the below server variables and they are not also working either, HTTP_X_FORWARDED_FOR HTTP_USER_AGENT HTTP_CLIENT_IP HttpContext.Current.Request.UserHostAddress I have also tried the solutions mentioned in the link https://devcentral.f5.com/blogs/us/...ws-servers and tried the below steps, 1. Downloaded the file and transferred the dll from \x64\Release folder in a new folder of the server C:\ISAPIFilters. 2. Right clicked on the IIS and select Properties. Then selected the "ISAPI Filters" tab. From there clicked the "Add" button and entered "F5XForwardedFor" for the Name and the path to the file "c:\ISAPIFilters\F5XForwardedFor.dll" to the Executable field. Clicked Ok. However found that the Status of the Filter is showing as "NOT LOADED" in the IIS. Also to confirm you that I am receiving NULL values in the X-Forwarded-For Server variable. Please advise. Thanks and Regards, Aniket4KViews0likes12CommentsConfiguration reload request received, reloading configuration
Service: syslog-ng (1233) Event: Configuration reload request received, reloading configuration I did not manually relaod the config, but this message is in my system log. Tried looking in F5 database, what exactly do u suggest I do, just wait for the service to restart or reload the LTM ????3.7KViews0likes10CommentsMonitor settings - Interval, Timeout, etc.
Can someone provide an easy to understand description of the Monitor settings 'Interval' and 'timeout' ? My understanding is that monitors default to a 5 second interval, with a 16 second timeout. Does this mean the monitor daemon runs an instance of the monitor every 5 seconds against every pool member, and every running instance of the monitor has a 16 second time out value ? Is there a way to configure a monitor such that it requires several failures before acting on a pool member ? Thanks !!3.4KViews0likes3CommentsGTM - HTTP check through proxy
Hi, I try to configure my GTM (v9.4.5) to monitor certain websites on the internet via my balanced proxy servers (ISA 2006). So I created a TCP based monitor and configured the send string to something like GET http://blablabla.com HTTP/1.1 First, without a receive string (as this didn't work anyway). After the monitor is created I assigned it to a specific pool and it started making this GET request through the proxy (traced the log and GTM interface with tcpdump). The http request got processed by the proxy and the response delivered back to the GTM. Everything's good so far but the GTM (cluster of 4 GTMs) marks this pool always to DOWN -> "(state: timeout)" I also tried it with a HTTP monitor but it's always the same result. Apart from that I tried to set "\r\n" behind the GET request -> no success What is my fault?3.3KViews0likes4CommentsTurn off CLI Paging
When I connect to one of our F5 boxes and I run the command "b list", it displays the output in paged format. So then I have to press the space bar to scroll through each page. Is there anyway to turn this off? The reason why I'm asking is that I have a script which runs to backup our F5 config and its waiting for a prompt but never sees it because of the paging feature. We're running Bigips with v9 code.3.3KViews0likes9CommentsScript to check for certificate expiration
Hi guys Most of you have probably been in the situation where a certificate suddenly expired without anyone noticing (or at least no one took proper action). I was in that situation a couple of weeks ago. I asked Lord Google if someone had a good method of detecting certificate expiration automatically. I didn't really find anything relevant, except for a couple of SOLs from F5 regarding the checkcert utility. So I sat down and did some scripting myself. I'm pretty satisfied with the result, however, this is my first real bash script so you can probably find something that could be optimized or done in a better way. So first of all the scripts checks if the device is the active box. If it is not, the script does nothing, but if is, the script creates a list of all expiring certificates and places them in expiringcerts.txt. This file is then checked and each line is reported separately to our servicedesk (which in return creates a case and escalates it directly to network operations). When a certificate has been reported it is put in the flaggedcerts.txt. This file ensures that a certificate is not reported multiple times, unless it is less than a week from expiring. In this case a new mail is send each time the script is ran (in our case, it is put in /etc/crontab and configured to run every day at 12 pm/noon). If a certificate is deleted, expired or renewed it is no longer put in the expiringcerts.txt file and is therefore also removed from the flaggedcerts.txt file. In the end a status mail is sent to me each day to ensure that the check ran as it should. This is just me that like to be absolutely sure that the script does its job. ___________________________ !/bin/bash Author: dadalife Check if unit is active and if it is the script should continue: ACTIVE=$(tmsh show cm failover-status | grep ACTIVE | wc -l) if (($ACTIVE == 1)); then echo -e "Unit is active. Proceeding...\n" SCRIPTPATH='/root/' MAIL='servicedesk@atea.dk' MAILCC='dada@atea.dk' NUMREPORTED=0 NUMFLAGGED=0 NUMCRITICAL=0 Create a list of all expiring certificates: tmsh run sys crypto check-cert | grep 'will expired' | awk -F 'in file' '{print $2}' | awk -F ' GMT' '{print $1}' > "$SCRIPTPATH"expiringcerts.txt echo "A list of all expiring certificates has been created!" Send an email for each certificate if it has not already been sent: echo -e "\nChecking for expiring certificates..." > "$SCRIPTPATH"tempflagged.txt while read line; do BODY="\n\nPlease create this case as an incident (Priority 3) under the customer CNM and escalate directly to OPNOM.\n\nThis is an auto-generated e-mail from the BIG-IP." CERT=$(echo $line | awk -F ' ' '{print $1}') CERTEXPIRE=$(echo $line | awk -F 'expired on ' '{print $2}') FLAGGED=$(cat "$SCRIPTPATH"flaggedcerts.txt | grep $CERT | wc -l) if (( $FLAGGED == 0)); then echo $CERT >> "$SCRIPTPATH"tempflagged.txt echo -e "$CERT expires on $CERTEXPIRE GMT.$BODY" | mail -s "$CERT expires on $CERTEXPIRE GMT" $MAIL -c $MAILCC echo "--> $CERT reported to servicedesk." NUMREPORTED=$[$NUMREPORTED +1] else echo $CERT >> "$SCRIPTPATH"tempflagged.txt echo "--> $CERT has already been flagged" NUMFLAGGED=$[$NUMFLAGGED +1] fi done < "$SCRIPTPATH"expiringcerts.txt cp "$SCRIPTPATH"tempflagged.txt "$SCRIPTPATH"flaggedcerts.txt echo -e "Check for expiring certificates done!" Check if a certificate is less than a week from expiring: CURRENTTIMEEPOCH=$(date +%s) echo -e "\nChecking for almost expired certificates..." while read line; do CERTEXPIRE=$(echo $line | awk -F 'expired on ' '{print $2}') CERTEXPIREEPOCH=$(date --date="$CERTEXPIRE" +%s) CERTEXPIREDIFF=$(expr $CERTEXPIREEPOCH - $CURRENTTIMEEPOCH) if (($CERTEXPIREDIFF < 604800)); then BODY="\n\nPlease create this case as an incident (Priority 1) under the customer CNM and escalate directly to OPNOM.\n\nThis is an auto-generated e-mail from the BIG-IP." CERT=$(echo $line | awk -F ' ' '{print $1}') echo -e "$CERT expires on $CERTEXPIRE GMT.$BODY" | mail -s "WARNING: $CERT EXPIRES IN LESS THAN A WEEK!!" $MAIL -c $MAILCC echo "--> WARNING: $CERT EXPIRES IN LESS THAN A WEEK!!" NUMCRITICAL=$[$NUMCRITICAL +1] fi done < "$SCRIPTPATH"expiringcerts.txt echo "Check for almost expired certificates done!" echo -e "\nCertification check done!" Send a status email: echo -e "Hi David\n\nYour script did its job!!\n\nNumber of newly reported certificates: '$NUMREPORTED'\nNumber of already flagged certificates: '$NUMFLAGGED'\nNumber of critical certificates: '$NUMCRITICAL'\n\nYours Sincerely\nThe BIG-IP" | mail -s "Everthing went well!" $MAILCC else echo "Unit is standby. No action taken!" fi ___________________ Feel free to comment on anything! :) Thanks, David3.2KViews0likes21Commentssender address in eMails sent by postfix
Hello all, I am trying to use postfix-settings (/etc/postfix/) for sending mails from the bigIP directly to my account. By default the sender address is like "root@mydomain.tld", so it always takes "root" as the user account. Unfortunately, I can't use "root" within our SMTP-environment, therefore it would be quite valuable for me being able to change the sender's user account to something like "LTM1@mydomain.tld". Does anyone know where to change this exactly? I was trying to do this in /etc/postfix/aliases, but did not get to a satisfying result so far...:-( Thanks for any good ideas. Cheers, Stephan2.9KViews0likes19Comments