Introducing the F5 Application Study Tool (AST)
In the ever-evolving world of application delivery and security, gaining actionable insights into your infrastructure and applications has become more critical than ever. The Application Study Tool (AST) is designed to help technical teams and administrators leverage the power of open-source telemetry and visualization tools to enhance their monitoring, diagnostics, and analysis workflows.
Prometheus and basic auth
Dear all I have setup telemetry streaming so that a remote prometheus server can scrape metrics. I used this advice to use a guest account for "basic auth" done on prometheus : https://devcentral.f5.com/s/articles/icontrol-rest-fine-grained-role-based-access-control-30773 Here is the prometheus scrape_configs entry : - job_name: bigip honor_timestamps: true scrape_interval: 10s scrape_timeout: 10s metrics_path: /mgmt/shared/telemetry/pullconsumer/My_Prometheus scheme: https basic_auth: username: prometheus password: <secret> tls_config: ca_file: /etc/ssl/certs/ca.crt cert_file: /etc/ssl/certs/prometheus.crt key_file: /etc/ssl/certs/prometheus.key insecure_skip_verify: false static_configs: - targets: - lb5 My problem is excessive warning messages in the logs : Dec 13 16:33:37 lb5 warning httpd[13888]: [warn] [client XXXX] AUTHCACHE Error processing cookie 7BA470C4F1E2F722E1685046756D1F1A70621E38 - Cookie user mismatch The problem is clearly identified (K11140735) but changing pam idle timeout is not a solution as promtheus scrapes every 10s which is too low for an usual webui idle timeout. I was wondering if there is a fix or other way to do it ? Using a F5 token is not a solution as prometheus does not seam to support it in its scrape_config section (https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config). Thanks for your help ;-))
