Triggering SNMP traps for SSL Certificates
I've read a few different SOL articles and posts here on DevCentral on how to generate SNMP traps locally from the F5. We use Solarwinds for SNMP alert notification (not sure if that's relevant or not) Last week, I ran the command tmsh run sys crypto check-cert ignore-large-cert-bundles enabled command on a guest with one expiring certificate and that triggered an email. I have the email. It's real. I haven't generate that trap with that identical command on the same guest, or other guests. Here is the email and the output of /config/user_alert.conf file. [username@f5-guest:/S1-green-P:Standby:In Sync] ~ cat /config/user_alert.conf alert CERTIFICATE_EXPIRED "Certificate (.*) expired" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.300" alert CERTIFICATE_WILL_EXPIRE "Certificate (.*) will expire" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.301" }
ASM L7DOS snmp traps
Dear, Do you know of any known issue about l7ddos snmp traps. For some reason they are not sent at all. The log entry in /var/log/dosl7/dosl7d.log is well present, but no snmp trap is sent. I checked the definition in the alertd config files and it looks like it is looking for a specific log entry in order to send the trap: alert.conf alert BIGIP_TS_TS_DOS_ATTACK_DETECTED_ERR { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.91"; } bigip_ts_error_maps.h 3 LOG_ERR 01310046 BIGIP_TS_TS_DOS_ATTACK_DETECTED_ERR "[SECEV] DoS attack: %s. HTTP classifier: %s, Operation mode: %s" But the problem is that when testing a l7ddos, no log entry can be found in /var/log/asm, there are only logs in /var/log/dosl7/dosl7d.log And it looks like the alertd does not process the later file (K14397) My client is running version 11.5.4 Thanks in advance for your assistance. Abdessamad
ASM L7DOS snmp traps
Dear, Do you know of any known issue about l7ddos snmp traps. For some reason they are not sent at all. The log entry in /var/log/dosl7/dosl7d.log is well present, but no snmp trap is sent. I checked the definition in the alertd config files and it looks like it is looking for a specific log entry in order to send the trap: alert.conf alert BIGIP_TS_TS_DOS_ATTACK_DETECTED_ERR { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.91"; } bigip_ts_error_maps.h 3 LOG_ERR 01310046 BIGIP_TS_TS_DOS_ATTACK_DETECTED_ERR "[SECEV] DoS attack: %s. HTTP classifier: %s, Operation mode: %s" But the problem is that when testing a l7ddos, no log entry can be found in /var/log/asm, there are only logs in /var/log/dosl7/dosl7d.log And it looks like the alertd does not process the later file (K14397) My client is running version 11.5.4 Thanks in advance for your assistance. Abdessamad
Wrong SNMP Trap email alert being triggered in user_alert.conf
I currently have two webpages being hosted on the same server. I am using f5 to monitor those pages with the HTTPS health monitor. I have two separate monitors for the two pages. My goal was to be able to receive email alerts when one of the monitors would fail but i wanted the email to state which monitor exactly was the one generating the alert so that i can know immediately which page is no longer up. I did the following in the user_alert.conf alert WEBPAGE1 Monitor Fail " SNMP_TRAP: Pool /Common/Test_Pool member Server_Test (ip:port=10.100.X.X:0) state change green --> red ( Monitor /Common/WebPage1_Monitor from 10.10.X.X : connect: timeout search result false)" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.200"; email toaddress="anton639@email.com" fromaddress="F5_BIGIP " body="Webpage1 Monitor Fail" } alert WEBPAGE2 Monitor Fail " SNMP_TRAP: Pool /Common/Test_Pool member Server_Test (ip:port=10.100.X.X:0) state change green --> red ( Monitor /Common/WebPage2_Monitor from 10.10.X.X : connect: timeout search result false)" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.201"; email toaddress="anton639@email.com" fromaddress="F5_BIGIP " body="Webpage2 Monitor Fail" } My issue is that when i am testing and i intentionally stop webpage 2 from running, i am receiving the email alert for webpage one. I am assuming the snmp trap text used to identify the event is not differentiating between the two monitors and is sending the first snmmp trap in the list. Is it possible to send an email alert for the specific health monitor that is failing even though the monitors are of the same type? What can be changed in my configuration to achieve this? Your assistance will be appreciated.
Generate test SNMP-TRAPS from BIG-IQ
How to generate snmp traps for testing from a BIG-IQ system.I used the below command using F5 reference documents. to do the same thing on an F5 BIG-IP system. logger -p local0.emerg "010d0005:0: Chassis fan 1: status (0) is bad" but as BIG-IQ is a different type of OS, i don't know what applies here. Could not find anything on the internet search either. Can someone help. I need to generate some test traps from the BIG-IQ to tick off the SNMP monitoring testing for one of my projects. Thanks in advance.Controlling which VS do/don't trigger SNMP traps
Env: LTM 11.5.3, GTM 11.5.3 Hey all - on our F5s we co-manage both production and test/QA virtual servers. The test/QA variety are naturally less stable, as the teams bring down real servers for updates etc. We have SNMP traps being issued on each "VS down" or "VS up" event, and of course want that for production. But for the test/QA VSs, it's like watching popcorn pop, they go up and down so much. Is there any way to manage this situation such that only the production VSs end up triggering traps? thx!
