F5 LTM: Tuning email alerts

As you configure your F5 Email Alerting and your loadbalancing environment starts growing you may realize that now in addition to alerts related to production environment (VIPs, Pools, Members) you also started receiving testing, dev, lab etc up/down alerts which you do not find important. Unfortunately, F5 LTM does not have a simple switch to turn them off based on specific pools or pool members. So the only way I found was to rename production pools to include unique identifier ex. (PROD-).  Then you could potentially use part of a pool name (PROD-) plus the wildcard to match email alerts.

Components:
F5 BIG-IP: 12.1.1

As of version 12.1.1, there is no easy way to rename the pools so what we need to do is change the configuration file in CLI and update running configuration with it.

Since I’ve HA pair with auto sync disabled (highly recommended) I was able to test my modification on standby unit without affecting production config.

Best way to do this with nano editor. It has easier find/replace functionality then vi. Login with root and edit /config/bigip.conf.

[rootf@f5] config # nano bigip.conf

Ctrl+W > Ctrl+R – enter old pool name > ENTER > enter new pool name with new unique identifier ex. (PROD-) > ENTER > prompted to replace just one or All instances > results how many replaced. Save and exit config file.

Most of the time there should be two changes per pool name, one when pool is created and the other where it is attached to VIP.

Now tune /config/user_alert.conf. I’ve shortened it down to just two alerts.

[rootf@f5] config # nano user_alert.conf

alert POOL_DOWN “No members available for pool /Common/PROD-(.*)” {
snmptrap OID=”.1.3.6.1.4.1.3375.2.4.0.300″;
email toaddress=”your email address”
fromaddress=”f5@company.com”
body=”No members available”
}

alert POOL_UP “Pool /Common/PROD-(.*) now has available members” {
snmptrap OID=”.1.3.6.1.4.1.3375.2.4.0.302″;
email toaddress=”your email address”
fromaddress=”f5@company.com”
body=”Pool member up”
}

Save and restart alertd service.

tmsh restart /sys service alertd

Now load modified config from file. Config will be parsed for any errors and if critical error found it will stop without affecting running production config!

tmsh load /sys config

Login to GUI and verify new changes. Now all you need to do is sync it to the group so they are propagated to active unit.

1 comments On F5 LTM: Tuning email alerts

Leave a reply:

Your email address will not be published.

Site Footer

Sliding Sidebar