F5 iCall not working
Hi Team,
My iCall is not working in my setup. i am taking help of various online article and now exhausted. Please help !!!!!
=================================================
User -----------------VS (10.10.10.110) Pool Name PHP- member: lampio - 192.168.18.128:80
===============================================
Task: Create i call to check pool member is down and run packet capture.
Step 1: Created the alert:
===================================================================
[root@lab:Active:Standalone] config # cat user_alert.conf
alert local-http-192-168-18-128-80-DOWN "Pool/common/PHP /common/192.168.18.128:80 monitor status down" {
exec command="tmsh generate sys icall event tcpdump context { { name ip value 192.168.18.128 } { name port value 80 } { name vlan value servers } { name count value 20 } }"
}
==================================================================
Step 2: Setup the i call script
=======================================================================
modify script pool_down_script {
app-service none
definition {
exec tcpdump -ni servers -w /var/tmp/dhruv.pcap
}
description none
events none
=======================================================================
Step 3: Configure the handler
========================================
modify triggered pool_down {
script pool_down_script
subscriptions replace-all-with {
tcp-dump {
event-name tcp-dump
}
}
}
========================================
When i manually pull down the pool member, nothing happens and below is the output.
=======================================================================
root@(lab)(cfg-sync Standalone)(Active)(/Common)(tmos)# show sys icall
------------------------------------------------
Sys::iCall::Event Triggered Handler: pool_down
------------------------------------------------
Events matching filters 0
Events causing handler to run 0
Creation time 11/14/19 02:11:08
Current status active
Time since last status change 11/14/19 02:11:08
===================================================================
Kindly help...!!
Hi Dhruv,
I think your event name in the alert config file is wrong which is supposed to be called in the event handler.
For I call there are 3 items to be focused,
- Alert file event
- Script
- Handler
Well you have created those, but nevertheless I'll try to cover them again.
- Create an alert with below, remember to put the alert message with the right keywords.
alert myserver-down "Pool /Common/PHP member /Common/192.168.18.128:80 monitor status down" { exec command="tmsh generate sys icall event unique-tcpdump context { { name ip value 192.168.18.128 } { name port value 80 } { name vlan value servers } { name count value 20 } }" }
So basically when the LTM see's the logs of "Pool /Common/PHP member /Common/192.168.18.128:80 monitor status down", it will trigger the event unique-tcpdump. This event we have to call on the handler.
But before we move to the handler, we need the script 1st, because script will be called in the handler.
2. Create the script.
#tmsh create sys icall script pool_down_script
modify script pool_down_script { app-service none definition { exec tcpdump -ni servers -w /var/tmp/dhruv.pcap } description none events none
3. We create the handler,
#tmsh create sys icall handler triggered pool_down script pool_down_script subscriptions add { tcp-dump { event-name unique-tcpdump } }
Testing:
# logger -p local0.notice "Pool /Common/PHP member /Common/192.168.18.128:80 monitor status down"
Once you the above command is run, it will log on the ltm file.
Ultimately your alert event will be triggered. This will inturn put a log on the audit file - "generate sys icall event unique-tcpdump"
Thus once the handler is triggered, the script will be triggered too.
In your case, your alert event name and the handler event names dint match. Hope you got it.
Keep me posted.