Forum Discussion

Dev_56330's avatar
Dev_56330
Icon for Cirrus rankCirrus
Aug 15, 2014
Solved

SNMP Trap for Expired Certificates

Can anyone provide an example of the useralert.conf file displaying a trap for expired certificates on the Big IP? I have read the article below though it is still not clear to me on how to perform ...
application delivery
LTM
management
monitoring management automation
smtp
  • nitass_89166's avatar
    nitass_89166
    Aug 16, 2014

    this is mine. you may have to correct the matched message in user_alert.conf.

    sol14318: Monitoring SSL certificate expiration on the BIG-IP system (11.x)

    http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14318.html

    sol11127: Testing SNMP traps on the BIG-IP system (9.4.x - 11.x)

    http://support.f5.com/kb/en-us/solutions/public/11000/100/sol11127.html

    e.g.

    // config

[root@ve11a:Active:In Sync] config  cat /config/user_alert.conf
alert TEST "Certificate (.*) in file (.*) will expire on (.*)" {
   email toaddress="nitass"
   fromaddress="whatever"
   body="Help, I am going to expire."
}

// test

[root@ve11a:Active:In Sync] config  logger -p local0.warn "01420007:4: Certificate CN=www.com,L=Seattle,ST=WA,C=US in file /Common/site1.crt will expire on May 27 14:56:25 2014 GMT"
[root@ve11a:Active:In Sync] config 

// email

-----Original Message-----
From: root [mailto:root@ve11a.acme.local] 
Sent: Saturday, August 16, 2014 3:36 PM
To: Nitass
Subject: 01420007:4: Certificate CN=www.com,L=Seattle,ST=WA,C=US in file /Common/site1.crt will expire on May 27 14:56:25 2014 GMT

Help, I am going to expire.
nitass's avatar
nitass
Icon for Employee rankEmployee

this is mine. you may have to correct the matched message in user_alert.conf.

sol14318: Monitoring SSL certificate expiration on the BIG-IP system (11.x)

http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14318.html

sol11127: Testing SNMP traps on the BIG-IP system (9.4.x - 11.x)

http://support.f5.com/kb/en-us/solutions/public/11000/100/sol11127.html

e.g.

// config

[root@ve11a:Active:In Sync] config  cat /config/user_alert.conf
alert TEST "Certificate (.*) in file (.*) will expire on (.*)" {
   email toaddress="nitass"
   fromaddress="whatever"
   body="Help, I am going to expire."
}

// test

[root@ve11a:Active:In Sync] config  logger -p local0.warn "01420007:4: Certificate CN=www.com,L=Seattle,ST=WA,C=US in file /Common/site1.crt will expire on May 27 14:56:25 2014 GMT"
[root@ve11a:Active:In Sync] config 

// email

-----Original Message-----
From: root [mailto:root@ve11a.acme.local] 
Sent: Saturday, August 16, 2014 3:36 PM
To: Nitass
Subject: 01420007:4: Certificate CN=www.com,L=Seattle,ST=WA,C=US in file /Common/site1.crt will expire on May 27 14:56:25 2014 GMT

Help, I am going to expire.
Dev_56330's avatar
Dev_56330
Icon for Cirrus rankCirrus
Aug 18, 2014
Thanks. I have configured the user_alert.conf file as follows and used the provided solution article to test the SNMP trap though I am still not receiving email. What SMTP configuration is used when sending email from the big IP? Under system configuration > Device > SMTP I have configured my exchange server though I am not sure if this is the only configuration that needs to be made or if it is even needed. I have also validated email is flowing between my internal users so exchange is not the issue in this case. Any thoughts? alert Test "Certificate (.*) in file (.*) will expire on (.*)" { email toaddress="validemailaddress@lab.com" fromaddress="anything@lab.com" body="A certificate is about to expire" } alert Test1 "Certificate (.*) in file (.*) expired on (.*)" { email toaddress="validemailaddress@lab.com" fromaddress="anything@lab.com" body="A certificate has expired" }