Forum Discussion

K0x2102_360272's avatar
K0x2102_360272
Icon for Nimbostratus rankNimbostratus
Jul 02, 2018

TACACs authentication health monitor

Hello everyone,

 

I´m new on big ip and I´m facing some hard times to figure out how to customize a health monitor which polls a TACACs server looking for authentication failures. Currently we have a default tcp monitor but I´m trying to build a more robust/sophisticated one which monitors not only application status (ports, resets...) but also authentication issues.

 

I found some discussions/forums stating that this could be accomplished by using some perl code, but there are no examples and seriously, I´m really, really dumb when trying to write any code using any program language (I´ve started working to get this weakness solved).

 

If someone has any idea on how to do that, I really appreciate!

 

Thanks in advance!

 

application delivery
BIG-IP
LTM

3 Replies

Sort By
  • Andy_McGrath's avatar
    Andy_McGrath
    Icon for Cumulonimbus rankCumulonimbus
    Jul 02, 2018

    To monitor TACACS you will need to use an External Monitor, which is just a monitor that triggers a script to run and output tells the monitor to mark the Pool Member as Up or Down (see F5 Wiki: Advanced Design & Config and K7444: Requirements for external monitor output for more info and examples).

     

    If you have a perl script that will work than upload to the F5 from System ›› File Management ›› External Monitor Program File List then create a new Monitor, setting the type to External and select the script you have uploaded and any other configuration parameters.

     

    You might need to read through the start of the script you have to see if you need to pass any Arguments/Variables in to get the script to work correctly.

     

  • Merry95_171142's avatar
    Merry95_171142
    Icon for Nimbostratus rankNimbostratus
    Aug 06, 2018

    Hello !

     

    I would like to do exactly the same thing, did you succeed with the TCP monitor or the external monitor ?