CirrusI'd like to receive and email when someone logs or attempts to log in to LTM. Basically I would like the Logins History log sent to me via email in real time. I already have SMTP set up and it works for sending other events.
Thanks
Hi aaperson,
Can you add following lines in /config/user_alert.conf?
alert login_history "(.*)pam_audit(.*)" {
email toaddress="root@example.com"
fromaddress="f5root"
body="Your message."
}Restart alertd service and try login.
tmsh restart sys service alertd
CirrusThis iworks great but it only caught the login failures. I'd like the successes, too. Is that possible?
Thanks in advance!
I think, it send successful login emails. Both successful and failed logs contains "pam_audit" string.
Example login fail log:
Tue Dec 10 16:32:01 EET 2019 admin 0-0 httpd(pam_audit): User=admin tty=(unknown) host=172.16.11.135 failed to login after 1 attempts (start="Tue Dec 10 16:32:35 2019" end="Tue Dec 10 16:32:37 2019").:Example login success log:
Tue Dec 10 16:32:37 EET 2019 admin 0-0 httpd(pam_audit): user=admin(admin) partition=[All] level=Administrator tty=(unknown) host=172.16.11.135 attempts=1 start="Tue Dec 10 16:32:01 2019" end="Tue Dec 10 16:32:01 2019".:Oops... you are right! Thanks!!
NimbostratusHello aaperson,
Can you please share how did you set up the SMTP on f5 running 15.x software version?
I have the following config in place:
(tmos)# list sys outbound-smtp
sys outbound-smtp {
from-line-override disabled
mailhub smtp.gmail.com:587
rewrite-domain bigip1.f5lab.com
}
I have also modified the user_alert.conf file and added many scipts for sending an email for pool members gpoing down/SSL cert expiration etc. But nothing is working.
Can you please help?
Thanks in advance!
CirrusUsing the GUI: System->Configuration:Device:SMTP-> Create
Properties: relay.mail.com, port #, Local host name, from address.
Add authentication if required by the relay.