Forum Discussion
6 Replies
Hi aaperson,
Can you add following lines in /config/user_alert.conf?
alert login_history "(.*)pam_audit(.*)" { email toaddress="root@example.com" fromaddress="f5root" body="Your message." }
Restart alertd service and try login.
tmsh restart sys service alertd
- aapersonCirrus
This iworks great but it only caught the login failures. I'd like the successes, too. Is that possible?
Thanks in advance!
I think, it send successful login emails. Both successful and failed logs contains "pam_audit" string.
Example login fail log:
Tue Dec 10 16:32:01 EET 2019 admin 0-0 httpd(pam_audit): User=admin tty=(unknown) host=172.16.11.135 failed to login after 1 attempts (start="Tue Dec 10 16:32:35 2019" end="Tue Dec 10 16:32:37 2019").:
Example login success log:
Tue Dec 10 16:32:37 EET 2019 admin 0-0 httpd(pam_audit): user=admin(admin) partition=[All] level=Administrator tty=(unknown) host=172.16.11.135 attempts=1 start="Tue Dec 10 16:32:01 2019" end="Tue Dec 10 16:32:01 2019".:
- aapersonCirrus
Oops... you are right! Thanks!!
- Amandeep_SinghNimbostratus
Hello aaperson,
Can you please share how did you set up the SMTP on f5 running 15.x software version?
I have the following config in place:
(tmos)# list sys outbound-smtp
sys outbound-smtp {
from-line-override disabled
mailhub smtp.gmail.com:587
rewrite-domain bigip1.f5lab.com
}
I have also modified the user_alert.conf file and added many scipts for sending an email for pool members gpoing down/SSL cert expiration etc. But nothing is working.
Can you please help?
Thanks in advance!
- aapersonCirrus
Using the GUI: System->Configuration:Device:SMTP-> Create
Properties: relay.mail.com, port #, Local host name, from address.
Add authentication if required by the relay.