AltocumulusHi all,
BIG-IP AWAF VE Version 16
we have a requirement to get email notification for each new request on virtual server. whenever a new request hit virtual server bip-ip send a email notifiaction to our team. please let me know if anyone know a solution.
MVPHmm, This seems not a real use case of F5 BIGIP. You can send new connection log to log server with help of HSL irule & it will utilize more cpu and risk of failover active device frequently.
However if your requirement is strict with mail trigger for every conenction then use TCL function in HSL iRule.
Happy iRulling...
Altocumulusis there a way to do it without logging ?
MVPAsim_IIPL Based on the article below and how you want to generate the alert I do not believe you have any other option but to send logs and then generate an email based on that log entry. Keep in mind that if this VS is a high connection VS you will be sending a significant amount of logs and emails. This seems like a bad plan from the get go and is a recipe for disaster because you could generate thousands of email alerts. Please look into this a bit further to ensure you have no other option but to generate emails in this way.
Hi,
Have a look at this post: https://community.f5.com/t5/technical-forum/for-send-email-via-irule-procedures/td-p/128296
You can use a procedure and a sideand connection to send an email on any trigger in an irule.
Cheers,
Kees
MVPYou are setting yourself up for a DoS attack on your email server. Also, that would be quite a bit of CPU on the F5. As mentioned above, the correct way would be to use High Speed Logging (HSL) to offload a custom message to a remote syslog, splunk, zabbix, whatever server. Then on that remove purpose built logging device I would setup rules for any email generation. Just because you can hack the F5 to do this, you shouldnt. Sometimes, it is best for the operational and security risk of your infrastructure to tell the business or application team that they are smoking too much grass, and that what they are requesting cant be done on the F5. Simple.
Altocumuluswhisperer whisperer KeesvandenBos Samir
Thank you all for the support. Currently we are not going to implement the solution as it comes with a lot of risks and resouce consumptions.
