Forum Discussion

lostnytechie_55's avatar
lostnytechie_55
Icon for Nimbostratus rankNimbostratus
Apr 28, 2011

user_alert.conf not working

Hi all,

 

I'm hoping someone will be able to tell me what I'm doing wrong. i'm sure it's something simple too but I've been banging my head up against the wall for the last few days and I can't seem to figure it out. I created two entries in user_alert.conf and the goal is that when these events happen they will trigger a script instead of an snmp OID like it says in the writeups. So far, all the documentation says I should be able to do this but I can't get it to work. I checked the script itself and when run as a standalone I can get it to go. Here are the entries I put in:

 

alert XDMS_Failover_Monitor_Res "SNMP_TRAP: Pool (XCAP_POOL) member (172.25.130.103:80) .*?" { exec command="/root/test.pl" }

 

 

alert XDMS_Failover_Monitor_Res1 "Could not find monitor object 172.25.130.104:0" { exec command="/root/test.pl" }

 

 

I pulled the names and everything out of the gtm log and also double checked it against the appropriate alertd table. everything seems to check out but still nothing.

 

 

Thanks
  • What are the permissions on the /root/test.pl script? As a test, can you try chmod 755 /root/test.pl?

     

     

    Aaron
  • Is alertd running (and not restarting)? If you replace the exec with an snmptrap does that work? This would show the match is happening. If that works but the exec still doesn't, I'd try opening a case with F5 Support. Make sure to tell them you want help troubleshooting the exec statement and not your custom script.

     

     

    Aaron
  • Thanks for the suggestion hoolio. I got it where alertd was not restarting and just running. I haven't tried an snmptrap yet. i'll do that next. I have a ticket open with f5 support and they're looking into this as well.
  • For anyone that might be interested. user_alert.conf will allow you to trigger perl scripts. there's F5 documentation that says it won't but it will.

     

    The other part is that I used the alert code to trgger and then started going word by word till I found a solution that worked. I was trying to use the generic alert wording under /etc/alertd/bigip_gtmd_error_maps.h instead of using the snmp trap text itself. So use the /var/log/gtm to give you the exact wording and go from there.

     

    Thanks everyone!
  • Thanks for the follow up. Do you mind posting more details on what you figured out for the matching logic? A specific example would be useful.

     

     

    Thanks, Aaron
  • For our reference, here are the steps I cannibalized from C872450 from Chad:

    
    1. Create a script file /usr/local/bin/mycustomscript.pl 
    
       vi /root/mycustomscript.pl
    
    2. Add the script to the file and save: 
    
       !/usr/bin/perl
       system("echo Alert was triggered > /var/tmp/mycustomscriptoutput.txt");
    
    3. Set the permissions on the file: 
    
       chmod 755 /root/mycustomscript.pl
    
    4. Edit /config/user_alert.conf and add the following alert definition.  The quoted portion is a regex which must match the syslog message.
    
       alert my_custom_alert "this is the text we look for in the syslog message" {
          exec command="/usr/local/bin/mycustomscript.pl"
       }
    
    5. Trigger the script: 
    
       logger -p local0.info "this is the text we look for in the syslog message"
    
    6. Review the script action which was to create a file and output some text: 
    
        less /var/tmp/mycustomscriptoutput.txt
    
            Alert was triggered 
    

    Aaron
  • Hi Ed,

    Thanks for the great summary. Custom alertd scripts came up recently for a customer scenario. In a quick test on 10.2.3, it does look like you can have multiple exec commands for one alert:

    
     cat /config/user_alert.conf
    alert user_alert.conf_test "my custom trigger string" {
       exec command="echo 'echo test1 from user_alert.conf'>> /var/log/ltm";
       exec command="echo 'echo test2 from user_alert.conf'>> /var/log/ltm";
       exec command="/var/tmp/script1.bash";
       exec command="/var/tmp/script2.bash";
    }

    
     cat /var/tmp/script1.bash
    !/bin/bash
    echo "running $0" >> /var/log/ltm

    generate a test log message

    logger -p local0.info "my custom trigger string"

    
    output written to /var/log/ltm
    Mar 23 07:49:11 local/ve10a info root: my custom trigger string
    echo test1 from user_alert.conf
    echo test2 from user_alert.conf
    running /var/tmp/script1.bash
    running /var/tmp/script2.bash

    I've requested to have your notes added to an AskF5 solution.

    Thanks again,

    Aaron

  • There's a request for enhancement tracking the request to pass in the full alert text to a user_alert.conf script:

     

     

    BZ350418 - log type and messages passed to external commands from alertd

     

     

    If you're using user_alert.conf scripts, please open a case with F5 Support and ask them to attach your case to the RFE.

     

     

    Thanks, Aaron