Manual Chapter :
Monitoring BIG-IP System Traffic with SNMP
Applies To:
Show VersionsBIG-IP APM
- 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
BIG-IP Analytics
- 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
BIG-IP LTM
- 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
BIG-IP PEM
- 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
BIG-IP AFM
- 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
BIG-IP DNS
- 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
BIG-IP ASM
- 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
Monitoring BIG-IP System Traffic with SNMP
Overview: Configuring network monitoring using SNMP
SNMP is an industry standard protocol for monitoring devices on IP networks. You can configure
the BIG-IP® system with SNMP traps and an SNMP agent that sends data to an
SNMP manager. You can then use the collected data to help you troubleshoot the BIG-IP system.
SNMP deployment worksheet
This table provides information about the prerequisites for a BIG-IP system SNMP deployment.
Configuration component |
Prerequisite tasks and considerations |
---|---|
SNMP administrator contact information |
Determine who is responsible for SNMP administration for the BIG-IP system. The
contact information is a MIB-II simple string variable. |
Machine location |
Determine the location of the BIG-IP system. The contact information is a MIB-II
simple string variable. |
BIG-IP system user role |
Ensure that your assigned user role is either Administrator or Resource
Administrator. |
BIG-IP system client allow list |
Gather the IP or network addresses (with netmask) of the SNMP managers from which
the SNMP agent will accept requests. |
SNMP manager routes |
Define a route to the BIG-IP system on the SNMP manager to
specify where the manager sends SNMP requests. If the SNMP manager is not on the same
subnet as the BIG-IP system, you must also add the route to the SNMP manager to the
BIG-IP system routes table, and enable one of the dynamic routing protocols. For
VIPRION systems, the route you define to the BIG-IP system on the SNMP manager must
be the route to a VIPRION system cluster management IP address (IPv4 or Pv6),
because SNMP traps are sourced from that IP address. |
Access |
Determine the OID for the top-most node of the SNMP tree to which the access
applies. |
Communities |
Determine the v1 and v2c communities and the IP addresses of the SNMP managers
that you want to grant access to SNMP data. |
Users |
Determine the v3 users that you want to grant access to SNMP data. Gather
authentication types and passwords, and privacy protocols and passwords for each
user. |
BIG-IP system statistics |
BIG-IP system statistics are defined by 64-bit counters. SNMP v2c and v3 support
64-bit counters. Therefore, your SNMP manager must use SNMP v2c or v3 to query the
BIG-IP system. SNMP v1 does not support 64-bit counters. |
Component overview
SNMP device management is based on the standard MIB-II, as well as object IDs and MIB files. A
standard SNMP implementation, includes the following components:
- SNMP manager
- The part of an SNMP system that runs on a management system and makes requests to the BIG-IP system.
- SNMP agent
- The part of an SNMP system that runs on the BIG-IP system and fulfills requests from the SNMP manager.
- Management Information Base (MIB)
- A set of data that defines the standard objects on the BIG-IP system that can be managed by the SNMP manager. The objects are presented in a hierarchical, tree structure.
- Object identifier (OID)
- A numeric identifier that indicates the location of an object within the MIB tree. Each object defined in the MIB has a unique OID, written as a series of integers.
- Enterprise MIB
- A set of data that defines the objects on the BIG-IP system that are specific to F5 Networks, Inc., and can be managed by the SNMP manager.
- MIB file
- An ASCII text file that describes SNMP network elements as a list of data objects, including the data type and current validity of each object, as well as a brief description of the purpose of each object. A set of MIB files consists of standard SNMP MIB files and enterprise MIB files.
Permissions on SNMP data objects
This table shows that access to an object depends on the object's access type and the
access assigned to a user.
Access type |
Assigned access level (for community or user) |
Result access |
---|---|---|
Read-only |
Read-only |
Read-only |
Read-only |
Read-write |
Read-only |
Read-write |
Read-only |
Read-only |
Read-write |
Read-write |
Read-write |
About enterprise MIB
files
The enterprise MIB files contain F5 Networks specific information. All OIDS for the BIG-IP® system data are contained in the F5 enterprise MIB files,
including all interface statistics (
1.3.6.1.4.1.3375.2.1.2.4
(sysNetwork.sysInterfaces
)). These enterprise MIB files reside on the BIG-IP
system:- F5-BIGIP-COMMON-MIB.txt
- Contains information that the SNMP manager can use to help manage F5-specific notifications (SNMP traps) that all other BIG-IP MIB files reference.
- F5-BIGIP-SYSTEM-MIB.txt
- Contains information that the SNMP manager can use to help manage BIG-IP system objects, such as global statistic data, network information, and platform information.
- F5-BIGIP-LOCAL-MIB.txt
- Contains information that the SNMP manager can use to help manage BIG-IP local traffic objects, such as virtual servers, pools, nodes, profiles, health monitors, iRules, and SNATs. Also contains information on AFM objects, such as firewall rules and DoS vectors.
- F5-BIGIP-GLOBAL-MIB.txt
- Contains information that the SNMP manager can use to help manage global traffic objects, such as wide IPs, virtual servers, pools, links, servers, and data centers.
- F5-BIGIP-APM-MIB.txt
- Contains information that the SNMP manager can use to help manage access policy objects, such as profiles, statistics, lease pools, and ACLs.
- F5-BIGIP-WAM-MIB.txt
- Contains information that the SNMP manager can use to help manage traffic acceleration objects, such as applications, profiles, and statistics.
Task summary
Perform these tasks when working with MIB files. Downloading enterprise and NET-SNMP MIBs to the SNMP manager
View the set of standard SNMP MIB files that you can download to the SNMP manager,
by listing the contents of the BIG-IP system directory
/usr/share/snmp/mibs
. Download compressed files that contain the enterprise and NET-SNMP MIBs.
- Click theAbouttab.
- ClickDownloads.
- ClickDownload F5 MIBs (mibs_f5.tar.gz)orDownload NET-SNMP MIBs (mibs_netsnmp.tar.gz).
- Follow the instructions on the screen to complete the download.
Viewing objects in enterprise MIB files
You must have the
Administrator
user role assigned to your
user account. View information about a BIG-IP system object by listing the contents of an
enterprise MIB file.
- Access a console window on the BIG-IP system.
- At the command prompt, list the contents of the directory/usr/share/snmp/mibs.
- View available objects in the relevant MIB file.
Viewing SNMP traps in F5-BIGIP-COMMON-MIB.txt
Verify that you have the
Administrator
user role assigned to
your user account.When an F5-specific trap sends a notification to the SNMP manager, the SNMP manager
receives a text message describing the event or problem that has occurred. You can
identify the traps specified in the F5-BIGIP-COMMON-MIB.txt file by viewing the
file.
- Access a console window on the BIG-IP system.
- At the command prompt, list the contents of the directory/usr/share/snmp/mibs.
- View the F5-BIGIP-COMMON-MIB.txt file. Look for object names with the designation NOTIFICATION-TYPE.
Viewing dynamic routing SNMP traps and associated OIDs
Verify that you have the
Administrator
user role assigned to
your user account.When you want to set up your network management systems to watch for problems with
dynamic routing, you can view SNMP MIB files to discover the SNMP traps that the
dynamic routing protocols send, and to find the OIDs that are associated with those
traps.
- Access a console window on the BIG-IP system.
- At the command prompt, list the contents of the directory/usr/share/snmp/mibs.
- View the following dynamic routing MIB files:
- BGP4-MIB.txt
- ISIS-MIB.txt
- OSPF6-MIB.txt
- OSPF-MIB.txt
- OSPF-TRAP-MIB.txt
- RIPv2-MIB.txt
Monitoring BIG-IP system processes using SNMP
Ensure that your SNMP manager is running either SNMP v2c or SNMP v3, because all
BIG-IP system statistics are defined by 64-bit counters, and only SNMP v2c and SNMP v3
support 64-bit counters. Ensure that you have downloaded the F-5 Networks enterprise and
NET-SNMP MIBs to the SNMP manager.
You can monitor a specific process on the BIG-IP system using SNMP. To do this you can
use the
HOST-RESOURCES
MIB and write a script to monitor the
process. - Write a script to monitor a BIG-IP system process using theHOST-RESOURCESMIB.For example, this command determines the number of TMM processes currently running on the system:snmpwalk-v2c-cpubliclocalhosthrSWRunName|egrep"\"tmm(.[0-9]+)?\""|wc-l
The script can now query the BIG-IP system about the status of processes.
Collecting BIG-IP
system memory usage data using SNMP
You can use an SNMP command with OIDs to gather data on the number
of bytes of memory currently being used on the BIG-IP system.
To interpret data on memory use, you do not need to perform a calculation on the
collected data.
- Write an SNMP command to gather data on the number of bytes of memory currently being used on the BIG-IP system.For example, this SNMP command collects data on current memory usage, wherepublicis the community name andbigipis the host name of the BIG-IP system:snmpget-cpublicbigipsysGlobalStat.sysStatMemoryUsed.0
The SNMP manager can now query the BIG-IP system about CPU and memory usage.
Collecting BIG-IP
system data on HTTP requests using SNMP
You can use SNMP commands with an OID to gather and interpret data
on the number of current HTTP requests on the BIG-IP system. The following table
shows the required OIDs for polling data on HTTP requests.
Performance Graph |
Graph Metrics |
Required SNMP OIDs |
---|---|---|
HTTP Requests |
HTTP Requests |
sysStatHttpRequests
(.1.3.6.1.4.1.3375.2.1.1.2.1.56) |
The following table shows the required calculations for
interpreting metrics on HTTP requests.
Performance Graph |
Graph Metric |
Required calculations for HTTP
requests |
---|---|---|
HTTP Requests |
HTTP Requests |
<DeltaStatHttpRequests> /
<interval> |
- For each OID, perform two separate polls, at an interval of your choice. For example, poll OIDsysStatHttpRequests (.1.3.6.1.4.1.3375.2.1.1.2.1.56)twice, at a 10-second interval. This results in two values,<sysStatHttpRequests1>and<sysStatHttpRequests2>.
- Calculate the delta of the two poll values. For example:<DeltaStatHttpRequests> = <sysStatHttpRequests2> - <sysStatHttpRequests1>
- Perform the calculation on the OID deltas. The value forintervalis 10. For example, to calculate the value of the HTTP Requests graph metric:(<DeltaStatHttpRequests>) / <interval>
Collecting BIG-IP system data on throughput rates using SNMP
You can use SNMP commands with various OIDs to gather and interpret data on the throughput rate on the BIG-IP system. The following table shows the individual OIDs that you must poll, retrieving two separate poll values for each OID.
Performance Graph | Graph Metrics | Required SNMP OIDs |
---|---|---|
Throughput (summary graph) | Client Bits Client Bits Server Bits Server Bits | sysStatClientBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.3) sysStatClientBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.5) sysStatServerBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.10) sysStatServerBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.12) |
Client-side Throughput (detailed graph) | Client Bits In Client Bits Out | sysStatClientBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.3) sysStatClientBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.5) |
Server-side Throughput (detailed graph) | Server Bits In Server Bits Out | sysStatServerBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.10) sysStatServerBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.12) |
HTTP Compression Rate (detailed graph) |
Compression | sysHttpCompressionStatPrecompressBytes (.1.3.6.1.4.1.3375.2.1.1.2.22.2) |
The following table shows the required calculations for interpreting metrics on throughput rates.
Performance Graph | Graph Metrics | Required calculations for throughput rates |
---|---|---|
Throughput (summary graph) | Client Bits Server Bits Compression | ( (<DeltaStatClientBytesIn> + <DeltasysStatClientBytesOut> )*8 / <interval> ( (<DeltaStatServerBytesIn> + <DeltaServerStatServerBytesOut> )*8 / <interval> ( <DeltaHttpStatPrecompressBytes>)*8 / <interval> |
Throughput (detailed graph) | Client Bits in Client Bits Out Server Bits In Server Bits Out Compression | ( <DeltaStatClientBytesIn>)*8 / <interval> ( <DeltaStatClientBytesOut>*8) / <interval> ( <DeltaStatServerBytesIn >*8) / <interval> ( <DeltaStatServerBytesOut>*8) / <interval> ( <DeltaHttpStatPrecompressBytes>*8) / <interval> |
- For each OID, perform two separate polls, at an interval of your choice. For example, poll OIDsysStatServerBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.10)twice, at a 10-second interval. This results in two values,<sysStatServerBytesIn1>and<sysStatServerBytesIn2>.
- Calculate the delta of the two poll values. For example, for the Server Bits In graphic metric, perform this calculation:<DeltaStatServerBytesIn> = <sysStatServerBytesIn2> - <sysStatServerBytesIn1>
- Perform the calculation on the OID deltas. For this calculation, it is the average per second in the last<interval>. The value forintervalis 10. For example, to calculate the value of the Server Bits In graph metric:(<DeltaStatServerBytesIn>) / <interval>
Collecting BIG-IP
system data on RAM cache using SNMP
You can use an SNMP command with various OIDs to gather and
interpret data on RAM cache use. The following table shows the required OIDs for
polling for data on RAM Cache use.
Performance Graph | Graph Metric | Required SNMP OIDs |
---|---|---|
RAM Cache Utilization | Hit Rate | sysWebAccelerationStatCacheHits
(.1.3.6.1.4.1.3375.2.1.1.2.23.2) sysWebAccelerationStatCacheMisses (.1.3.6.1.4.1.3375.2.1.1.2.23.3) |
CPU Cache Utilization | Byte Rate | sysWebAccelerationStatCacheHitBytes
(.1.3.6.1.4.1.3375.2.1.1.2.23.5) sysWebAccelerationStatCacheMissBytes (.1.3.6.1.4.1.3375.2.1.1.2.23.6) |
RAM Cache Utilization | Eviction Rate | sysWebAccelerationStatCacheEvictions
(.1.3.6.1.4.1.3375.2.1.1.2.23.10) sysWebAccelerationStatCacheHits
(.1.3.6.1.4.1.3375.2.1.1.2.23.2) sysWebAccelerationStatCacheMisses (.1.3.6.1.4.1.3375.2.1.1.2.23.3) |
The following table shows the required calculations for
interpreting metrics on RAM Cache use.
Performance Graph | Graph Metric | Required SNMP OIDs |
---|---|---|
RAM cache Utilization | Hit Rate | <sysWebAccelerationStatCacheHits1>) / (<sysWebAccelerationStatCacheHits1> +
<sysWebAccelerationStatCacheMisses1>) / *100 |
RAM cache Utilization | Byte Rate | <sysWebAccelerationStatCacheHitBytes1) /
(<sysWebAccelerationStatCacheHitBytes1> +
<sysWebAccelerationStatCacheMissBytes1>) / *100 |
RAM cache Utilization | Eviction Rate | <sysWebAccelerationStatCacheEvictions1>) / (<sysWebAccelerationStatCacheHits1> +
<sysWebAccelerationStatCacheMisses1>) / *100 |
- For each OID, poll for data. For example, poll OIDsysWebAccelerationStatCacheHits(.1.3.6.1.4.1.3375.2.1.1.2.23.2). This results in a value<sysWebAccelerationStatCacheHits>.
- Poll OIDsysWebAccelerationStatCacheHits(.1.3.6.1.4.1.3375.2.1.1.2.23.2). This results in a value<sysWebAccelerationStatCacheMisses>.
- Perform the calculation using the OID data. For example, to calculate the value of the Hit Rate graphic metric:<sysWebAccelerationStatCacheHits> / <sysWebAccelerationStatCacheHits1> + <>) *100).
Collecting BIG-IP
system data on SSL transactions using SNMP
You can use SNMP commands with an OID to gather and interpret data
on SSL performance. The following table shows the individual OIDS that you must use
to poll for SSL transactions using SNMP.
Performance Graph |
Graph Metrics |
Required SNMP OIDs |
---|---|---|
SSL TPS |
SSL TPS |
sysClientsslStatToNativeConns
(.1.3.6.1.4.1.3375.2.1.1.2.9.6) |
SSL TPS |
SSL TPS |
sysClientsslStatTotCompatConns
(.1.3.6.1.4.1.3375.2.1.1.2.9.9) |
SSL TPS |
SSL TPS |
sysServersslStatTotNativeConns
(.1.3.6.1.4.1.3375.2.1.1.2.10.6) |
SSL TPS |
SSL TPS |
sysServersslStatTotCompatConns
(.1.3.6.1.4.1.3375.2.1.1.2.10.9) |
The following table shows the required calculations for
interpreting metrics on SSL transactions using SNMP.
Performance Graph |
Graph Metric |
Required calculations for SSL TPS |
---|---|---|
SSL TPS |
SSL TPS |
<DeltaClientsslStatClientTotConns>)
/ (<interval> |
- For each OID, poll for data. For example, poll OIDsysClientsslStatToNativeConns (.1.3.6.1.4.1.3375.2.1.1.2.23.2)andsysClientsslStatTotCompatConns (.1.3.6.1.4.1.3375.2.1.1.2.9.9).
- Add the two values together. This results in the valuesysClientsslStartTotConns1.
- Poll the two OIDs again, within ten seconds of the previous polls.
- Again, add the two values together. This results in the valuesysClientsslStatToComms2.
- Calculate the delta of the two sums:<DeltaClientsslStatTotConns> = <sysClientsslStatTotConns2> - <sysClientsslStatTotConns1>.
- Perform the calculation on the OID deltas. The value for interval is 10. For example, to calculate the value of the SSL transactions using SNMP:(<DeltaClientsslStatClientTotConns>) / <interval>
Collecting BIG-IP system data on CPU usage based on a predefined polling interval
For the CPU[0-n] and Global Host CPU Usage graph metrics, you can instruct the BIG-IP system to gather and collect CPU usage data automatically, based on a predifined polling interval. Use the sysMultiHostCpu and sysGlobalHostCpu MIBs.
The following table shows the required OIDs for automatic collection of CPU[0-n] graphic metrics.
Performance Graph | Graph Metric | Required SNMP OIDs |
---|---|---|
CPU Usage | CPU[0-n] | 5-second Polling Interval sysMultiHostCpuUser5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.12) sysMultiHostCpuNice5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.13) sysMultiHostCpuSystem5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.14) sysMultiHostCpuIdle5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.15) sysMultiHostCpuIrq5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.16) sysMultiHostCpuSoftirq5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.17) sysMultiHostCpuIowait5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.18) sysMultiHostCpuUsageRatio5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.19) sysMultiHostCpuUsageRatio (.1.3.6.1.4.1.3375.2.1.7.5.2.1.11) |
CPU Usage | CPU[0-n] | 1-minute Polling Interval sysMultiHostCpuUser1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.20) sysMultiHostCpuNice1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.21) sysMultiHostCpuSystem1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.22) sysMultiHostCpuIdle1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.23) sysMultiHostCpuIrq1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.24) sysMultiHostCpuSoftirq1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.25) sysMultiHostCpuIowait1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.26) sysMultiHostCpuUsageRatio1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.26) |
CPU Usage | CPU[0-n] | 5-minute Polling Interval sysMultiHostCpuUse5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.28) sysMultiHostCpuNice5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.29) sysMultiHostCpuSystem5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.30) sysMultiHostCpuIdle5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.31) sysMultiHostCpuIrq5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.32) sysMultiHostCpuSoftirq5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.33) sysMultiHostCpuIowait5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.34) sysMultiHostCpuUsageRatio5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.35) |
The following table shows the required OIDs for automatic collection of Global Host CPU Usage graph metrics.
Performance Graph | Graph Metric | Required SNMP OIDs |
---|---|---|
CPU Usage | Global Host CPU Usage | 5-second Polling Interval sysGlobalHostCpuUser5s (.1.3.6.1.4.1.3375.2.1.1.2.20.14) sysGlobalHostCpuNice5s (.1.3.6.1.4.1.3375.2.1.1.2.20.15) sysGlobalHostCpuSystem5s (.1.3.6.1.4.1.3375.2.1.1.2.20.16) sysGlobalHostCpuIdle5s (.1.3.6.1.4.1.3375.2.1.1.2.20.17) sysGlobalHostCpuIrq5s (.1.3.6.1.4.1.3375.2.1.1.2.20.18) sysGlobalHostCpuSoftirq5s (.1.3.6.1.4.1.3375.2.1.1.2.20.19) sysGlobalHostCpuIowait5s (.1.3.6.1.4.1.3375.2.1.1.2.20.20) sysGlobalHostCpuUsageRatio5s (.1.3.6.1.4.1.3375.2.1.1.2.20.21) sysGlobalHostCpuUsageRatio (.1.3.6.1.4.1.3375.2.1.1.2.20.13) |
CPU Usage | Global Host CPU Usage | 1-minute Polling Interval sysGlobalHostCpuUser1m (.1.3.6.1.4.1.3375.2.1.1.2.20.22) sysGlobalHostCpuNice1m (.1.3.6.1.4.1.3375.2.1.1.2.20.23) sysGlobalHostCpuSystem1m (.1.3.6.1.4.1.3375.2.1.1.2.20.24) sysGlobalHostCpuIdle1m (.1.3.6.1.4.1.3375.2.1.1.2.20.25) sysGlobalHostCpuIrq1m (.1.3.6.1.4.1.3375.2.1.1.2.20.26) sysGlobalHostCpuSoftirq1m (.1.3.6.1.4.1.3375.2.1.1.2.20.27) sysGlobalHostCpuIowait1m (.1.3.6.1.4.1.3375.2.1.1.2.20.28) sysGlobalHostCpuUsageRatio1m (.1.3.6.1.4.1.3375.2.1.1.2.20.29) |
CPU Usage | Global Host CPU Usage | 5-minute Polling Interval sysGlobalHostCpuUse5m (.1.3.6.1.4.1.3375.2.1.1.2.20.30) sysGlobalHostCpuNice5m (.1.3.6.1.4.1.3375.2.1.1.2.20.31) sysGlobalHostCpuSystem5m (.1.3.6.1.4.1.3375.2.1.1.2.20.32) sysGlobalHostCpuIdle5m (.1.3.6.1.4.1.3375.2.1.1.2.20.33)) sysGlobalHostCpuIrq5m (.1.3.6.1.4.1.3375.2.1.1.2.20.34) sysGlobalHostCpuSoftirq5m (.1.3.6.1.4.1.3375.2.1.1.2.20.35) sysGlobalHostCpuIowait5m (.1.3.6.1.4.1.3375.2.1.1.2.20.36) sysGlobalHostCpuUsageRatio5m (.1.3.6.1.4.1.3375.2.1.1.2.20.37) |
Collecting BIG-IP system data on CPU usage based on a custom
polling interval
For the CPU[0-n], Global Host CPU, and TMM CPU Usage graph
metrics, an alternative to instructing the BIG-IP system to collect CPU usage data
automatically, is to do it maually, based on a custom polling interval. For the
CPU[0-n] and Global Host CPU graph metrics, use the sysMultiHostCpu and
sysGlobalHostCpu MIBs. For the TMM CPU Usage graphic metric, use the sysStatTm
MIB.
The following table shows the required SNMP OIDs for collecting
CPU data manually.
Performance Graph | Graph Metric | Required SNMP OIDs |
---|---|---|
CPU Usage | CPU[0-n] | sysMultiHostCpuUser
(.1.3.6.1.4.1.3375.2.1.7.5.2.1.4) sysMultiHostCpuNice (.1.3.6.1.4.1.3375.2.1.7.5.2.1.5) sysMultiHostCpuSystem (.1.3.6.1.4.1.3375.2.1.7.5.2.1.6) sysMultiHostCpuIdle (.1.3.6.1.4.1.3375.2.1.7.5.2.1.7) sysMultiHostCpuIrq (.1.3.6.1.4.1.3375.2.1.7.5.2.1.8) sysMultiHostCpuSoftirq (.1.3.6.1.4.1.3375.2.1.7.5.2.1.9) sysMultiHostCpuIowait (.1.3.6.1.4.1.3375.2.1.7.5.2.1.10) |
CPU Usage | TMM[0-m] | sysTmmStatTmUsageRatio5s
(.1.3.6.1.4.1.3375.2.1.8.2.3.1.37.[tmm_id]) sysTmmStatTmUsageRatio1m (.1.3.6.1.4.1.3375.2.1.8.2.3.1.38.[tmm_id]) sysTmmStatTmUsageRatio5m (.1.3.6.1.4.1.3375.2.1.8.2.3.1.39.[tmm_id]) |
CPU Usage | Global Host CPU Usage | sysGlobalHostCpuCount
(.1.3.6.1.4.1.3375.2.1.1.2.20.4) sysGlobalHostActiveCpu (.1.3.6.1.4.1.3375.2.1.1.2.20.5) sysGlobalHostCpuUser (.1.3.6.1.4.1.3375.2.1.1.2.20.6) sysGlobalHostCpuNice
(.1.3.6.1.4.1.3375.2.1.1.2.20.7) sysGlobalHostCpuSystem (.1.3.6.1.4.1.3375.2.1.1.2.20.8) sysGlobalHostCpuIdle
(.1.3.6.1.4.1.3375.2.1.1.2.20.9) sysGlobalHostCpuIrq (.1.3.6.1.4.1.3375.2.1.1.2.20.10) sysGlobalHostCpuSoftirq (.1.3.6.1.4.1.3375.2.1.1.2.20.11) sysGlobalHostCpuIowait (.1.3.6.1.4.1.3375.2.1.1.2.20.12) |
CPU Usage | Global TMM CPU Usage | sysGlobalTmmStatTmUsageRatio5s
(.1.3.6.1.4.1.3375.2.1.1.2.21.34) sysGlobalTmmStatTmUsageRatio1m (.1.3.6.1.4.1.3375.2.1.1.2.21.35) sysGlobalTmmStatTmUsageRatio5m
(.1.3.6.1.4.1.3375.2.1.1.2.21.36) |
CPU Usage | TMM CPU Usage | sysStatTmTotalCycles
(.1.3.6.1.4.1.3375.2.1.1.2.1.41) sysStatTmIdleCycles (.1.3.6.1.4.1.3375.2.1.1.2.1.42) sysStatTmSleepCycles (.1.3.6.1.4.1.3375.2.1.1.2.1.43) |
The following table shows the formulas for calculating metrics on
CPU use.
Performance Graph | Graph Metric | Required calculations for CPU use |
---|---|---|
CPU Usage | CPU[0-n] | (<DeltaCpuUsers>) +
(<DeltaCpuNice> + <DeltaCpuSystem>
/ (<DeltaCpuUsers>) + <DeltaCpuNice> + <DeltaCpuIdle> + <DeltaCpuSystem> + <DeltaCpulrq> + <DeltaCpuSoftirq> + <DeltaCpulowait>) *100 |
CPU Usage | Global Host CPU Usage | (<DeltaCpuUsers> +
<DeltaCpuNice> + <DeltaCpuSystem>)
/ (<DeltaCpuUsers> + <DeltaCpuNice> + <DeltaCpuIdle> + <DeltaCpuSystem> + <DeltaCpuIrq> + <DeltaCpuSoftirq> + <DeltaCpuIowait>) *100 |
- Poll the OIDsysMultiHostCpuUser (.1.3.6.1.4.1.3375.2.1.7.5.2.1.4)twice, at a 10-second interval. This results in two values,sysMultiHostCpuUser1andandsysMultiHostCpuUser2.
- Calculate the delta of the two poll values. For example:<DeltaCpuUser> = <sysMultiHostCpuUser2> - <sysMultiHostCpuUser1>.
- Repeat steps 1 and 2 for each OID pertaining to theCPU[0-n]graph metric.
- Repeat steps 1 and 2 again, using the OIDs from the MIBssysStatTmandsysGlobalHostCpu.
- Calculate the values of the graphic metrics using the formulas in the table above.
Collecting BIG-IP system performance data on new connections using SNMP
You can use SNMP commands with various OIDs to gather and interpret data on the number of new connections on the BIG-IP system. The following table shows the required OIDs for the Performance graphs in the Configuration utility.
Performance Graph | Graph Metrics | Required SNMP OIDs |
---|---|---|
New Connections Summary | Client Accepts Server Connects | sysTcpStatAccepts (.1.3.6.1.4.1.3375.2.1.1.2.12.6) sysStatServerTotConns (.1.3.6.1.4.1.3375.2.1.1.2.1.14) |
Total New Connections | Client Accepts Server Connects | sysStatClientTotConns(.1.3.6.1.4.1.3375.2.1.1.2.1.7) sysStatServerTotConns (.1.3.6.1.4.1.3375.2.1.1.2.1.14) |
New Client SSL Profile Connections | SSL Client SSl Server | sysClientsslStatTotNativeConns (.1.3.6.1.4.1.3375.2.1.1.2.9.6), sysClientsslStatTotCompatConns (.1.3.6.1.4.1.3375.2.1.1.2.9.9) sysServersslStatTotNativeConns(.1.3.6.1.4.1.3375.2.1.1.2.10.6), sysServersslStatTotCompatConns (.1.3.6.1.4.1.3375.2.1.1.2.10.9) |
New Accepts/ Connects | Client Accepts Server Connects | sysTcpStatAccepts (.1.3.6.1.4.1.3375.2.1.1.2.12.6) sysTcpStatConnects (.1.3.6.1.4.1.3375.2.1.1.2.12.8) |
The following table shows the required calculations for interpreting metrics on new connections.
Performance Graph | Graph Metrics | Required SNMP OIDs |
---|---|---|
New Connections Summary | Client Accepts Server Connects | <DeltaTcpStatAccept> / <interval> <DeltaStatServerTotConns> / <interval> |
Total New Connections | Client Connects Server Connects | <DeltaStatClientTotConns> / <interval> <DeltaStatServerTotConns> / <interval> |
New Client SSL Profile Connections | SSL Client SSL Server | ( <DeltaClientsslStatTotNativeConns> + <DeltaClientsslStatTotCompatConns>) / <interval> (<DeltaServersslStatTotNativeConns> + <DeltaServersslStatTotCompatConns>) / <interval> |
New Accepts/ Connects | Client Accepts Server Connects | <DeltaTcpStatAccepts> / <interval> <DeltaTcpStatConnects> / <interval> |
- For each OID, perform two separate polls, at an interval of your choice.For example, for the client accepts metric, poll OIDsysTcpStatAccepts (.1.3.6.1.4.1.3375.2.1.1.2.12.6)twice, at a 10-second interval. This results in two values,<sysTcpStatAccepts1>and<sysTcpStatAccepts2>.
- Calculate the delta of the two poll values.For example, for the client accepts metric, perform this calculation:<DeltaTcpStatAccepts> = <sysTcpStatAccepts2> - <sysTcpStatAccepts1>
- Perform a calculation on the OID deltas. The value forintervalis the polling interval. For example, to calculate the value of the client accepts metric:<DeltaTcpStatAccepts> / <interval>
Collecting BIG-IP
system performance data on active connections using SNMP
Write an SNMP command with the various OIDs shown
in the table to gather and interpret data on the number of active connections on the
BIG-IP system.
To interpret data on active connections, you do not need to
perform any calculations on the collected data.
Performance Graph | Graph Metrics | Required SNMP OIDs |
---|---|---|
Active Connections Summary | Connections | sysStatClientCurConns
(.1.3.6.1.4.1.3375.2.1.1.2.1.8) |
Active Connections Detailed | Client Server SSL Client SSL Server | sysStatClientCurConns
(.1.3.6.1.4.1.3375.2.1.1.2.1.8) sysStatServerCurConns (.1.3.6.1.4.1.3375.2.1.1.2.1.15) sysClientsslStatCurConns (.1.3.6.1.4.1.3375.2.1.1.2.9.2) sysServersslStatCurConns (.1.3.6.1.4.1.3375.2.1.1.2.10.2) |
About the RMON MIB file
The BIG-IP® system provides the remote network monitoring (RMON) MIB file, RMON-MIB.txt. This
file contains remote network monitoring information. The implementation of RMON on the BIG-IP
system differs slightly from the standard RMON implementation, in the following ways:
- The BIG-IP system implementation of RMON supports only these four of the nine RMON groups: statistics, history, alarms, and events.
- The RMON-MIB.txt file monitors the BIG-IP system interfaces (that is, sysIfIndex), and not the standard Linux interfaces.
- For hardware reasons, the packet-length-specific statistics in the RMON statistics group offer combined transmission and receiving statistics only. This behavior differs from the behavior described in the definitions of the corresponding OIDs.
About customized MIB
entries
Customized MIB entries are defined in a TCL file named
custom_mib.tcl
that you create and save on the BIG-IP® system in the directory /config/snmp/
. You must register the customized MIB
entries and provide callback to the newly registered MIB using the TCL command register_mib
in this format: register_mib oid
callback type
. The three arguments for the command are described in this table. Argument | Description |
---|---|
oid | A customized OID with a format of .1.2.3.4 with a limit of four digits. The common
root of a customized MIB OID on the BIG-IP system is .1.3.6.1.4.1.3375.2.100. |
callback | A TCL procedure that is called when the registered MIB OID is
browsed. The procedure cannot have any arguments. The return value of the procedure is
returned for the registered MIB entry. |
type | The type of MIB entry you are customizing. Four types are
supported: INT, STRING, GAUGE, and COUNTER. |
Here is sample TCL code for two custom MIBs:
register_mib ".1" system_descr string register_mib ".2" tmmcpucnt int proc system_descr {} { set status [catch {exec uname -a} result] return $result } proc tmmcpucnt {} { set status [catch {exec tmctl cpu_status_stat | grep cpu | wc -l} result] return $result }
Customized
MIB entries are read-only through SNMP.
Task summary
Creating custom MIB entries
You can add customized MIB entries to a BIG-IP system to
provide visibility to statistics and information that are not available through standard
MIBs. These statistics and information can help you make decisions about optimizing the
BIG-IP system configuration.
- Create a TCL file namedcustom_mib.tclthat contains the customized MIB entries you want to use on the BIG-IP system.Ensure accuracy of the TCL procedures you use in the file. Avoid errors, such as infinite loops, which can affect howsnmpdworks.snmpdrestarts after being unresponsive for longer than the heartbeat time interval configured inconfig/snmp/bigipTrafficMgmt.conf.
- Save the TCL file to the/config/snmp/directory on the BIG-IP system.After you savecustom_mib.tcl, you can modify the file at any time; however, your changes become effective only after you restartsnmpd.
- Restartsnmpd.Customized MIB entries are registered. If logging is turned on, you might see log entries in/var/log/snmpd.log, such ascustom mib initialization completed. total 4 custom mib entry registered.
Use a MIB browser or
snmpwalk
to obtain the values of the newly
registered MIB entries. Use this information to help you manage your network traffic. Overview: BIG-IP SNMP agent configuration
You can use the industry-standard SNMP protocol to manage BIG-IP® devices
on a network. To do this, you must configure the SNMP agent on the BIG-IP system. The primary
tasks in configuring the SNMP agent are configuring client access to the SNMP agent, and
controlling access to SNMP data.
Task summary
Perform these tasks to configure SNMP on the BIG-IP system.Specify SNMP administrator contact
information and system location information
You specify contact information for the SNMP administrator, as well as the physical
location of the
BIG-IP system running an SNMP agent.
- On the Main tab, click.
- In the Global Setup area, in theContact Informationfield, type contact information for the SNMP administrator for this BIG-IP system.The contact information is a MIB-II simple string variable. The contact information usually includes both a user name and an email address.
- In theMachine Locationfield, type the location of the system, such asNetwork Closet 1.The machine location is a MIB-II simple string variable.
- ClickUpdate.
Configure SNMP
manager access to the SNMP agent on the BIG-IP system
Before you start this task, you should gather the IP addresses of the SNMP managers
that you want to have access to the SNMP agent on this BIG-IP system.
You configure the SNMP agent on the BIG-IP system
so that a client running the SNMP manager can access the SNMP agent to remotely manage
the BIG-IP system.
- On the Main tab, click.
- In theClient Allow Listarea, for theTypesetting, select eitherHostorNetwork, depending on whether the IP address you specify is a host system or a subnet.By default, SNMP is enabled only for the BIG-IP system loopback interface (127.0.0.1).
- In theAddressfield, type either an IP address or network address from which the SNMP agent can accept requests.
- If you selectedNetworkin step 2, type the netmask in theMaskfield.
- ClickAdd.
- ClickUpdate.
The BIG-IP system now contains a list of IP addresses for SNMP managers from which SNMP
requests are accepted.
Grant community access to v1 or v2c SNMP
data
To better control access to SNMP
data, you can assign an access level to an SNMP v1 or v2c community.
SNMPv1 does not support Counter64
OIDs, which are used for accessing most statistics. Therefore, for SNMPv1 clients,
an
snmp walk
command skips any OIDs of type Counter64. We recommend
that you use only clients that support SNMPv2 or later.- On the Main tab, click.
- ClickCreate.
- From theTypelist, select eitherIPv4orIPv6.
- In theCommunityfield, type the name of the SNMP community for which you are assigning an access level.
- From theSourcelist, selectAll, or selectSelectand type the source IP address in the field that displays.
- In theOIDfield, type the OID for the top-most node of the SNMP tree to which the access applies.
- From theAccesslist, select an access level, eitherRead OnlyorRead/Write.When you set the access level of a community or user to read/write, and an individual data object has a read-only access type, access to the object remains read-only. In short, the access level or type that is the most secure takes precedence when there is a conflict.
- ClickFinished.
The
BIG-IP system updates the
snmpd.conf
file,
assigning only a single access setting to the community as shown in this sample
snmpd.conf
file. Example snmpd.conf file
snmpd.conf
file, string
rocommunity public default
identifies a community named
public
that has the default read-only access-level. This
access-level prevents any allowed SNMP manager in community
public
from modifying a data object, even if the object has
an access type of read/write. The string rwcommunity public1
identifies
a community named public1
as having a read/write access-level.
This access-level allows any allowed SNMP manager in community
public1
to modify a data object under the tree node
.1.3.6.1.4.1.3375.2.2.10.1
(ltmVirtualServ) on the local host
127.0.0.1
, if that data object has an access type of
read/write.
rocommunity public default rwcommunity public1 127.0.0.1 .1.3.6.1.4.1.3375.2.2.10.1
Grant user
access to v3 SNMP data
To better control access to SNMP data, you can assign an access level to an SNMP
v3 user.
- On the Main tab, click.
- ClickCreate.
- In theUser Namefield, type the name of the user for which you are assigning an access level.
- In the Authentication area, from theTypelist, select a type of authentication to use, and then type and confirm the user’s password.
- In the Privacy area, from theProtocollist, select a privacy protocol, and either type and confirm the user’s password, or select theUse Authentication Passwordcheck box.
- In theOIDfield, type the OID for the top-most node of the SNMP tree to which the access applies.
- From theAccesslist, select an access level, eitherRead OnlyorRead/Write.When you set the access level of a community or user to read/write, and an individual data object has a read-only access type, access to the object remains read-only. In short, the access level or type that is the most secure takes precedence when there is a conflict.
- ClickFinished.
The
BIG-IP system updates the
snmpd.conf
file,
assigning only a single access setting to the user. Overview: SNMP trap configuration
SNMP
traps
are definitions of unsolicited notification messages that the BIG-IP® alert system and the SNMP agent send to the SNMP manager when certain
events occur on the BIG-IP system. Configuring SNMP traps on a BIG-IP system means configuring
how the BIG-IP system handles traps, as well as setting the destination to which the
notifications are sent.The BIG-IP system stores SNMP traps in two specific files:
- /etc/alertd/alert.conf
- Contains default SNMP traps.Do not add or remove traps from the/etc/alertd/alert.conffile.
- /config/user_alert.conf
- Contains user-defined SNMP traps.
Task summary
Perform these tasks to configure SNMP traps for certain events and set trap destinations. Enabling traps for specific events
You can configure the SNMP agent on the BIG-IP system to send,
or refrain from sending, notifications to the traps destinations.
- On the Main tab, click.
- To send traps when an administrator starts or stops the SNMP agent, verify that theEnabledcheck box for theAgent Start/Stopsetting is selected.
- To send notifications when authentication warnings occur, select theEnabledcheck box for theAgent Authenticationsetting.
- To send notifications when certain warnings occur, verify that theEnabledcheck box for theDevicesetting is selected.
- ClickUpdate.
The BIG-IP system automatically updates the
alert.conf
file. Setting v1 and v2c trap destinations
You specify the IP address of the SNMP manager in order for the BIG-IP system to send notifications.
- On the Main tab, click.
- ClickCreate.
- For theVersionsetting, select eitherv1orv2c.
- In theCommunityfield, type the community name for the SNMP agent running on the BIG-IP system.
- In theDestinationfield, type the IP address of the SNMP manager.
- In thePortfield, type the port number on the SNMP manager that is assigned to receive the traps.
- For theNetworksetting, select a trap network.The BIG-IP system sends the SNMP trap out of the network you select.
- ClickFinished.
Setting v3 trap destinations
You specify the destination SNMP manager to which the BIG-IP
system sends notifications.
- On the Main tab, click.
- ClickCreate.
- For theVersionsetting, selectv3.
- In theDestinationfield, type the IP address of the SNMP manager.
- In thePortfield, type the port number on the SNMP manager that is assigned to receive the traps.
- For theNetworksetting, select a trap network.The BIG-IP system sends the SNMP trap out of the network you select.
- From theSecurity Levellist, select the level of security at which you want SNMP messages processed.OptionDescriptionAuth, No PrivacyProcess SNMP messages using authentication but without encryption. When you use this value, you must also provide values for theSecurity Name,Authentication Protocol, andAuthentication Passwordsettings.Auth and PrivacyProcess SNMP messages using authentication and encryption. When you use this value, you must also provide values for theSecurity Name,Authentication Protocol,Authentication Password,Privacy Protocol, andPrivacy Passwordsettings.
- In theSecurity Namefield, type the user name the system uses to handle SNMP v3 traps.
- In theEngine IDfield, type an administratively unique identifier for an SNMP engine. (This setting is optional.) You can find the engine ID in the/config/net-snmp/snmpd.conffile on the BIG-IP system.Note that this ID is identified in the file as the value of the oldEngineID token.
- From theAuthentication Protocollist, select the algorithm the system uses to authenticate SNMP v3 traps.When you set this value, you must also enter a value in theAuthentication Passwordfield.
- In theAuthentication Passwordfield, type the password the system uses to handle an SNMP v3 trap.When you set this value, you must also select a value from theAuthentication Protocollist.The authentication password must be at least 8 characters long.
- If you selectedAuth and Privacyfrom theSecurity Levellist, from thePrivacy Protocollist, select the algorithm the system uses to encrypt SNMP v3 traps.When you set this value, you must also enter a value in thePrivacy Passwordfield.
- If you selectedAuth and Privacyfrom theSecurity Levellist, in thePrivacy Passwordfield, type the password the system uses to handle an encrypted SNMP v3 trap.When you set this value, you must also select a value from thePrivacy Protocollist.The authentication password must be at least 8 characters long.
- ClickFinished.
Viewing
preconfigured SNMP traps
Verify that your user account grants you access to the advanced shell.
Preconfigured traps are stored in the
/etc/alertd/alert.conf
file. View
these SNMP traps to understand the data that the SNMP manager can use.- Use this command to view the SNMP traps that are preconfigured on the BIG-IP system:cat /etc/alertd/alert.conf.
Creating custom SNMP traps
Verify that your user account grants you access to tmsh.
Create custom SNMP traps that alert the SNMP manager to specific SNMP events that
occur on the network when the pre-configured traps do not meet all of your
needs.
- Log in to the command line.
- Create a backup copy of the file/config/user_alert.conf, by typing this command:cp /config/user_alert.confbackup_file_nameFor example, type:cp /config/user_alert.conf /config/user_alert.conf.backup
- With a text editor, open the file/config/user_alert.conf.
- Add a new SNMP trap.The required format is:alertalert_name"matched message" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.XXX" }
- alert_namerepresents a descriptive name. Thealert_nameormatched_messagevalue cannot match the corresponding value in any of the SNMP traps defined in the/etc/alertd/alert.confor/config/user_alert.conffile.
- matched_messagerepresents the text that matches the Syslog message that triggers the custom trap. You can specify either a portion of the Syslog message text or use a regular expression. Do not include the Syslog prefix information, such as the date stamp and process ID, in the match string.
- TheXXXportion of the OID value represents a number that is unique to this OID. Specify any OID that meets all of these criteria:
- Is in standard OID format and within the range.1.3.6.1.4.1.3375.2.4.0.300through.1.3.6.1.4.1.3375.2.4.0.999.
- Is in a numeric range that can be processed by your trap receiving tool.
- Does not exist in the MIB file/usr/share/snmp/mibs/F5-BIGIP-COMMON-MIB.txt.
- Is not used in another custom trap.
As an example, to create a custom SNMP trap that is triggered whenever the system logs switchboard failsafe status changes, add the following trap definition to/config/user_alert.conf.
This trap definition causes the system to log the following message to the filealert SWITCHBOARD_FAILSAFE_STATUS "Switchboard Failsafe (.*)" { snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.500" }/var/log/ltm, when switchboard failsafe is enabled:Sep 23 11:51:40 bigip1.askf5.com lacpd[27753]: 01160016:6: Switchboard Failsafe enabled. - Save the file.
- Close the text editor.
- Restart thealertddaemon by typing this command:bigstart restart alertdIf thealertddaemon fails to start, examine the newly-added trap entry to ensure that the format is correct.
Overview: About troubleshooting SNMP traps
When the BIG-IP® alert system and the SNMP agent send traps to the SNMP
manager, you can respond to the alert using the recommended actions for each SNMP trap.
AFM-related traps and recommended actions
This table provides information about the AFM-related notifications that an
SNMP manager can receive.
Trap name |
Description |
Recommended action |
---|---|---|
BIGIP_TMM_TMMERR_DOS_ATTACK_START (.1.3.6.1.4.1.3375.2.4.0.133) |
The start of a possible DoS attack was registered. |
Determine your response to this type of DoS attack, if required. |
BIGIP_TMM_TMMERR_DOS_ATTACK_STOP (.1.3.6.1.4.1.3375.2.4.0.134) |
The end of a possible DoS attack was detected. |
None, informational. |
BIGIP_DOSPROTECT_DOSPROTECT_AGGRREAPEROID (.1.3.6.1.4.1.3375.2.4.0.22) |
The flow sweeper started or stopped. |
None, informational. |
AOM-related traps and recommended actions
This table provides information about the Always-On Management (AOM)-related notifications that an SNMP manager can receive.
Trap name |
Description |
Recommended action |
---|---|---|
bigipLibhalAomEventWarning (.1.3.6.1.4.1.3375.2.4.0.167) |
AOM has issued a warning event. |
Inspect the /var/log/ltm file for additional messages that might
provide further clarity on why the warning was raised. |
bigipLibhalAomEventError (.1.3.6.1.4.1.3375.2.4.0.168) |
AOM has issued an error event. |
Inspect the /var/log/ltm file for additional messages that might
provide further clarity on why the warning was raised. |
bigipLibhalAomEventAlert (.1.3.6.1.4.1.3375.2.4.0.169) |
AOM has issued an alert event. |
Inspect the /var/log/ltm file for additional messages that might
provide further clarity on why the warning was raised. |
bigipLibhalAomEventCritical (.1.3.6.1.4.1.3375.2.4.0.170) |
AOM has issued a critical event. |
Inspect the /var/log/ltm file for additional messages that might provide
further clarity on why the warning was raised. |
bigipLibhalAomEventEmergency (.1.3.6.1.4.1.3375.2.4.0.171) |
AOM has issued an emergency event. |
Inspect the /var/log/ltm file for additional messages that might provide
further clarity on why the warning was raised. |
bigipLibhalAomEventInfo (.1.3.6.1.4.1.3375.2.4.0.172) |
AOM has issued an information event. |
Inspect the /var/log/ltm file for additional messages that
might provide further clarity on why the warning was raised. |
bigipLibhalAomSensorTempWarning (.1.3.6.1.4.1.3375.2.4.0.173) |
AOM has issued a temperature sensor warning level event. |
Check the fan status from the output of your tmsh show sys
hardware query, and see if any are down . Make sure the system
has proper airflow. Verify that the unit has a sufficiently cool ambient room
temperature. |
bigipLibhalAomSensorTempError (.1.3.6.1.4.1.3375.2.4.0.174) |
AOM has issued a temperature sensor warning level event. |
Check the fan status from the output of your tmsh show sys
hardware query, and see if any are down . Make sure the system
has proper airflow. Verify that the unit has a sufficiently cool ambient room
temperature. |
bigipLibhalAomSensorTempAlert (.1.3.6.1.4.1.3375.2.4.0.175) |
AOM has issued a temperature sensor alert level event. |
Check the fan status from the output of your tmsh show sys
hardware query, and see if any are down . Make sure the system
has proper airflow. Verify that the unit has a sufficiently cool ambient room
temperature. |
bigipLibhalAomSensorTempCritical (.1.3.6.1.4.1.3375.2.4.0.176) |
AOM has issued a temperature sensor critical level event. |
Check the fan status from the output of your tmsh show sys
hardware query, and see if any are down . Make sure the system
has proper airflow. Verify that the unit has a sufficiently cool ambient room
temperature. |
bigipLibhalAomSensorTempEmergency (.1.3.6.1.4.1.3375.2.4.0.177) |
AOM has issued a temperature sensor emergency level event. |
Check the fan status from the output of your tmsh show sys
hardware query, and see if any are down . Make sure the system
has proper airflow. Verify that the unit has a sufficiently cool ambient room
temperature. |
bigipLibhalAomSensorTempInfo (.1.3.6.1.4.1.3375.2.4.0.178) |
AOM has issued a temperature sensor information level event. |
Check the fan status from the output of your tmsh show sys
hardware query, and see if any are down . Make sure the system
has proper airflow. Verify that the unit has a sufficiently cool ambient room temperature. |
bigipLibhalAomSensorFanWarning (.1.3.6.1.4.1.3375.2.4.0.179) |
AOM has issued a fan sensor warning level event. |
Inspect the system for anything obstructing the system fans. Ensure that the system fan
tray is fully seated using the supplied screws. |
bigipLibhalAomSensorFanError (.1.3.6.1.4.1.3375.2.4.0.180) |
AOM has issued a fan sensor error level event. |
Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws. |
bigipLibhalAomSensorFanAlert (.1.3.6.1.4.1.3375.2.4.0.181) |
AOM has issued a fan sensor alert level event. |
Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws. |
bigipLibhalAomSensorFanCritical (.1.3.6.1.4.1.3375.2.4.0.182) |
AOM has issued a fan sensor critical level event. |
Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws. |
bigipLibhalAomSensorFanEmergency (.1.3.6.1.4.1.3375.2.4.0.183) |
AOM has issued a fan sensor emergency level event. |
Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws. |
bigipLibhalAomSensorFanInfo (.1.3.6.1.4.1.3375.2.4.0.184) |
AOM has issued a fan sensor information level event. |
Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws. |
bigipLibhalAomSensorPwrWarning (.1.3.6.1.4.1.3375.2.4.0.185) |
AOM has issued a power sensor warning level event. |
Ensure that the power supply unit (PSU) is properly seated. Ensure that the PSU has an
appropriate power feed. |
bigipLibhalAomSensorPwrError (.1.3.6.1.4.1.3375.2.4.0.186) |
AOM has issued a power sensor error level event. |
Ensure that the PSU is properly seated. Ensure that the PSU has an appropriate
power feed. |
bigipLibhalAomSensorPwrAlert (.1.3.6.1.4.1.3375.2.4.0.187) |
AOM has issued a power sensor alert level event. |
Ensure that the power supply unit PSU is properly seated. Ensure that the PSU has
an appropriate power feed. |
bigipLibhalAomSensorPwrCritical (.1.3.6.1.4.1.3375.2.4.0.188) |
AOM has issued a power sensor critical level event. |
Ensure that the power supply unit PSU is properly seated. Ensure that the PSU has
an appropriate power feed. |
bigipLibhalAomSensorPwrEmergency (.1.3.6.1.4.1.3375.2.4.0.189) |
AOM has issued a power sensor emergency level event. |
Ensure that the power supply unit PSU is properly seated. Ensure that the PSU has
an appropriate power feed. |
bigipLibhalAomSensorPwrInfo (.1.3.6.1.4.1.3375.2.4.0.190) |
AOM has issued a power sensor information level event. |
Ensure that the power supply unit PSU is properly seated. Ensure that the PSU has
an appropriate power feed. |
ASM-related traps and recommended actions
This table provides information about the ASM-related
notifications that an SNMP manager can receive.
Trap name |
Description |
Recommended action |
---|---|---|
bigipAsmRequestBlocked (.1.3.6.1.4.1.3375.2.4.0.38) |
The BIG-IP system blocked an HTTP request because the
request contained at least one violation to the active security policy. |
Check the HTTP request to determine the cause of the violation. |
bigipAsmRequestViolation (.1.3.6.1.4.1.3375.2.4.0.39) |
The BIG-IP system issued an alert because an HTTP request violated the active
security policy. |
Check the HTTP request to determine the cause of the violation. |
bigipAsmFtpRequestBlocked (.1.3.6.1.4.1.3375.2.4.0.79) |
The BIG-IP system blocked an FTP request because the request contained at least
one violation to the active security policy. |
Check the FTP request to determine the cause of the violation. |
bigipAsmFtpRequestViolation (.1.3.6.1.4.1.3375.2.4.0.80) |
The BIG-IP system issued an alert because an FTP request violated the active
security policy. |
Check the FTP request to determine the cause of the violation. |
bigipAsmSmtpRequestBlocked (.1.3.6.1.4.1.3375.2.4.0.85) |
The BIG-IP system blocked an SMTP request because the request contained at least
one violation to the active security policy. |
Check the SMTP request to determine the cause of the violation. |
bigipAsmSmtpRequestViolation (.1.3.6.1.4.1.3375.2.4.0.86) |
The BIG-IP system issued an alert because an SMTP request violated the active
security policy. |
Check the SMTP request to determine the cause of the violation. |
bigipAsmDosAttackDetected (.1.3.6.1.4.1.3375.2.4.0.91) |
The BIG-IP system detected a denial-of-service (DoS) attack. |
Determine the availability of the application by checking the response time of the
site. Check the BIG-IP ASM logs:
|
bigipAsmBruteForceAttackDetected (.1.3.6.1.4.1.3375.2.4.0.92) |
The BIG-IP system detected a brute force attack. |
Check the BIG-IP ASM logs:
|
Application Visibility and Reporting-related traps and recommended actions
This table provides information about the Application Visibility and Reporting (AVR)
notifications that an SNMP manager can receive.
Trap name |
Description |
Recommended action |
---|---|---|
bigipAvrAlertsMetricSnmp (.1.3.6.1.4.1.3375.2.4.0.105) |
A BIG-IP system AVR SNMP metric changed. |
Information only, no action required. |
bigipAvrAlertsMetricSmtp (.1.3.6.1.4.1.3375.2.4.0.106) |
A BIG-IP system AVR SMTP metric changed. |
Information only, no action required. |
Authentication-related traps and recommended actions
This table provides information about the authentication-related notifications that an
SNMP manager can receive.
Trap Name |
Description |
Recommended Action |
---|---|---|
bigipTamdAlert (.1.3.6.1.4.1.3375.2.4.0.21) |
More than 60 authentication attempts have failed within one second, for a given
virtual server. |
Investigate for a possible intruder. |
bigipAuthFailed (.1.3.6.1.4.1.3375.2.4.0.27) |
A login attempt failed. |
Check the user name and password. |
DDM-related traps and recommended actions
This table provides information about the Digital Diagnostic Monitoring (DDM)-related notifications that an SNMP manager can receive.
Trap name |
Description |
Recommended action |
---|---|---|
bigipDDMPowerAlarm (.1.3.6.1.4.1.3375.2.4.0.158) |
The Digital Diagnostic Monitoring (DDM) on a pluggable optical transceiver
detected an alarm condition. DDM monitors both transmit and receive optical power to
ensure the laser power is between vendor-specified power thresholds for pluggable optical
modules such as SFP/SFP+/QSFP+/QSFP28. An alarm can occur when a cable is removed from a
plugged port, or when the front panel port or the transceiver is not configured or
operating properly. |
Refer to the text of the alert: is it a low or high alarm? Is it a transmit or receive alarm? The
action to take for F5 branded optics (the following troubleshooting steps) depends on a
condition derived from the two states (low/high and transmit/receive):
|
bigipDDMPowerWarn (.1.3.6.1.4.1.3375.2.4.0.159) |
The DDM on a pluggable optical transceiver detected a warning condition. DDM
monitors both transmit and receive optical power to ensure the laser power is between
vendor-specified power thresholds for pluggable optical modules such as
SFP/SFP+/QSFP+/QSFP28. A warning can occur when a cable is removed from a plugged port, or
when the front panel port or the transceiver is not configured or operating
properly. |
Refer to the text of the alert: is it a low or high alarm? Is it a transmit or receive alarm? The
action to take for F5 branded optics (the following troubleshooting steps) depends on a
condition derived from the two states (low/high and transmit/receive):
|
bigipDDMPowerAlarmClear (.1.3.6.1.4.1.3375.2.4.0.160) |
The DDM on a pluggable optical transceiver no longer detects an alarm condition.
DDM monitors both transmit and receive optical power to ensure the laser power is between
vendor-specified power thresholds. |
Depending on the state of the network, action might or might not be required. The
previous alarm has cleared. |
bigipDDMPowerWarnClear (.1.3.6.1.4.1.3375.2.4.0.161) |
The DDM on a pluggable optical transceiver no longer detects a warning condition.
DDM monitors both transmit and receive optical power to ensure the laser power is between
vendor-specified power thresholds. |
Depending on the state of the network, action might or might not be required. The
previous alarm has cleared. |
bigipDDMNonF5Optics (.1.3.6.1.4.1.3375.2.4.0.162) |
A non-F5 pluggable optical transceiver is present in an interface. See K8153 at
http://support.f5.com for restrictions on third-party hardware
components with F5 products. |
Might need to replace with an F5 branded optic. |
DoS-related traps and recommended actions
This table provides information about the denial-of-service (DoS)-related
notifications that an SNMP manager can receive.
Trap name |
Description |
Recommended action |
---|---|---|
bigipAggrReaperStateChange (.1.3.6.1.4.1.3375.2.4.0.22) |
The state of the aggressive reaper has changed, indicating that the BIG-IP system is moving to a distress mode. |
Use the default denial-of-service (DoS) settings. You can also add rate filters to
survive the attack. |
bigipDosAttackStart (.1.3.6.1.4.1.3375.2.4.0.133) |
The BIG-IP system detected a DoS attack start. |
Check the attack name in the notification to determine the kind of attack that is
detected. |
bigipDosAttackStop (.1.3.6.1.4.1.3375.2.4.0.134) |
The BIG-IP system detected a DoS attack stop. |
Information only, no action required. |
General traps and recommended actions
This table provides information about the general notifications that an SNMP manager
can receive.
Trap name |
Description |
Recommended action |
---|---|---|
bigipDiskPartitionWarn (.1.3.6.1.4.1.3375.2.4.0.25) |
Free space on the disk partition is less than the specified limit. By default,
the limit is 30% of total disk space. |
Increase the available disk space. |
bigipDiskPartitionGrowth (.1.3.6.1.4.1.3375.2.4.0.26) |
The disk partition use exceeds the specified growth limit. By default, the limit
is 5% of total disk space. |
Increase the available disk space. |
bigipUpdatePriority (.1.3.6.1.4.1.3375.2.4.0.153) |
There is a high priority software update available. |
Download and install the software update. |
bigipUpdateServer (.1.3.6.1.4.1.3375.2.4.0.154) |
Unable to connect to the F5 server running update checks. |
Verify the server connection settings. |
bigipUpdateError (.1.3.6.1.4.1.3375.2.4.0.155) |
There was an error checking for updates. |
Investigate the error. |
bigipAgentStart (.1.3.6.1.4.1.3375.2.4.0.1) |
The SNMP agent on the BIG-IP system has been
started. |
For your information only. No action required. |
bigipAgentShutdown (.1.3.6.1.4.1.3375.2.4.0.2) |
The SNMP agent on the BIG-IP system is in the process of being shut down. |
For your information only. No action required. |
bigipAgentRestart (.1.3.6.1.4.1.3375.2.4.0.3) |
The SNMP agent on the BIG-IP system has been restarted. |
This trap is for future use only. |
BIG-IP DNS-related traps and recommended actions
This table provides information about the DNS-related
notifications that an SNMP manager can receive.
Trap name |
Description |
Recommended action |
---|---|---|
bigipGtmBoxAvail (.1.3.6.1.4.1.3375.2.4.0.77) |
The BIG-IP system has come UP. |
Information only, no action required. |
bigipGtmBoxNotAvail (.1.3.6.1.4.1.3375.2.4.0.78) |
The BIG-IP system has gone DOWN. |
Information only, no action required. |
bigipGtmBig3dSslCertExpired (.1.3.6.1.4.1.3375.2.4.0.81) |
The certificate /config/big3d/client.crt has expired. |
Replace the certificate. |
bigipGtmBig3dSslCertWillExpire (.1.3.6.1.4.1.3375.2.4.0.82) |
The certificate /config/big3d/client.crt will expire soon. |
Replace the certificate. |
bigipGtmSslCertExpired (.1.3.6.1.4.1.3375.2.4.0.83) |
The certificate /config/gtm/server.crt has expired. |
Replace the certificate. |
bigipGtmSslCertWillExpire (.1.3.6.1.4.1.3375.2.4.0.84) |
The certificate /config/gtm/server.crt will expire soon. |
Replace the certificate. |
bigipGtmPoolAvail (.1.3.6.1.4.1.3375.2.4.0.40) |
A global traffic management pool is available. |
Information only, no action required. |
bigipGtmPoolNotAvail (.1.3.6.1.4.1.3375.2.4.0.41) |
A global traffic management pool is not available. |
Information only, no action required. |
bigipGtmPoolDisabled (.1.3.6.1.4.1.3375.2.4.0.42) |
A global traffic management pool is disabled. |
Check the status of the pool. |
bigipGtmPoolEnabled (.1.3.6.1.4.1.3375.2.4.0.43) |
A global traffic management pool is enabled. |
Information only, no action required. |
bigipGtmLinkAvail (.1.3.6.1.4.1.3375.2.4.0.44) |
A global traffic management link is available. |
Information only, no action required. |
bigipGtmLinkNotAvail (.1.3.6.1.4.1.3375.2.4.0.45) |
A global traffic management link is not available. |
Check the status of the link, as well as the relevant detailed log message. |
bigipGtmLinkDisabled (.1.3.6.1.4.1.3375.2.4.0.46) |
A global traffic management link is disabled. |
Check the status of the link. |
bigipGtmLinkEnabled (.1.3.6.1.4.1.3375.2.4.0.47) |
A global traffic management link is enabled. |
Information only, no action required. |
bigipGtmWideIpAvail (.1.3.6.1.4.1.3375.2.4.0.48) |
A global traffic management wide IP is available. |
Information only, no action required. |
bigipGtmWideIpNotAvail (.1.3.6.1.4.1.3375.2.4.0.49) |
A global traffic management wide IP is unavailable. |
Check the status of the wide IP, as well as the relevant detailed log message. |
bigipGtmWideIpDisabled (.1.3.6.1.4.1.3375.2.4.0.50) |
A global traffic management wide IP is disabled. |
Check the status of the wide IP. |
bigipGtmWideIpEnabled (.1.3.6.1.4.1.3375.2.4.0.51) |
A global traffic management wide IP is enabled. |
Information only, no action required. |
bigipGtmPoolMbrAvail (.1.3.6.1.4.1.3375.2.4.0.52) |
A global traffic management pool member is available. |
Information only, no action required. |
bigipGtmPoolMbrNotAvail (.1.3.6.1.4.1.3375.2.4.0.53) |
A global traffic management pool member is not available. |
Check the status of the pool member, as well as the relevant detailed log message. |
bigipGtmPoolMbrDisabled (.1.3.6.1.4.1.3375.2.4.0.54) |
A global traffic management pool member is disabled. |
Check the status of the pool member. |
bigipGtmPoolMbrEnabled (.1.3.6.1.4.1.3375.2.4.0.55) |
A global traffic management pool member is enabled. |
Information only, no action required. |
bigipGtmServerAvail (.1.3.6.1.4.1.3375.2.4.0.56) |
A global traffic management server is available. |
Information only, no action required. |
bigipGtmServerNotAvail (.1.3.6.1.4.1.3375.2.4.0.57) |
A global traffic management server is unavailable. |
Check the status of the server, as well as the relevant detailed log message. |
bigipGtmServerDisabled (.1.3.6.1.4.1.3375.2.4.0.58) |
A global traffic management server is disabled. |
Check the status of the server. |
bigipGtmServerEnabled (.1.3.6.1.4.1.3375.2.4.0.59) |
A global traffic management server is enabled. |
Information only, no action required. |
bigipGtmVsAvail (.1.3.6.1.4.1.3375.2.4.0.60) |
A global traffic management virtual server is available. |
Information only, no action required. |
bigipGtmVsNotAvail (.1.3.6.1.4.1.3375.2.4.0.61) |
A global traffic management virtual server is unavailable. |
Check the status of the virtual server, as well as the relevant detailed log message. |
bigipGtmVsDisabled (.1.3.6.1.4.1.3375.2.4.0.62) |
A global traffic management virtual server is disabled. |
Check the status of the virtual server. |
bigipGtmVsEnabled (.1.3.6.1.4.1.3375.2.4.0.63) |
A global traffic management virtual server is enabled. |
Information only, no action required. |
bigipGtmDcAvail (.1.3.6.1.4.1.3375.2.4.0.64) |
A global traffic management data center is available. |
Information only, no action required. |
bigipGtmDcNotAvail (.1.3.6.1.4.1.3375.2.4.0.65) |
A global traffic management data center is unavailable. |
Check the status of the data center, as well as the relevant detailed log message. |
bigipGtmDcDisabled (.1.3.6.1.4.1.3375.2.4.0.66) |
A global traffic management data center is disabled. |
Check the status of the data center. |
bigipGtmDcEnabled (.1.3.6.1.4.1.3375.2.4.0.67) |
A global traffic management data center is enabled. |
Information only, no action required. |
bigipGtmAppObjAvail (.1.3.6.1.4.1.3375.2.4.0.69) |
A global traffic management application object is available. |
Information only, no action required. |
bigipGtmAppObjNotAvail (.1.3.6.1.4.1.3375.2.4.0.70) |
A global traffic management application object is unavailable. |
Check the status of the application object, as well as the relevant detailed log message. |
bigipGtmAppAvail (.1.3.6.1.4.1.3375.2.4.0.71) |
A global traffic management application is available. |
Information only, no action required. |
bigipGtmAppNotAvail (.1.3.6.1.4.1.3375.2.4.0.72) |
A global traffic management application is unavailable. |
Check the status of the application, as well as the relevant detailed log message. |
bigipGtmJoinedGroup (.1.3.6.1.4.1.3375.2.4.0.73) |
The BIG-IP system joined a global traffic management synchronization group. |
Information only, no action required. |
bigipGtmLeftGroup (.1.3.6.1.4.1.3375.2.4.0.74) |
The BIG-IP system left a global traffic management synchronization group. |
Information only, no action required. |
bigipGtmKeyGenerationExpiration (.1.3.6.1.4.1.3375.2.4.0.95) |
A generation of a DNSSEC key expired. |
Information only, no action required. |
bigipGtmKeyGenerationRollover (.1.3.6.1.4.1.3375.2.4.0.94) |
A generation of a DNSSEC key rolled over. |
Information only, no action required. |
bigipGtmProberPoolDisabled (.1.3.6.1.4.1.3375.2.4.0.99) |
A global traffic management prober pool is disabled. |
Check the status of the prober pool. |
bigipGtmProberPoolEnabled (.1.3.6.1.4.1.3375.2.4.0.100) |
A global traffic management prober pool is enabled. |
Information only, no action required. |
bigipGtmProberPoolStatusChange (.1.3.6.1.4.1.3375.2.4.0.97) |
The status of a global traffic management prober pool has changed. |
Check the status of the prober pool. |
bigipGtmProberPoolStatusChangeReason (.1.3.6.1.4.1.3375.2.4.0.98) |
The reason the status of a global traffic management prober pool has
changed. |
The action required is based on the reason given. |
bigipGtmProberPoolMbrDisabled (.1.3.6.1.4.1.3375.2.4.0.103) |
A global traffic management prober pool member is disabled. |
Check the status of the prober pool member. |
bigipGtmProberPoolMbrEnabled (.1.3.6.1.4.1.3375.2.4.0.104) |
A global traffic management prober pool member is enabled. |
Information only, no action required. |
bigipGtmProberPoolMbrStatusChange (.1.3.6.1.4.1.3375.2.4.0.101) |
The status of a global traffic management prober pool member has changed. |
Check the status of the prober pool member. |
bigipGtmProberPoolMbrStatusChangeReason (.1.3.6.1.4.1.3375.2.4.0.102) |
The reason the status of a global traffic management prober pool member has changed. |
The action required is based on the reason given. |
Hardware-related traps and recommended actions
This table provides information about hardware-related notifications that an SNMP
manager can receive. If you receive any of these alerts, contact F5
Networks technical support.
Trap name and Associated OID |
Description |
Recommended action |
---|---|---|
bigipAomCpuTempTooHigh (.1.3.6.1.4.1.3375.2.4.0.93) |
The AOM is reporting that the air temperature near the CPU is too
high. |
Check the input and output air temperatures. Run an iHealth
report and troubleshoot based on the results. If the condition persists, contact F5
Networks technical support. |
bigipBladeNoPower (.1.3.6.1.4.1.3375.2.4.0.88) |
A blade lost power. |
Contact F5 Networks technical support. |
bigipBladeTempHigh (.1.3.6.1.4.1.3375.2.4.0.87) |
The temperature of a blade is too high. |
This trap might be spurious. If the condition persists, contact F5 Networks
technical support. |
bigipBladeOffline (.1.3.6.1.4.1.3375.2.4.0.90) |
A blade has failed. |
Remove the blade. Contact F5 Networks technical support. |
bigipChmandAlertFanTrayBad (.1.3.6.1.4.1.3375.2.4.0.121) |
A fan tray in a chassis is bad or was removed. |
Replace the fan tray. If the condition persists, contact F5 Networks technical
support. |
bigipCpuTempHigh |
The CPU temperature is too high. |
Check the input and output air temperatures. Run an iHealth report and
troubleshoot based on the results. If the condition persists, contact F5 Networks
technical support. |
bigipCpuFanSpeedLow (.1.3.6.1.4.1.3375.2.4.0.5) |
The CPU fan speed is too low. |
Check the CPU temperature. If the CPU temperature is normal, the condition is not
critical. If the condition persists, contact F5 Networks technical support. |
bigipCpuFanSpeedBad (.1.3.6.1.4.1.3375.2.4.0.6) |
The CPU fan is not receiving a signal. |
Check the CPU temperature. If the CPU temperature is normal, the condition is not
critical. If the condition persists, contact F5 Networks technical support. |
bigipSystemCheckAlertFanSpeedLow (.1.3.6.1.4.1.3375.2.4.0.115) |
The system fan speed is too low. |
This condition is critical. Replace the fan tray. These appliances do not have fan
trays: 1600, 3600, 3900, EM4000, 2000, 4000. If the condition persists, contact F5
Networks technical support. |
bigipSystemCheckAlertVoltageHigh (.1.3.6.1.4.1.3375.2.4.0.114) |
The system voltage is too high. |
Review additional error messages in the log files. Unplug the system. Contact F5
Networks technical support. This alert does not happen for standby
power. |
bigipSystemCheckAlertVoltageLow (.1.3.6.1.4.1.3375.2.4.0.123) |
The system voltage is too low. |
Review additional error messages in the log files. Unplug the system. Contact F5
Networks technical support. This alert does not happen for standby
power. |
bigipSystemCheckAlertMilliVoltageHigh (.1.3.6.1.4.1.3375.2.4.0.124) |
The system milli-voltage is too high. |
Review additional error messages in the log files. Unplug the system. Contact F5
Networks technical support. This alert does not happen for standby
power. |
bigipSystemCheckAlertMilliVoltageLow (.1.3.6.1.4.1.3375.2.4.0.127) |
The system milli-voltage is too low. |
Review additional error messages in the log files. Unplug the system. Contact F5
Networks technical support. This alert does not happen for standby
power. |
bigipSystemCheckAlertTempHigh (.1.3.6.1.4.1.3375.2.4.0.113) |
The system temperature is too high. |
Check the system and air temperatures. If the condition persists, contact F5
Networks technical support. |
bigipSystemCheckAlertCurrentHigh (.1.3.6.1.4.1.3375.2.4.0.125) |
The system current is too high. |
Review additional error messages in the log files. Unplug the system. Contact F5
Networks technical support. This alert does not happen for standby
power. |
bigipSystemCheckAlertCurrentLow (.1.3.6.1.4.1.3375.2.4.0.128) |
The system current is too low. |
Review additional error messages in the log files. Unplug the system. Contact F5
Networks technical support. This alert does not happen for standby
power. |
bigipSystemCheckAlertPowerHigh (.1.3.6.1.4.1.3375.2.4.0.126) |
The system power is too high. |
Review additional error messages in the log files. Unplug the system. Contact F5
Networks technical support. This alert does not happen for standby
power. |
bigipSystemCheckAlertPowerLow (.1.3.6.1.4.1.3375.2.4.0.129) |
The system power is too low. |
Review additional error messages in the log files. Unplug the system. Contact F5
Networks technical support. This alert does not happen for standby
power. |
bigipChassisTempHigh (.1.3.6.1.4.1.3375.2.4.0.7) |
The temperature of the chassis is too high. |
Contact F5 Networks technical support. |
bigipChassisFanBad (.1.3.6.1.4.1.3375.2.4.0.8) |
The chassis fan is not operating properly. |
Replace the fan tray. If the condition persists, contact F5 Networks technical
support. |
bigipChassisPowerSupplyBad (.1.3.6.1.4.1.3375.2.4.0.9) |
The chassis power supply is not functioning properly. |
Verify that the power supply is plugged in. In the case of a dual-power-supply
system, verify that both power supplies are plugged in. Contact F5 Networks technical
support. |
bigipLibhalBladePoweredOff (.1.3.6.1.4.1.3375.2.4.0.119) |
A blade is powered off. |
Contact F5 Networks technical support. |
bigipLibhalSensorAlarmCritical (.1.3.6.1.4.1.3375.2.4.0.120) |
The hardware sensor on a blade indicates a critical alarm. |
Review any additional error messages that your receive, and troubleshoot
accordingly. If the condition persists, contact F5 Networks technical support. |
bigipLibhalDiskBayRemoved (.1.3.6.1.4.1.3375.2.4.0.118) |
A disk sled was removed from a bay. |
Information only, no action required. |
bigipLibhalSsdLogicalDiskRemoved (.1.3.6.1.4.1.3375.2.4.0.117) |
An SSD logical disk was removed from the BIG-IP
system. |
Information only, no action required. |
bigipLibhalSsdPhysicalDiskRemoved (.1.3.6.1.4.1.3375.2.4.0.116) |
An SSD physical disk was removed from the BIG-IP system. |
Information only, no action required. |
bigipRaidDiskFailure (.1.3.6.1.4.1.3375.2.4.0.96) |
An disk in a RAID disk array failed. |
On www.askf5.com , see SOL10856: Overview of hard drive
mirroring . If the problem persists, contact F5 Networks technical
support. |
bigipSsdMwiNearThreshold (.1.3.6.1.4.1.3375.2.4.0.111) |
An SSD disk is reaching a known wear threshold. |
Contact F5 Networks technical support. |
bigipSsdMwiReachedThreshold (.1.3.6.1.4.1.3375.2.4.0.112) |
An SSD disk is worn out. |
If this is the first alert, the disk might continue to operate for a short time.
Contact F5 Networks technical support. |
bigipNetLinkDown (.1.3.6.1.4.1.3375.2.4.0.24) |
An interface link is down. |
This alert applies to L1 and L2, which are internal links within the device
connecting the CPU and Switch subsystems. These links should never be down. If this
occurs, the condition is serious. Contact F5 Networks technical support. |
bigipExternalLinkChange
(.1.3.6.1.4.1.3375.2.4.0.37) |
The status of an external interface link has changed to either UP, DOWN, or
UNPOPULATED. |
This occurs when network cables are added or removed, and the network is
reconfigured. Determine whether the link should be down or up, and then take the
appropriate action. |
bigipPsPowerOn (.1.3.6.1.4.1.3375.2.4.0.147) |
The power supply for the BIG-IP system was powered on. |
Information only, no action required, unless this trap is unexpected. In that
case, verify that the power supply is working and that system has not rebooted. |
bigipPsPowerOff (.1.3.6.1.4.1.3375.2.4.0.148) |
The power supply for the BIG-IP system was powered off. |
Information only, no action required, unless power off was unexpected. In that
case, verify that the power supply is working and that system has not rebooted. |
bigipPsAbsent (.1.3.6.1.4.1.3375.2.4.0.149) |
The power supply for the BIG-IP system cannot be detected. |
Information only, no action required when the BIG-IP device is operating with one power
supply. For BIG-IP devices with two power supplies installed, verify that both power
supplies are functioning correctly and evaluate symptoms. |
bigipSystemShutdown (.1.3.6.1.4.1.3375.2.4.0.151) |
The BIG-IP system has shut down. |
Information only, no action required when the shut down was expected. Otherwise,
investigate the cause of the unexpected reboot. |
bigipFipsDeviceError (.1.3.6.1.4.1.3375.2.4.0.152) |
The FIPS card in the BIG-IP system has encountered a problem. |
Contact F5 Networks technical support. |
High-availability system-related traps and recommended actions
This table provides information about the high-availability system-related
notifications that an SNMP manager can receive.
Trap name |
Description |
Recommended action |
---|---|---|
bigipStandby (.1.3.6.1.4.1.3375.2.4.0.14) |
The BIG-IP system has switched to standby mode. |
Review the log files in the /var/log directory and then
search for core files in the /var/core directory. If you find a core
file, or find text similar to fault at location xxxx stack trace: ,
contact F5 Networks technical support. |
bigipStandByFail (.1.3.6.1.4.1.3375.2.4.0.75) |
In failover condition, this standby system cannot become active. |
Investigate failover condition on the standby system. |
bigipActive (.1.3.6.1.4.1.3375.2.4.0.15) |
The BIG-IP system has switched to active mode. |
Information only, no action required. |
bigipActiveActive (.1.3.6.1.4.1.3375.2.4.0.16) |
The BIG-IP system is in active-active mode. |
Information only, no action required. |
bigipFeatureFailed (.1.3.6.1.4.1.3375.2.4.0.17) |
A high-availability feature has failed. |
View high-availability processes and their current status. |
bigipFeatureOnline (.1.3.6.1.4.1.3375.2.4.0.18) |
A high-availability feature is responding. |
View high-availability processes and their current status. |
bigipTrafficGroupStandby (.1.3.6.1.4.1.3375.2.4.0.141) |
The status of a traffic group has changed to stand by. |
Information only, no action required. To determine the reason for the failover,
review the LTM log /var/log/ltm and search for
keywords active or standby. Additionally, you can run the tmsh command
tmsh show sys ha-status to view the failover conditions. |
bigipTrafficGroupActive (.1.3.6.1.4.1.3375.2.4.0.142) |
The status of a traffic group has changed to active. |
Information only, no action required. To determine the reason for the failover,
review the LTM log /var/log/ltm and search for keywords active or
standby. Additionally, you can run the tmsh command tmsh show
sys ha-status to view the failover conditions. |
bigipTrafficGroupOffline (.1.3.6.1.4.1.3375.2.4.0.143) |
The status of a traffic group has changed to offline. |
Information only, no action required. |
bigipTrafficGroupForcedOffline (.1.3.6.1.4.1.3375.2.4.0.144) |
The status of a traffic group has changed to forced offline. |
Information only, no action required. |
bigipTrafficGroupDeactivate (.1.3.6.1.4.1.3375.2.4.0.145) |
A traffic group was deactivated. |
Information only, no action required. To determine the reason for the
deactivation, review the LTM log /var/log/ltm and search for the
keyword deactivate. |
bigipTrafficGroupActivate (.1.3.6.1.4.1.3375.2.4.0.146) |
A traffic group was activated. |
Information only, no action required. To determine the reason for the
deactivation, review the LTM log /var/log/ltm and search for the
keyword activate. |
License-related traps and recommended actions
This table provides information about the license-related notifications that an SNMP
manager can receive.
Trap name |
Description |
Recommended action |
---|---|---|
bigipLicenseFailed (.1.3.6.1.4.1.3375.2.4.0.19) |
Validation of a BIG-IP system license has failed, or the
dossier has errors. |
Occurs only when first licensing the system or adding a module key (such as HTTP
compression) to an existing system. If using automatic licensing, verify connectivity to
the outside world, fix the dossier if needed, and try again. |
bigipLicenseExpired (.1.3.6.1.4.1.3375.2.4.0.20) |
The BIG-IP license has expired. |
Call F5 Networks technical support. |
bigipDnsRequestRateLimiterEngaged (.1.3.6.1.4.1.3375.2.4.0.139) |
The BIG-IP DNS Services license is rate-limited and the system has reached the
rate limit. |
Call F5 Networks technical support to upgrade your license. |
bigipGtmRequestRateLimiterEngaged (.1.3.6.1.4.1.3375.2.4.0.140) |
The BIG-IP DNS license is rate-limited and the system has
reached the rate limit. |
Call F5 Networks technical support to upgrade your license. |
bigipCompLimitExceeded (.1.3.6.1.4.1.3375.2.4.0.35) |
The compression license limit is exceeded. |
Purchase additional compression licensing from F5 Networks. |
bigipSslLimitExceeded (.1.3.6.1.4.1.3375.2.4.0.36) |
The SSL license limit is exceeded, either for transactions per second (TPS) or
for megabits per second (MPS). |
Purchase additional SSL licensing from F5 Networks. |
LTM-related traps and recommended actions
This table provides information about the LTM-related
notifications that an SNMP manager can receive.
Trap name |
Description |
Recommended action |
---|---|---|
bigipUnsolicitedRepliesExceededThreshold (.1.3.6.1.4.1.3375.2.4.0.122) |
The BIG-IP system DNS cache received unsolicited query
replies exceeding the configured threshold. |
Check the BIG-IP system logs to determine if the system is experiencing a
distributed denial-of-service (DDoS) attack. |
bigipNodeRate (.1.3.6.1.4.1.3375.2.4.0.130) |
A local traffic management node has received connections exceeding the configured
rate-limit. |
Consider provisioning more resources on the BIG-IP system for this virtual
server. |
bigipNodeDown (.1.3.6.1.4.1.3375.2.4.0.12) |
A BIG-IP system health monitor has marked a node as down. |
Check the node and the cable connection. |
bigipNodeUp (.1.3.6.1.4.1.3375.2.4.0.13) |
A BIG-IP system health monitor has marked a node as up. |
Information, no action required. |
bigipMemberRate (.1.3.6.1.4.1.3375.2.4.0.131) |
A local traffic management pool member has received connections exceeding the
configured rate-limit. |
Consider provisioning more resources on the BIG-IP system for this virtual
server. |
bigipVirtualRate (.1.3.6.1.4.1.3375.2.4.0.132) |
A local traffic management virtual server has received connections exceeding the
configured rate-limit. |
Consider provisioning more resources on the BIG-IP system for this virtual
server. |
bigipLtmVsAvail (.1.3.6.1.4.1.3375.2.4.0.135) |
A local traffic management virtual server is available to receive
connections. |
Information only, no action required. |
bigipLtmVsUnavail (.1.3.6.1.4.1.3375.2.4.0.136) |
A local traffic management virtual server is not available to receive
connections. |
Check the virtual server. |
bigipLtmVsEnabled (.1.3.6.1.4.1.3375.2.4.0.137) |
A local traffic management virtual server
is
enabled. |
Information only, no action required. |
bigipLtmVsDisabled (.1.3.6.1.4.1.3375.2.4.0.138) |
A local traffic management virtual server
is
disabled. |
Information only, no action required. |
bigipServiceDown (.1.3.6.1.4.1.3375.2.4.0.10) |
A BIG-IP system health monitor has detected a service on a node to be stopped and
thus marked the node as down. |
Restart the service on the node. |
bigipServiceUp (.1.3.6.1.4.1.3375.2.4.0.11) |
A BIG-IP system health monitor has detected a service on a node to be running and
has therefore marked the node as up. |
Information only, no action required. |
bigipPacketRejected (.1.3.6.1.4.1.3375.2.4.0.34) |
The BIG-IP system has rejected some packets. |
Check the detailed message within this trap and act accordingly. |
bigipInetPortExhaustion (.1.3.6.1.4.1.3375.2.4.0.76) |
The TMM has run out of source ports and cannot open new communications channels
with other machines. |
Either increase the number of addresses available for SNAT automapping or SNAT
pools, or lower the idle timeout value if the value is excessively high. |
Logging-related traps and recommended actions
This table provides information about the logging-related notifications that an SNMP
manager can receive.
Trap name |
Description |
Recommended action |
---|---|---|
bigipLogEmerg (.1.3.6.1.4.1.3375.2.4.0.29) |
The BIG-IP system is unusable. This notification occurs
when the system logs a message with the log level LOG_EMERG. |
Check the detailed message within this trap and
within the /var/log files to determine which process has the
emergency. Then act accordingly. |
bigipLogAlert (.1.3.6.1.4.1.3375.2.4.0.30) |
The BIG-IP system requires immediate action to function properly. This
notification occurs when the system logs a message with the log level
LOG_ALERT. |
Check
the detailed message within this trap and within the /var/log files
to determine which process has the alert situation. Then act accordingly. |
bigipLogCrit (.1.3.6.1.4.1.3375.2.4.0.31) |
The BIG-IP system is in critical condition. This notification occurs when the
system logs a message with the log level LOG_CRIT. |
Check the detailed message
within this trap and within the /var/log files to determine which
process has the critical situation. Then act accordingly. |
bigipLogErr (.1.3.6.1.4.1.3375.2.4.0.32) |
The BIG-IP system has some error conditions. This notification occurs when the system logs a message with the log level LOG_ERR. |
Check the detailed message within this trap and within the /var/log files to determine which processes have the error conditions.
Then act accordingly. |
bigipLogWarning (.1.3.6.1.4.1.3375.2.4.0.33) |
The BIG-IP system is experiencing some warning conditions. This notification occurs when the system logs a message with the log level LOG_WARNING. |
Check the detailed message within this trap and within the
/var/log files to determine which processes have the warning
conditions. Then act accordingly. |
Network-related traps and recommended actions
This table provides information about the network-related notifications that an SNMP
manager can receive.
Trap name |
Description |
Recommended action |
---|---|---|
bigipARPConflict (.1.3.6.1.4.1.3375.2.4.0.23) |
The BIG-IP system has detected an ARP advertisement for any
of its own ARP-enabled addresses. This can occur for a virtual server address or a self IP
address. |
Check IP addresses and routes. |
vCMP-related traps and recommended actions
This table provides information about the virtual clustered multiprocessing (vCMP)-related notifications that an SNMP manager can receive.
Trap name |
Description |
Recommended action |
---|---|---|
bigipVcmpAlertsVcmpPowerOn (.1.3.6.1.4.1.3375.2.4.0.107) |
The BIG-IP system powered on a vCMP guest from a suspended
or powered-off state. |
Information only, no action required. |
bigipVcmpAlertsVcmpPowerOff (.1.3.6.1.4.1.3375.2.4.0.108) |
The BIG-IP system powered off a vCMP guest. |
Information only, no action required. |
bigipVcmpAlertsVcmpHBLost (.1.3.6.1.4.1.3375.2.4.0.109) |
The BIG-IP system cannot detect a heartbeat from a vCMP guest. |
Check the guest and restart, if necessary. |
bigipVcmpAlertsVcmpHBDetected (.1.3.6.1.4.1.3375.2.4.0.110) |
The BIG-IP system detected a heartbeat from a new or returning vCMP
guest. |
Information only, no action required. |
VIPRION-related traps and recommended actions
This table provides information about the VIPRION-related
notifications that an SNMP manager can receive.
Trap name |
Description |
Recommended action |
---|---|---|
bigipClusterdNoResponse (.1.3.6.1.4.1.3375.2.4.0.89) |
The cluster daemon failed to respond for 10 seconds or more. |
Start the cluster daemon. |
bigipClusterPrimaryChanged (.1.3.6.1.4.1.3375.2.4.0.150) |
The primary cluster has changed. |
Information only, no action required. |