F5 Logo MyF5
Search
  1. MyF5 Home
  2. External Monitoring of BIG-IP Systems: Implementations
  3. Monitoring BIG-IP System Traffic with SNMP
Manual Chapter : Monitoring BIG-IP System Traffic with SNMP

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP Analytics

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP Link Controller

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP PEM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP AFM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP DNS

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP ASM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
Manual Chapter

Monitoring BIG-IP System Traffic with SNMP

Overview: Configuring network monitoring using SNMP

SNMP is an industry standard protocol for monitoring devices on IP networks. You can configure the BIG-IP system with SNMP traps and an SNMP agent that sends data to an SNMP manager. You can then use the collected data to help you troubleshoot the BIG-IP system.

SNMP deployment worksheet

This table provides information about the prerequisites for a BIG-IP system SNMP deployment.
Configuration component
Prerequisite tasks and considerations
SNMP administrator contact information
Determine who is responsible for SNMP administration for the BIG-IP system. The contact information is a MIB-II simple string variable.
Machine location
Determine the location of the BIG-IP system. The contact information is a MIB-II simple string variable.
BIG-IP system user role
Ensure that your assigned user role is either Administrator or Resource Administrator.
BIG-IP system client allow list
Gather the IP or network addresses (with netmask) of the SNMP managers from which the SNMP agent will accept requests.
SNMP manager routes
Define a route to the BIG-IP system on the SNMP manager to specify where the manager sends SNMP requests. If the SNMP manager is not on the same subnet as the BIG-IP system, you must also add the route to the SNMP manager to the BIG-IP system routes table, and enable one of the dynamic routing protocols.
For VIPRION systems, the route you define to the BIG-IP system on the SNMP manager must be the route to a VIPRION system cluster management IP address (IPv4 or Pv6), because SNMP traps are sourced from that IP address.
Access
Determine the OID for the top-most node of the SNMP tree to which the access applies.
Communities
Determine the v1 and v2c communities and the IP addresses of the SNMP managers that you want to grant access to SNMP data.
Users
Determine the v3 users that you want to grant access to SNMP data. Gather authentication types and passwords, and privacy protocols and passwords for each user.
BIG-IP system statistics
BIG-IP system statistics are defined by 64-bit counters. SNMP v2c and v3 support 64-bit counters. Therefore, your SNMP manager must use SNMP v2c or v3 to query the BIG-IP system. SNMP v1 does not support 64-bit counters.

Component overview

SNMP device management is based on the standard MIB-II, as well as object IDs and MIB files. A standard SNMP implementation, includes the following components:
SNMP manager
The part of an SNMP system that runs on a management system and makes requests to the BIG-IP system.
SNMP agent
The part of an SNMP system that runs on the BIG-IP system and fulfills requests from the SNMP manager.
Management Information Base (MIB)
A set of data that defines the standard objects on the BIG-IP system that can be managed by the SNMP manager. The objects are presented in a hierarchical, tree structure.
Object identifier (OID)
A numeric identifier that indicates the location of an object within the MIB tree. Each object defined in the MIB has a unique OID, written as a series of integers.
Enterprise MIB
A set of data that defines the objects on the BIG-IP system that are specific to F5 Networks, Inc., and can be managed by the SNMP manager.
MIB file
An ASCII text file that describes SNMP network elements as a list of data objects, including the data type and current validity of each object, as well as a brief description of the purpose of each object. A set of MIB files consists of standard SNMP MIB files and enterprise MIB files.

Permissions on SNMP data objects

This table shows that access to an object depends on the object's access type and the access assigned to a user.
Access type
Assigned access level (for community or user)
Result access
Read-only
Read-only
Read-only
Read-only
Read-write
Read-only
Read-write
Read-only
Read-only
Read-write
Read-write
Read-write

About enterprise MIB files

The enterprise MIB files contain F5 Networks specific information. All OIDS for the BIG-IP system data are contained in the F5 enterprise MIB files, including all interface statistics (
1.3.6.1.4.1.3375.2.1.2.4
 (
sysNetwork.sysInterfaces
)). These enterprise MIB files reside on the BIG-IP system:
F5-BIGIP-COMMON-MIB.txt
Contains information that the SNMP manager can use to help manage F5-specific notifications (SNMP traps) that all other BIG-IP MIB files reference.
F5-BIGIP-SYSTEM-MIB.txt
Contains information that the SNMP manager can use to help manage BIG-IP system objects, such as global statistic data, network information, and platform information.
F5-BIGIP-LOCAL-MIB.txt
Contains information that the SNMP manager can use to help manage BIG-IP local traffic objects, such as virtual servers, pools, nodes, profiles, health monitors, iRules, and SNATs. Also contains information on AFM objects, such as firewall rules and DoS vectors.
F5-BIGIP-GLOBAL-MIB.txt
Contains information that the SNMP manager can use to help manage global traffic objects, such as wide IPs, virtual servers, pools, links, servers, and data centers.
F5-BIGIP-APM-MIB.txt
Contains information that the SNMP manager can use to help manage access policy objects, such as profiles, statistics, lease pools, and ACLs.
F5-BIGIP-WAM-MIB.txt
Contains information that the SNMP manager can use to help manage traffic acceleration objects, such as applications, profiles, and statistics.

Downloading enterprise and NET-SNMP MIBs to the SNMP manager

View the set of standard SNMP MIB files that you can download to the SNMP manager, by listing the contents of the BIG-IP system directory
/usr/share/snmp/mibs
.
Download compressed files that contain the enterprise and NET-SNMP MIBs.
  1. Click the
    About
     tab.
  2. Click
    Downloads
    .
  3. Click
    Download F5 MIBs (mibs_f5.tar.gz)
     or
    Download NET-SNMP MIBs (mibs_netsnmp.tar.gz)
    .
  4. Follow the instructions on the screen to complete the download.

Viewing objects in enterprise MIB files

You must have the
Administrator
 user role assigned to your user account.
View information about a BIG-IP system object by listing the contents of an enterprise MIB file.
  1. Access a console window on the BIG-IP system.
  2. At the command prompt, list the contents of the directory
    /usr/share/snmp/mibs
    .
  3. View available objects in the relevant MIB file.

Viewing SNMP traps in F5-BIGIP-COMMON-MIB.txt

Verify that you have the
Administrator
 user role assigned to your user account.
When an F5-specific trap sends a notification to the SNMP manager, the SNMP manager receives a text message describing the event or problem that has occurred. You can identify the traps specified in the F5-BIGIP-COMMON-MIB.txt file by viewing the file.
  1. Access a console window on the BIG-IP system.
  2. At the command prompt, list the contents of the directory
    /usr/share/snmp/mibs
    .
  3. View the F5-BIGIP-COMMON-MIB.txt file. Look for object names with the designation NOTIFICATION-TYPE.

Viewing dynamic routing SNMP traps and associated OIDs

Verify that you have the
Administrator
 user role assigned to your user account.
When you want to set up your network management systems to watch for problems with dynamic routing, you can view SNMP MIB files to discover the SNMP traps that the dynamic routing protocols send, and to find the OIDs that are associated with those traps.
  1. Access a console window on the BIG-IP system.
  2. At the command prompt, list the contents of the directory
    /usr/share/snmp/mibs
    .
  3. View the following dynamic routing MIB files:
    • BGP4-MIB.txt
    • ISIS-MIB.txt
    • OSPF6-MIB.txt
    • OSPF-MIB.txt
    • OSPF-TRAP-MIB.txt
    • RIPv2-MIB.txt

Monitoring BIG-IP system processes using SNMP

Ensure that your SNMP manager is running either SNMP v2c or SNMP v3, because all BIG-IP system statistics are defined by 64-bit counters, and only SNMP v2c and SNMP v3 support 64-bit counters. Ensure that you have downloaded the F-5 Networks enterprise and NET-SNMP MIBs to the SNMP manager.
You can monitor a specific process on the BIG-IP system using SNMP. To do this you can use the
HOST-RESOURCES
 MIB and write a script to monitor the process.
  1. Write a script to monitor a BIG-IP system process using the
    HOST-RESOURCES
     MIB.
    For example, this command determines the number of TMM processes currently running on the system:
    snmpwalk
    -v2c
    -c
    public
    localhost
    hrSWRunName
     |
    egrep
    "\"tmm(.[0-9]+)?\""
     |
    wc
    -l
The script can now query the BIG-IP system about the status of processes.

Collecting BIG-IP system memory usage data using SNMP

You can use an SNMP command with OIDs to gather data on the number of bytes of memory currently being used on the BIG-IP system.
To interpret data on memory use, you do not need to perform a calculation on the collected data.
  1. Write an SNMP command to gather data on the number of bytes of memory currently being used on the BIG-IP system.
    For example, this SNMP command collects data on current memory usage, where
    public
     is the community name and
    bigip
     is the host name of the BIG-IP system:
    snmpget
    -c
    public
    bigip
    sysGlobalStat.sysStatMemoryUsed.0
The SNMP manager can now query the BIG-IP system about CPU and memory usage.

Collecting BIG-IP system data on HTTP requests using SNMP

You can use SNMP commands with an OID to gather and interpret data on the number of current HTTP requests on the BIG-IP system. The following table shows the required OIDs for polling data on HTTP requests.
Performance Graph
Graph Metrics
Required SNMP OIDs
HTTP Requests
HTTP Requests
sysStatHttpRequests (.1.3.6.1.4.1.3375.2.1.1.2.1.56)
The following table shows the required calculations for interpreting metrics on HTTP requests.
Performance Graph
Graph Metric
Required calculations for HTTP requests
HTTP Requests
HTTP Requests
<DeltaStatHttpRequests> / <interval>
  1. For each OID, perform two separate polls, at an interval of your choice. For example, poll OID
    sysStatHttpRequests (.1.3.6.1.4.1.3375.2.1.1.2.1.56)
    twice, at a 10-second interval. This results in two values,
    <sysStatHttpRequests1>
     and
    <sysStatHttpRequests2>
    .
  2. Calculate the delta of the two poll values. For example:
     
    <DeltaStatHttpRequests> = <sysStatHttpRequests2> - <sysStatHttpRequests1>
  3. Perform the calculation on the OID deltas. The value for
    interval
     is 10. For example, to calculate the value of the HTTP Requests graph metric:
     
    (<DeltaStatHttpRequests>) / <interval>

Collecting BIG-IP system data on throughput rates using SNMP

You can use SNMP commands with various OIDs to gather and interpret data on the throughput rate on the BIG-IP system. The following table shows the individual OIDs that you must poll, retrieving two separate poll values for each OID.
Performance Graph
Graph Metrics
Required SNMP OIDs
Throughput (summary graph)
Client Bits
Client Bits
Server Bits
Server Bits
sysStatClientBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.3)
sysStatClientBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.5)
sysStatServerBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.10)
sysStatServerBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.12)
Client-side Throughput (detailed graph)
Client Bits In
Client Bits Out
sysStatClientBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.3)
sysStatClientBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.5)
Server-side Throughput (detailed graph)
Server Bits In
Server Bits Out
sysStatServerBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.10)
sysStatServerBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.12)
HTTP Compression Rate (detailed graph)
Compression
sysHttpCompressionStatPrecompressBytes (.1.3.6.1.4.1.3375.2.1.1.2.22.2)
The following table shows the required calculations for interpreting metrics on throughput rates.
Performance Graph
Graph Metrics
Required calculations for throughput rates
Throughput (summary graph)
Client Bits
Server Bits
Compression
( (<DeltaStatClientBytesIn> + <DeltasysStatClientBytesOut> )*8 / <interval>
( (<DeltaStatServerBytesIn> + <DeltaServerStatServerBytesOut> )*8 / <interval>
( <DeltaHttpStatPrecompressBytes>)*8 / <interval>
Throughput (detailed graph)
Client Bits In
Client Bits Out
Server Bits In
Server Bits Out
Compression
( <DeltaStatClientBytesIn>)*8 / <interval>
( <DeltaStatClientBytesOut>*8) / <interval>
( <DeltaStatServerBytesIn >*8) / <interval>
( <DeltaStatServerBytesOut>*8) / <interval>
( <DeltaHttpStatPrecompressBytes>*8) / <interval>
  1. For each OID, perform two separate polls, at an interval of your choice. For example, poll OID
    sysStatServerBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.10)
    twice, at a 10-second interval. This results in two values,
    <sysStatServerBytesIn1>
     and
    <sysStatServerBytesIn2>
    .
  2. Calculate the delta of the two poll values. For example, for the Server Bits In graphic metric, perform this calculation:
    <DeltaStatServerBytesIn> = <sysStatServerBytesIn2> - <sysStatServerBytesIn1>
  3. Perform the calculation on the OID deltas. For this calculation, it is the average per second in the last
    <interval>
    . The value for
    interval
     is 10. For example, to calculate the value of the Server Bits In graph metric: 
    (<DeltaStatServerBytesIn>) / <interval>

Collecting BIG-IP system data on RAM cache using SNMP

You can use an SNMP command with various OIDs to gather and interpret data on RAM cache use. The following table shows the required OIDs for polling for data on RAM Cache use.
Performance Graph
Graph Metric
Required SNMP OIDs
RAM Cache Utilization
Hit Rate
sysWebAccelerationStatCacheHits (.1.3.6.1.4.1.3375.2.1.1.2.23.2)
sysWebAccelerationStatCacheMisses (.1.3.6.1.4.1.3375.2.1.1.2.23.3)
CPU Cache Utilization
Byte Rate
sysWebAccelerationStatCacheHitBytes (.1.3.6.1.4.1.3375.2.1.1.2.23.5)
sysWebAccelerationStatCacheMissBytes (.1.3.6.1.4.1.3375.2.1.1.2.23.6)
RAM Cache Utilization
Eviction Rate
sysWebAccelerationStatCacheEvictions (.1.3.6.1.4.1.3375.2.1.1.2.23.10), sysWebAccelerationStatCacheHits (.1.3.6.1.4.1.3375.2.1.1.2.23.2)
sysWebAccelerationStatCacheMisses (.1.3.6.1.4.1.3375.2.1.1.2.23.3)
The following table shows the required calculations for interpreting metrics on RAM Cache use.
Performance Graph
Graph Metric
Required SNMP OIDs
RAM cache Utilization
Hit Rate
<sysWebAccelerationStatCacheHits1>) / (<sysWebAccelerationStatCacheHits1> +
<sysWebAccelerationStatCacheMisses1>) / *100
RAM cache Utilization
Byte Rate
<sysWebAccelerationStatCacheHitBytes1) /
(<sysWebAccelerationStatCacheHitBytes1> +
<sysWebAccelerationStatCacheMissBytes1>) / *100
RAM cache Utilization
Eviction Rate
<sysWebAccelerationStatCacheEvictions1>) / (<sysWebAccelerationStatCacheHits1> +
<sysWebAccelerationStatCacheMisses1>) / *100
  1. For each OID, poll for data. For example, poll OID
    sysWebAccelerationStatCacheHits(.1.3.6.1.4.1.3375.2.1.1.2.23.2)
    . This results in a value
    <sysWebAccelerationStatCacheHits>
     .
  2. Poll OID
    sysWebAccelerationStatCacheHits(.1.3.6.1.4.1.3375.2.1.1.2.23.2)
    . This results in a value
    <sysWebAccelerationStatCacheMisses>
    .
  3. Perform the calculation using the OID data. For example, to calculate the value of the Hit Rate graphic metric: 
    <sysWebAccelerationStatCacheHits> / <sysWebAccelerationStatCacheHits1> + <>) *100).

Collecting BIG-IP system data on SSL transactions using SNMP

You can use SNMP commands with an OID to gather and interpret data on SSL performance. The following table shows the individual OIDS that you must use to poll for SSL transactions using SNMP.
Performance Graph
Graph Metrics
Required SNMP OIDs
SSL TPS
SSL TPS
sysClientsslStatToNativeConns (.1.3.6.1.4.1.3375.2.1.1.2.9.6)
SSL TPS
SSL TPS
sysClientsslStatTotCompatConns (.1.3.6.1.4.1.3375.2.1.1.2.9.9)
SSL TPS
SSL TPS
sysServersslStatTotNativeConns (.1.3.6.1.4.1.3375.2.1.1.2.10.6)
SSL TPS
SSL TPS
sysServersslStatTotCompatConns (.1.3.6.1.4.1.3375.2.1.1.2.10.9)
The following table shows the required calculations for interpreting metrics on SSL transactions using SNMP.
Performance Graph
Graph Metric
Required calculations for SSL TPS
SSL TPS
SSL TPS
<DeltaClientsslStatClientTotConns>) / (<interval>
  1. For each OID, poll for data. For example, poll OID
    sysClientsslStatToNativeConns (.1.3.6.1.4.1.3375.2.1.1.2.23.2)
     and
    sysClientsslStatTotCompatConns (.1.3.6.1.4.1.3375.2.1.1.2.9.9)
    .
  2. Add the two values together. This results in the value
    sysClientsslStartTotConns1
    .
  3. Poll the two OIDs again, within ten seconds of the previous polls.
  4. Again, add the two values together. This results in the value
    sysClientsslStatToComms2
    .
  5. Calculate the delta of the two sums: 
    <DeltaClientsslStatTotConns> = <sysClientsslStatTotConns2> - <sysClientsslStatTotConns1>.
  6. Perform the calculation on the OID deltas. The value for interval is 10. For example, to calculate the value of the SSL transactions using SNMP:
     
    (<DeltaClientsslStatClientTotConns>) / <interval>

Collecting BIG-IP system data on CPU usage based on a predefined polling interval

For the CPU[0-n] and Global Host CPU Usage graph metrics, you can instruct the BIG-IP system to gather and collect CPU usage data automatically, based on a predifined polling interval. Use the sysMultiHostCpu and sysGlobalHostCpu MIBs.
The following table shows the required OIDs for automatic collection of CPU[0-n] graphic metrics.
Performance Graph
Graph Metric
Required SNMP OIDs
CPU Usage
CPU[0-n]
5-second Polling Interval
sysMultiHostCpuUser5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.12)
sysMultiHostCpuNice5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.13)
sysMultiHostCpuSystem5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.14)
sysMultiHostCpuIdle5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.15)
sysMultiHostCpuIrq5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.16)
sysMultiHostCpuSoftirq5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.17)
sysMultiHostCpuIowait5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.18)
sysMultiHostCpuUsageRatio5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.19)
sysMultiHostCpuUsageRatio (.1.3.6.1.4.1.3375.2.1.7.5.2.1.11)
CPU Usage
CPU[0-n]
1-minute Polling Interval
sysMultiHostCpuUser1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.20)
sysMultiHostCpuNice1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.21)
sysMultiHostCpuSystem1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.22)
sysMultiHostCpuIdle1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.23)
sysMultiHostCpuIrq1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.24)
sysMultiHostCpuSoftirq1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.25)
sysMultiHostCpuIowait1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.26)
sysMultiHostCpuUsageRatio1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.27)
CPU Usage
CPU[0-n]
5-minute Polling Interval
sysMultiHostCpuUse5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.28)
sysMultiHostCpuNice5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.29)
sysMultiHostCpuSystem5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.30)
sysMultiHostCpuIdle5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.31)
sysMultiHostCpuIrq5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.32)
sysMultiHostCpuSoftirq5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.33)
sysMultiHostCpuIowait5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.34)
sysMultiHostCpuUsageRatio5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.35)
The following table shows the required OIDs for automatic collection of Global Host CPU Usage graph metrics.
Performance Graph
Graph Metric
Required SNMP OIDs
CPU Usage
Global Host CPU Usage
5-second Polling Interval
sysGlobalHostCpuUser5s (.1.3.6.1.4.1.3375.2.1.1.2.20.14)
sysGlobalHostCpuNice5s (.1.3.6.1.4.1.3375.2.1.1.2.20.15)
sysGlobalHostCpuSystem5s (.1.3.6.1.4.1.3375.2.1.1.2.20.16)
sysGlobalHostCpuIdle5s (.1.3.6.1.4.1.3375.2.1.1.2.20.17)
sysGlobalHostCpuIrq5s (.1.3.6.1.4.1.3375.2.1.1.2.20.18)
sysGlobalHostCpuSoftirq5s (.1.3.6.1.4.1.3375.2.1.1.2.20.19)
sysGlobalHostCpuIowait5s (.1.3.6.1.4.1.3375.2.1.1.2.20.20)
sysGlobalHostCpuUsageRatio5s (.1.3.6.1.4.1.3375.2.1.1.2.20.21)
sysGlobalHostCpuUsageRatio (.1.3.6.1.4.1.3375.2.1.1.2.20.13)
CPU Usage
Global Host CPU Usage
1-minute Polling Interval
sysGlobalHostCpuUser1m (.1.3.6.1.4.1.3375.2.1.1.2.20.22)
sysGlobalHostCpuNice1m (.1.3.6.1.4.1.3375.2.1.1.2.20.23)
sysGlobalHostCpuSystem1m (.1.3.6.1.4.1.3375.2.1.1.2.20.24)
sysGlobalHostCpuIdle1m (.1.3.6.1.4.1.3375.2.1.1.2.20.25)
sysGlobalHostCpuIrq1m (.1.3.6.1.4.1.3375.2.1.1.2.20.26)
sysGlobalHostCpuSoftirq1m (.1.3.6.1.4.1.3375.2.1.1.2.20.27)
sysGlobalHostCpuIowait1m (.1.3.6.1.4.1.3375.2.1.1.2.20.28)
sysGlobalHostCpuUsageRatio1m (.1.3.6.1.4.1.3375.2.1.1.2.20.29)
CPU Usage
Global Host CPU Usage
5-minute Polling Interval
sysGlobalHostCpuUse5m (.1.3.6.1.4.1.3375.2.1.1.2.20.30)
sysGlobalHostCpuNice5m (.1.3.6.1.4.1.3375.2.1.1.2.20.31)
sysGlobalHostCpuSystem5m (.1.3.6.1.4.1.3375.2.1.1.2.20.32)
sysGlobalHostCpuIdle5m (.1.3.6.1.4.1.3375.2.1.1.2.20.33))
sysGlobalHostCpuIrq5m (.1.3.6.1.4.1.3375.2.1.1.2.20.34)
sysGlobalHostCpuSoftirq5m (.1.3.6.1.4.1.3375.2.1.1.2.20.35)
sysGlobalHostCpuIowait5m (.1.3.6.1.4.1.3375.2.1.1.2.20.36)
sysGlobalHostCpuUsageRatio5m (.1.3.6.1.4.1.3375.2.1.1.2.20.37)

Collecting BIG-IP system data on CPU usage based on a custom polling interval

For the CPU[0-n], Global Host CPU, and TMM CPU Usage graph metrics, an alternative to instructing the BIG-IP system to collect CPU usage data automatically, is to do it maually, based on a custom polling interval. For the CPU[0-n] and Global Host CPU graph metrics, use the sysMultiHostCpu and sysGlobalHostCpu MIBs. For the TMM CPU Usage graphic metric, use the sysStatTm MIB.
The following table shows the required SNMP OIDs for collecting CPU data manually.
Performance Graph
Graph Metric
Required SNMP OIDs
CPU Usage
CPU[0-n]
sysMultiHostCpuUser (.1.3.6.1.4.1.3375.2.1.7.5.2.1.4)
sysMultiHostCpuNice (.1.3.6.1.4.1.3375.2.1.7.5.2.1.5)
sysMultiHostCpuSystem (.1.3.6.1.4.1.3375.2.1.7.5.2.1.6)
sysMultiHostCpuIdle (.1.3.6.1.4.1.3375.2.1.7.5.2.1.7)
sysMultiHostCpuIrq (.1.3.6.1.4.1.3375.2.1.7.5.2.1.8)
sysMultiHostCpuSoftirq (.1.3.6.1.4.1.3375.2.1.7.5.2.1.9)
sysMultiHostCpuIowait (.1.3.6.1.4.1.3375.2.1.7.5.2.1.10)
CPU Usage
TMM[0-m]
sysTmmStatTmUsageRatio5s (.1.3.6.1.4.1.3375.2.1.8.2.3.1.37.[tmm_id])
sysTmmStatTmUsageRatio1m (.1.3.6.1.4.1.3375.2.1.8.2.3.1.38.[tmm_id])
sysTmmStatTmUsageRatio5m (.1.3.6.1.4.1.3375.2.1.8.2.3.1.39.[tmm_id])
CPU Usage
Global Host CPU Usage
sysGlobalHostCpuCount (.1.3.6.1.4.1.3375.2.1.1.2.20.4)
sysGlobalHostActiveCpu (.1.3.6.1.4.1.3375.2.1.1.2.20.5)
sysGlobalHostCpuUser (.1.3.6.1.4.1.3375.2.1.1.2.20.6)
sysGlobalHostCpuNice (.1.3.6.1.4.1.3375.2.1.1.2.20.7)
sysGlobalHostCpuSystem (.1.3.6.1.4.1.3375.2.1.1.2.20.8)
sysGlobalHostCpuIdle (.1.3.6.1.4.1.3375.2.1.1.2.20.9)
sysGlobalHostCpuIrq (.1.3.6.1.4.1.3375.2.1.1.2.20.10)
sysGlobalHostCpuSoftirq (.1.3.6.1.4.1.3375.2.1.1.2.20.11)
sysGlobalHostCpuIowait (.1.3.6.1.4.1.3375.2.1.1.2.20.12)
CPU Usage
Global TMM CPU Usage
sysGlobalTmmStatTmUsageRatio5s (.1.3.6.1.4.1.3375.2.1.1.2.21.34)
sysGlobalTmmStatTmUsageRatio1m (.1.3.6.1.4.1.3375.2.1.1.2.21.35)
sysGlobalTmmStatTmUsageRatio5m (.1.3.6.1.4.1.3375.2.1.1.2.21.36)
CPU Usage
TMM CPU Usage
sysStatTmTotalCycles (.1.3.6.1.4.1.3375.2.1.1.2.1.41)
sysStatTmIdleCycles (.1.3.6.1.4.1.3375.2.1.1.2.1.42)
sysStatTmSleepCycles (.1.3.6.1.4.1.3375.2.1.1.2.1.43)
The following table shows the formulas for calculating metrics on CPU use.
Performance Graph
Graph Metric
Required calculations for CPU use
CPU Usage
CPU[0-n]
(<DeltaCpuUsers>) + (<DeltaCpuNice> + <DeltaCpuSystem> /
(<DeltaCpuUsers>) + <DeltaCpuNice> + <DeltaCpuIdle> +
<DeltaCpuSystem> + <DeltaCpulrq> + <DeltaCpuSoftirq> +
<DeltaCpulowait>) *100
CPU Usage
Global Host CPU Usage
(<DeltaCpuUsers> + <DeltaCpuNice> + <DeltaCpuSystem>) /
(<DeltaCpuUsers> + <DeltaCpuNice> + <DeltaCpuIdle> +
<DeltaCpuSystem> + <DeltaCpuIrq> + <DeltaCpuSoftirq> +
<DeltaCpuIowait>) *100
  1. Poll the OID
    sysMultiHostCpuUser (.1.3.6.1.4.1.3375.2.1.7.5.2.1.4)
     twice, at a 10-second interval. This results in two values,
    sysMultiHostCpuUser1and
     and
    sysMultiHostCpuUser2
    .
  2. Calculate the delta of the two poll values. For example:
    <DeltaCpuUser> = <sysMultiHostCpuUser2> - <sysMultiHostCpuUser1>.
  3. Repeat steps 1 and 2 for each OID pertaining to the
    CPU[0-n]
     graph metric.
  4. Repeat steps 1 and 2 again, using the OIDs from the MIBs
    sysStatTm
    and
    sysGlobalHostCpu
    .
  5. Calculate the values of the graphic metrics using the formulas in the table above.

Collecting BIG-IP system performance data on new connections using SNMP

You can use SNMP commands with various OIDs to gather and interpret data on the number of new connections on the BIG-IP system. The following table shows the required OIDs for the Performance graphs in the Configuration utility.
Performance Graph
Graph Metrics
Required SNMP OIDs
New Connections Summary
Client Accepts
Server Connects
sysTcpStatAccepts (.1.3.6.1.4.1.3375.2.1.1.2.12.6)
sysStatServerTotConns (.1.3.6.1.4.1.3375.2.1.1.2.1.14)
Total New Connections
Client Accepts
Server Connects
sysStatClientTotConns(.1.3.6.1.4.1.3375.2.1.1.2.1.7)
sysStatServerTotConns (.1.3.6.1.4.1.3375.2.1.1.2.1.14)
New Client SSL Profile Connections
SSL Client
SSL Server
sysClientsslStatTotNativeConns (.1.3.6.1.4.1.3375.2.1.1.2.9.6), sysClientsslStatTotCompatConns (.1.3.6.1.4.1.3375.2.1.1.2.9.9)
sysServersslStatTotNativeConns(.1.3.6.1.4.1.3375.2.1.1.2.10.6), sysServersslStatTotCompatConns (.1.3.6.1.4.1.3375.2.1.1.2.10.9)
New Accepts/ Connects
Client Accepts
Server Connects
sysTcpStatAccepts (.1.3.6.1.4.1.3375.2.1.1.2.12.6)
sysTcpStatConnects (.1.3.6.1.4.1.3375.2.1.1.2.12.8)
The following table shows the required calculations for interpreting metrics on new connections.
Performance Graph
Graph Metrics
Required SNMP OIDs
New Connections Summary
Client Accepts
Server Connects
<DeltaTcpStatAccept> / <interval>
<DeltaStatServerTotConns> / <interval>
Total New Connections
Client Connects
Server Connects
<DeltaStatClientTotConns> / <interval>
<DeltaStatServerTotConns> / <interval>
New Client SSL Profile Connections
SSL Client
SSL Server
( <DeltaClientsslStatTotNativeConns> + <DeltaClientsslStatTotCompatConns>) / <interval>
(<DeltaServersslStatTotNativeConns> + <DeltaServersslStatTotCompatConns>) / <interval>
New Accepts/ Connects
Client Accepts
Server Connects
<DeltaTcpStatAccepts> / <interval>
<DeltaTcpStatConnects> / <interval>
  1. For each OID, perform two separate polls, at an interval of your choice.
    For example, for the client accepts metric, poll OID
    sysTcpStatAccepts (.1.3.6.1.4.1.3375.2.1.1.2.12.6)
     twice, at a 10-second interval. This results in two values,
    <sysTcpStatAccepts1>
     and
    <sysTcpStatAccepts2>
    .
  2. Calculate the delta of the two poll values.
    For example, for the client accepts metric, perform this calculation:
    <DeltaTcpStatAccepts> = <sysTcpStatAccepts2> - <sysTcpStatAccepts1>
  3. Perform a calculation on the OID deltas. The value for
    interval
     is the polling interval. For example, to calculate the value of the client accepts metric:
    <DeltaTcpStatAccepts> / <interval>

Collecting BIG-IP system performance data on active connections using SNMP

Write an SNMP command with the various OIDs shown in the table to gather and interpret data on the number of active connections on the BIG-IP system.
To interpret data on active connections, you do not need to perform any calculations on the collected data.
Performance Graph
Graph Metrics
Required SNMP OIDs
Active Connections Summary
Connections
sysStatClientCurConns (.1.3.6.1.4.1.3375.2.1.1.2.1.8)
Active Connections Detailed
Client
Server
SSL Client
SSL Server
sysStatClientCurConns (.1.3.6.1.4.1.3375.2.1.1.2.1.8)
sysStatServerCurConns (.1.3.6.1.4.1.3375.2.1.1.2.1.15)
sysClientsslStatCurConns (.1.3.6.1.4.1.3375.2.1.1.2.9.2)
sysServersslStatCurConns (.1.3.6.1.4.1.3375.2.1.1.2.10.2)

About the RMON MIB file

The BIG-IP system provides the remote network monitoring (RMON) MIB file, RMON-MIB.txt. This file contains remote network monitoring information. The implementation of RMON on the BIG-IP system differs slightly from the standard RMON implementation, in the following ways:
  • The BIG-IP system implementation of RMON supports only these four of the nine RMON groups: statistics, history, alarms, and events.
  • The RMON-MIB.txt file monitors the BIG-IP system interfaces (that is, sysIfIndex), and not the standard Linux interfaces.
  • For hardware reasons, the packet-length-specific statistics in the RMON statistics group offer combined transmission and receiving statistics only. This behavior differs from the behavior described in the definitions of the corresponding OIDs.

About customized MIB entries

Customized MIB entries are defined in a TCL file named
custom_mib.tcl
 that you create and save on the BIG-IP system in the directory
/config/snmp/
. You must register the customized MIB entries and provide callback to the newly registered MIB using the TCL command
register_mib
 in this format:
register_mib oid callback type
. The three arguments for the command are described in this table.
Argument
Description
oid
A customized OID with a format of
.1.2.3.4
 with a limit of four digits. The common root of a customized MIB OID on the BIG-IP system is
.1.3.6.1.4.1.3375.2.100.
callback
A TCL procedure that is called when the registered MIB OID is browsed. The procedure cannot have any arguments. The return value of the procedure is returned for the registered MIB entry.
type
The type of MIB entry you are customizing. Four types are supported: INT, STRING, GAUGE, and COUNTER.
Here is sample TCL code for two custom MIBs:

  register_mib ".1" system_descr string
  register_mib ".2" tmmcpucnt int
  
  proc system_descr {}
  {
  set status [catch {exec uname -a} result]
  return $result
  }
  
  proc tmmcpucnt {}
  {
  set status [catch {exec tmctl  cpu_status_stat | grep cpu | wc -l} result]
  return $result
  }
Customized MIB entries are read-only through SNMP.

Creating custom MIB entries

You can add customized MIB entries to a BIG-IP system to provide visibility to statistics and information that are not available through standard MIBs. These statistics and information can help you make decisions about optimizing the BIG-IP system configuration.
  1. Create a TCL file named
    custom_mib.tcl
     that contains the customized MIB entries you want to use on the BIG-IP system.
    Ensure accuracy of the TCL procedures you use in the file. Avoid errors, such as infinite loops, which can affect how
    snmpd
     works.
    snmpd
     restarts after being unresponsive for longer than the heartbeat time interval configured in
    config/snmp/bigipTrafficMgmt.conf
    .
  2. Save the TCL file to the
    /config/snmp/
     directory on the BIG-IP system.
    After you save
    custom_mib.tcl
    , you can modify the file at any time; however, your changes become effective only after you restart
    snmpd
    .
  3. Restart
    snmpd
    .
    Customized MIB entries are registered. If logging is turned on, you might see log entries in
    /var/log/snmpd.log
    , such as
    custom mib initialization completed. total 4 custom mib entry registered.
Use a MIB browser or
snmpwalk
 to obtain the values of the newly registered MIB entries. Use this information to help you manage your network traffic.

Overview: BIG-IP SNMP agent configuration

You can use the industry-standard SNMP protocol to manage BIG-IP devices on a network. To do this, you must configure the SNMP agent on the BIG-IP system. The primary tasks in configuring the SNMP agent are configuring client access to the SNMP agent, and controlling access to SNMP data.

Task summary

Perform these tasks to configure SNMP on the BIG-IP system.

Specify SNMP administrator contact information and system location information

You specify contact information for the SNMP administrator, as well as the physical location of the BIG-IP system running an SNMP agent.
  1. On the Main tab, click
    System
    SNMP
    Agent
    Configuration
    .
  2. In the Global Setup area, in the
    Contact Information
     field, type contact information for the SNMP administrator for this BIG-IP system.
    The contact information is a MIB-II simple string variable. The contact information usually includes both a user name and an email address.
  3. In the
    Machine Location
     field, type the location of the system, such as
    Network Closet 1
    .
    The machine location is a MIB-II simple string variable.
  4. Click
    Update
    .

Configure SNMP manager access to the SNMP agent on the BIG-IP system

Before you start this task, you should gather the IP addresses of the SNMP managers that you want to have access to the SNMP agent on this BIG-IP system.
You configure the SNMP agent on the BIG-IP system so that a client running the SNMP manager can access the SNMP agent to remotely manage the BIG-IP system.
  1. On the Main tab, click
    System
    SNMP
    Agent
    Configuration
    .
  2. In the
    Client Allow List
     area, for the
    Type
    setting, select either
    Host
     or
    Network
    , depending on whether the IP address you specify is a host system or a subnet.
    By default, SNMP is enabled only for the BIG-IP system loopback interface (127.0.0.1).
  3. In the
    Address
     field, type either an IP address or network address from which the SNMP agent can accept requests.
  4. If you selected
    Network
     in step 2, type the netmask in the
    Mask
     field.
  5. Click
    Add
    .
  6. Click
    Update
    .
The BIG-IP system now contains a list of IP addresses for SNMP managers from which SNMP requests are accepted.

Grant community access to v1 or v2c SNMP data

To better control access to SNMP data, you can assign an access level to an SNMP v1 or v2c community.
SNMPv1 does not support Counter64 OIDs, which are used for accessing most statistics. Therefore, for SNMPv1 clients, an
snmp walk
 command skips any OIDs of type Counter64. We recommend that you use only clients that support SNMPv2 or later.
  1. On the Main tab, click
    System
    SNMP
    Agent
    Access (v1, v2c)
    .
  2. Click
    Create
    .
  3. From the
    Type
     list, select either
    IPv4
     or
    IPv6
    .
  4. In the
    Community
     field, type the name of the SNMP community for which you are assigning an access level.
  5. From the
    Source
     list, select
    All
    , or select
    Select
     and type the source IP address in the field that displays.
  6. In the
    OID
     field, type the OID for the top-most node of the SNMP tree to which the access applies.
  7. From the
    Access
     list, select an access level, either
    Read Only
     or
    Read/Write
    .
    When you set the access level of a community or user to read/write, and an individual data object has a read-only access type, access to the object remains read-only. In short, the access level or type that is the most secure takes precedence when there is a conflict.
  8. Click
    Finished
    .
The BIG-IP system updates the
snmpd.conf
 file, assigning only a single access setting to the community as shown in this sample
snmpd.conf
 file.
Example snmpd.conf file
In the following sample code from an
snmpd.conf
 file, string
rocommunity public default
 identifies a community named
public
 that has the default read-only access-level. This access-level prevents any allowed SNMP manager in community
public
 from modifying a data object, even if the object has an access type of read/write. The string
rwcommunity public1
 identifies a community named
public1
 as having a read/write access-level. This access-level allows any allowed SNMP manager in community
public1
 to modify a data object under the tree node
.1.3.6.1.4.1.3375.2.2.10.1
 (ltmVirtualServ) on the local host
127.0.0.1
, if that data object has an access type of read/write. 

   rocommunity public default
   rwcommunity public1 127.0.0.1  .1.3.6.1.4.1.3375.2.2.10.1

Grant user access to v3 SNMP data

To better control access to SNMP data, you can assign an access level to an SNMP v3 user.
  1. On the Main tab, click
    System
    SNMP
    Agent
    Access (v3)
    .
  2. Click
    Create
    .
  3. In the
    User Name
     field, type the name of the user for which you are assigning an access level.
  4. In the Authentication area, from the
    Type
     list, select a type of authentication to use, and then type and confirm the user’s password.
  5. In the Privacy area, from the
    Protocol
     list, select a privacy protocol, and either type and confirm the user’s password, or select the
    Use Authentication Password
     check box.
  6. In the
    OID
     field, type the OID for the top-most node of the SNMP tree to which the access applies.
  7. From the
    Access
     list, select an access level, either
    Read Only
     or
    Read/Write
    .
    When you set the access level of a community or user to read/write, and an individual data object has a read-only access type, access to the object remains read-only. In short, the access level or type that is the most secure takes precedence when there is a conflict.
  8. Click
    Finished
    .
The BIG-IP system updates the
snmpd.conf
 file, assigning only a single access setting to the user.

Overview: SNMP trap configuration

SNMP
traps
 are definitions of unsolicited notification messages that the BIG-IP alert system and the SNMP agent send to the SNMP manager when certain events occur on the BIG-IP system. Configuring SNMP traps on a BIG-IP system means configuring how the BIG-IP system handles traps, as well as setting the destination to which the notifications are sent.
The BIG-IP system stores SNMP traps in two specific files:
/etc/alertd/alert.conf
Contains default SNMP traps.
Do not add or remove traps from the
/etc/alertd/alert.conf
 file.
/config/user_alert.conf
Contains user-defined SNMP traps.

Task summary

Perform these tasks to configure SNMP traps for certain events and set trap destinations.

Enabling traps for specific events

You can configure the SNMP agent on the BIG-IP system to send, or refrain from sending, notifications to the traps destinations.
  1. On the Main tab, click
    System
    SNMP
    Traps
    Configuration
    .
  2. To send traps when an administrator starts or stops the SNMP agent, verify that the
    Enabled
     check box for the
    Agent Start/Stop
     setting is selected.
  3. To send notifications when authentication warnings occur, select the
    Enabled
     check box for the
    Agent Authentication
     setting.
  4. To send notifications when certain warnings occur, verify that the
    Enabled
     check box for the
    Device
     setting is selected.
  5. Click
    Update
    .
The BIG-IP system automatically updates the
alert.conf
 file.

Setting v1 and v2c trap destinations

You specify the IP address of the SNMP manager in order for the BIG-IP system to send notifications.
  1. On the Main tab, click
    System
    SNMP
    Traps
    Destination
    .
  2. Click
    Create
    .
  3. For the
    Version
     setting, select either
    v1
     or
    v2c
    .
  4. In the
    Community
     field, type the community name for the SNMP agent running on the BIG-IP system.
  5. In the
    Destination
     field, type the IP address of the SNMP manager.
  6. In the
    Port
     field, type the port number on the SNMP manager that is assigned to receive the traps.
  7. For the
    Network
     setting, select a trap network.
    The BIG-IP system sends the SNMP trap out of the network you select.
  8. Click
    Finished
    .

Setting v3 trap destinations

You specify the destination SNMP manager to which the BIG-IP system sends notifications.
  1. On the Main tab, click
    System
    SNMP
    Traps
    Destination
    .
  2. Click
    Create
    .
  3. For the
    Version
     setting, select
    v3
    .
  4. In the
    Destination
     field, type the IP address of the SNMP manager.
  5. In the
    Port
     field, type the port number on the SNMP manager that is assigned to receive the traps.
  6. For the
    Network
     setting, select a trap network.
    The BIG-IP system sends the SNMP trap out of the network you select.
  7. From the
    Security Level
     list, select the level of security at which you want SNMP messages processed.
    Option
    Description
    Auth, No Privacy
    Process SNMP messages using authentication but without encryption. When you use this value, you must also provide values for the
    Security Name
    ,
    Authentication Protocol
    , and
    Authentication Password
     settings.
    Auth and Privacy
    Process SNMP messages using authentication and encryption. When you use this value, you must also provide values for the
    Security Name
    ,
    Authentication Protocol
    ,
    Authentication Password
    ,
    Privacy Protocol
    , and
    Privacy Password
     settings.
  8. In the
    Security Name
     field, type the user name the system uses to handle SNMP v3 traps.
  9. In the
    Engine ID
     field, type an administratively unique identifier for an SNMP engine. (This setting is optional.) You can find the engine ID in the
    /config/net-snmp/snmpd.conf
     file on the BIG-IP system.
    Note that this ID is identified in the file as the value of the oldEngineID token.
    If EngineID is not manually specified in the configuration or changed, it will be subjected to an alteration after upgrade activities. See
    K15681: Customizing the SNMP v3 engineID
     at
    support.f5.com/csp/article/K15681
    : "This ID is normally determined automatically, using a combination of a pseudorandom number and the current time, in seconds."
  10. From the
    Authentication Protocol
     list, select the algorithm the system uses to authenticate SNMP v3 traps.
    When you set this value, you must also enter a value in the
    Authentication Password
     field.
  11. In the
    Authentication Password
     field, type the password the system uses to handle an SNMP v3 trap.
    When you set this value, you must also select a value from the
    Authentication Protocol
     list.
    The authentication password must be at least 8 characters long.
  12. If you selected
    Auth and Privacy
     from the
    Security Level
     list, from the
    Privacy Protocol
     list, select the algorithm the system uses to encrypt SNMP v3 traps.
    When you set this value, you must also enter a value in the
    Privacy Password
     field.
  13. If you selected
    Auth and Privacy
     from the
    Security Level
     list, in the
    Privacy Password
     field, type the password the system uses to handle an encrypted SNMP v3 trap.
    When you set this value, you must also select a value from the
    Privacy Protocol
     list.
    The authentication password must be at least 8 characters long.
  14. Click
    Finished
    .

Viewing preconfigured SNMP traps

Verify that your user account grants you access to the advanced shell.
Preconfigured traps are stored in the
/etc/alertd/alert.conf
 file. View these SNMP traps to understand the data that the SNMP manager can use.
  1. Use this command to view the SNMP traps that are preconfigured on the BIG-IP system:
    cat /etc/alertd/alert.conf
    .

Creating custom SNMP traps

Verify that your user account grants you access to tmsh.
Create custom SNMP traps that alert the SNMP manager to specific SNMP events that occur on the network when the pre-configured traps do not meet all of your needs.
  1. Log in to the command line.
  2. Create a backup copy of the file
    /config/user_alert.conf
    , by typing this command:
    cp /config/user_alert.conf
    backup_file_name
    For example, type:
    cp /config/user_alert.conf /config/user_alert.conf.backup
  3. With a text editor, open the file
    /config/user_alert.conf
    .
  4. Add a new SNMP trap.
    The required format is: 
    alert 
    alert_name
     "
    matched message
    " {     
    snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.
    XXX
    "
   }
    • alert_name
       represents a descriptive name. The
      alert_name
       or
      matched_message
       value cannot match the corresponding value in any of the SNMP traps defined in the
      /etc/alertd/alert.conf
       or
      /config/user_alert.conf
       file.
    • matched_message
       represents the text that matches the Syslog message that triggers the custom trap. You can specify either a portion of the Syslog message text or use a regular expression. Do not include the Syslog prefix information, such as the date stamp and process ID, in the match string.
    • The
      XXX
       portion of the OID value represents a number that is unique to this OID. Specify any OID that meets all of these criteria:
      • Is in standard OID format and within the range
        .1.3.6.1.4.1.3375.2.4.0.300
         through
        .1.3.6.1.4.1.3375.2.4.0.999
        .
      • Is in a numeric range that can be processed by your trap receiving tool.
      • Does not exist in the MIB file
        /usr/share/snmp/mibs/F5-BIGIP-COMMON-MIB.txt
        .
      • Is not used in another custom trap.
    As an example, to create a custom SNMP trap that is triggered whenever the system logs switchboard failsafe status changes, add the following trap definition to
    /config/user_alert.conf
    .
    alert SWITCHBOARD_FAILSAFE_STATUS "Switchboard Failsafe (.*)" {
         snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.500"
    }
    This trap definition causes the system to log the following message to the file
    /var/log/ltm
    , when switchboard failsafe is enabled:
    Sep 23 11:51:40 bigip1.askf5.com lacpd[27753]: 01160016:6: Switchboard Failsafe enabled
    .
  5. Save the file.
  6. Close the text editor.
  7. Restart the
    alertd
     daemon by typing this command:
    bigstart restart alertd
    If the
    alertd
     daemon fails to start, examine the newly-added trap entry to ensure that the format is correct.

Overview: About troubleshooting SNMP traps

When the BIG-IP alert system and the SNMP agent send traps to the SNMP manager, you can respond to the alert using the recommended actions for each SNMP trap.

APM-related traps and recommended actions

This table provides information about the APM-related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipAccessGlobalLicenseTHDExceeded (.1.3.6.1.4.1.3375.2.4.0.191)
Global access license usage exceeds threshold.
Purchase additional access licensing.
bigipAccessCCULicenseTHDExceeded (.1.3.6.1.4.1.3375.2.4.0.192)
Global concurrent connectivity license usage exceeds threshold.
Purchase additional connectivity licensing.
bigipAccessURLFLicenseTHDExceeded (.1.3.6.1.4.1.3375.2.4.0.193)
Global URL filtering license usage exceeds threshold.
Purchase additional SWG licensing.
bigipAccessControlAPDNoticeHATransition (.1.3.6.1.4.1.3375.2.4.0.194)
APM HA state transitioned.
Review the error message and determine corrective action on the device.
bigipAccessURLFLimitedLicenseTHDExceeded (.1.3.6.1.4.1.3375.2.4.0.197)
Global URL filtering limited license usage exceeds threshold.
Purchase SWG licensing.
By default, the threshold for each license type is 75% of license capacity.
An administrator can adjust the threshold by running the following commands:

tmsh modify sys db log.alertapmaccessthreshold value <new_threshold>          /* for Access license */    
tmsh modify sys db log.alertapmconnectivitythreshold value <new_threshold>   /* for Connectivity license */    
tmsh modify sys db log.alertapmurlfthreshold value <new_threshold>           /* for URL filtering license */
tmsh modify sys db log.alertapmurlflimitedthreshold value <new_threshold>    /* for URL filtering limited license */

AFM-related traps and recommended actions

This table provides information about the AFM-related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
BIGIP_TMM_TMMERR_DOS_ATTACK_START (.1.3.6.1.4.1.3375.2.4.0.133)
The start of a possible DoS attack was registered.
Determine your response to this type of DoS attack, if required.
BIGIP_TMM_TMMERR_DOS_ATTACK_STOP (.1.3.6.1.4.1.3375.2.4.0.134)
The end of a possible DoS attack was detected.
None, informational.
BIGIP_DOSPROTECT_DOSPROTECT_AGGRREAPEROID (.1.3.6.1.4.1.3375.2.4.0.22)
The flow sweeper started or stopped.
None, informational.

AOM-related traps and recommended actions

This table provides information about the Always-On Management (AOM)-related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipLibhalAomEventWarning (.1.3.6.1.4.1.3375.2.4.0.167)
AOM has issued a warning event.
Inspect the
/var/log/ltm
 file for additional messages that might provide further clarity on why the warning was raised.
bigipLibhalAomEventError (.1.3.6.1.4.1.3375.2.4.0.168)
AOM has issued an error event.
Inspect the
/var/log/ltm
 file for additional messages that might provide further clarity on why the warning was raised.
bigipLibhalAomEventAlert (.1.3.6.1.4.1.3375.2.4.0.169)
AOM has issued an alert event.
Inspect the
/var/log/ltm
 file for additional messages that might provide further clarity on why the warning was raised.
bigipLibhalAomEventCritical (.1.3.6.1.4.1.3375.2.4.0.170)
AOM has issued a critical event.
Inspect the
/var/log/ltm
 file for additional messages that might provide further clarity on why the warning was raised.
bigipLibhalAomEventEmergency (.1.3.6.1.4.1.3375.2.4.0.171)
AOM has issued an emergency event.
Inspect the
/var/log/ltm
 file for additional messages that might provide further clarity on why the warning was raised.
bigipLibhalAomEventInfo (.1.3.6.1.4.1.3375.2.4.0.172)
AOM has issued an information event.
Inspect the
/var/log/ltm
 file for additional messages that might provide further clarity on why the warning was raised.
bigipLibhalAomSensorTempWarning (.1.3.6.1.4.1.3375.2.4.0.173)
AOM has issued a temperature sensor warning level event.
Check the fan status from the output of your
tmsh show sys hardware
 query, and see if any are
down
. Make sure the system has proper airflow. Verify that the unit has a sufficiently cool ambient room temperature.
bigipLibhalAomSensorTempError (.1.3.6.1.4.1.3375.2.4.0.174)
AOM has issued a temperature sensor warning level event.
Check the fan status from the output of your
tmsh show sys hardware
 query, and see if any are
down
. Make sure the system has proper airflow. Verify that the unit has a sufficiently cool ambient room temperature.
bigipLibhalAomSensorTempAlert (.1.3.6.1.4.1.3375.2.4.0.175)
AOM has issued a temperature sensor alert level event.
Check the fan status from the output of your
tmsh show sys hardware
 query, and see if any are
down
. Make sure the system has proper airflow. Verify that the unit has a sufficiently cool ambient room temperature.
bigipLibhalAomSensorTempCritical (.1.3.6.1.4.1.3375.2.4.0.176)
AOM has issued a temperature sensor critical level event.
Check the fan status from the output of your
tmsh show sys hardware
 query, and see if any are
down
. Make sure the system has proper airflow. Verify that the unit has a sufficiently cool ambient room temperature.
bigipLibhalAomSensorTempEmergency (.1.3.6.1.4.1.3375.2.4.0.177)
AOM has issued a temperature sensor emergency level event.
Check the fan status from the output of your
tmsh show sys hardware
 query, and see if any are
down
. Make sure the system has proper airflow. Verify that the unit has a sufficiently cool ambient room temperature.
bigipLibhalAomSensorTempInfo (.1.3.6.1.4.1.3375.2.4.0.178)
AOM has issued a temperature sensor information level event.
Check the fan status from the output of your
tmsh show sys hardware
 query, and see if any are
down
. Make sure the system has proper airflow. Verify that the unit has a sufficiently cool ambient room temperature.
bigipLibhalAomSensorFanWarning (.1.3.6.1.4.1.3375.2.4.0.179)
AOM has issued a fan sensor warning level event.
Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws.
bigipLibhalAomSensorFanError (.1.3.6.1.4.1.3375.2.4.0.180)
AOM has issued a fan sensor error level event.
Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws.
bigipLibhalAomSensorFanAlert (.1.3.6.1.4.1.3375.2.4.0.181)
AOM has issued a fan sensor alert level event.
Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws.
bigipLibhalAomSensorFanCritical (.1.3.6.1.4.1.3375.2.4.0.182)
AOM has issued a fan sensor critical level event.
Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws.
bigipLibhalAomSensorFanEmergency (.1.3.6.1.4.1.3375.2.4.0.183)
AOM has issued a fan sensor emergency level event.
Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws.
bigipLibhalAomSensorFanInfo (.1.3.6.1.4.1.3375.2.4.0.184)
AOM has issued a fan sensor information level event.
Inspect the system for anything obstructing the system fans. Ensure that the system fan tray is fully seated using the supplied screws.
bigipLibhalAomSensorPwrWarning (.1.3.6.1.4.1.3375.2.4.0.185)
AOM has issued a power sensor warning level event.
Ensure that the power supply unit (PSU) is properly seated. Ensure that the PSU has an appropriate power feed.
bigipLibhalAomSensorPwrError (.1.3.6.1.4.1.3375.2.4.0.186)
AOM has issued a power sensor error level event.
Ensure that the PSU is properly seated. Ensure that the PSU has an appropriate power feed.
bigipLibhalAomSensorPwrAlert (.1.3.6.1.4.1.3375.2.4.0.187)
AOM has issued a power sensor alert level event.
Ensure that the power supply unit PSU is properly seated. Ensure that the PSU has an appropriate power feed.
bigipLibhalAomSensorPwrCritical (.1.3.6.1.4.1.3375.2.4.0.188)
AOM has issued a power sensor critical level event.
Ensure that the power supply unit PSU is properly seated. Ensure that the PSU has an appropriate power feed.
bigipLibhalAomSensorPwrEmergency (.1.3.6.1.4.1.3375.2.4.0.189)
AOM has issued a power sensor emergency level event.
Ensure that the power supply unit PSU is properly seated. Ensure that the PSU has an appropriate power feed.
bigipLibhalAomSensorPwrInfo (.1.3.6.1.4.1.3375.2.4.0.190)
AOM has issued a power sensor information level event.
Ensure that the power supply unit PSU is properly seated. Ensure that the PSU has an appropriate power feed.

Application Visibility and Reporting-related traps and recommended actions

This table provides information about the Application Visibility and Reporting (AVR) notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipAvrAlertsMetricSnmp (.1.3.6.1.4.1.3375.2.4.0.105)
A BIG-IP system AVR SNMP metric changed.
Information only, no action required.
bigipAvrAlertsMetricSmtp (.1.3.6.1.4.1.3375.2.4.0.106)
A BIG-IP system AVR SMTP metric changed.
Information only, no action required.

Authentication-related traps and recommended actions

This table provides information about the authentication-related notifications that an SNMP manager can receive.
Trap Name
Description
Recommended Action
bigipTamdAlert (.1.3.6.1.4.1.3375.2.4.0.21)
More than 60 authentication attempts have failed within one second, for a given virtual server.
Investigate for a possible intruder.
bigipAuthFailed (.1.3.6.1.4.1.3375.2.4.0.27)
A login attempt failed.
Check the user name and password.
bigipAgentAuthFailure (.1.3.6.1.6.3.1.1.5.5)
An authentication failure trap signifies that the SNMP entity has received a protocol message that is not properly authenticated. While all implementations of SNMP entities may be capable of generating this trap, the snmpEnableAuthenTraps object indicates whether this trap will be generated.
Information only, no action required.

DDM-related traps and recommended actions

This table provides information about the Digital Diagnostic Monitoring (DDM)-related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipDDMPowerAlarm (.1.3.6.1.4.1.3375.2.4.0.158)
The Digital Diagnostic Monitoring (DDM) on a pluggable optical transceiver detected an alarm condition. DDM monitors both transmit and receive optical power to ensure the laser power is between vendor-specified power thresholds for pluggable optical modules such as SFP/SFP+/QSFP+/QSFP28. An alarm can occur when a cable is removed from a plugged port, or when the front panel port or the transceiver is not configured or operating properly.
Refer to the text of the alert: is it a low or high alarm? Is it a transmit or receive alarm? The action to take for F5 branded optics (the following troubleshooting steps) depends on a condition derived from the two states (low/high and transmit/receive):
  • Low (Alarm)/Transmit (Alarm): See if the BCM port is enabled. If not, then enable it.
  • High (Alarm)/Transmit (Alarm): Hot swap extract and insert F5 Optics multiple times. Check to see if a link comes up without a DDM error after each insertion. If a problem persists, then it is a bad F5 Optic.
  • Low (Alarm)/Receive (Alarm): Verify F5 optics module with local loopback cable. Verify that the transmission power on the other end of the cable is correct. Recheck the optical link budget calculations. Clean the optical cables, connectors, and/or lens. For any receive problem, look at the transmitter to make sure it is okay and the correct protocol.
  • High (Alarm)/Receive (Alarm): Check the protocol setting on both link partners and make sure they are compatible. Verify that the transmission power on the other end is okay. Recheck the optical link budget calculations. For any receive problem, look at the transmitter to make sure it is okay and the correct protocol.
bigipDDMPowerWarn (.1.3.6.1.4.1.3375.2.4.0.159)
The DDM on a pluggable optical transceiver detected a warning condition. DDM monitors both transmit and receive optical power to ensure the laser power is between vendor-specified power thresholds for pluggable optical modules such as SFP/SFP+/QSFP+/QSFP28. A warning can occur when a cable is removed from a plugged port, or when the front panel port or the transceiver is not configured or operating properly.
Refer to the text of the alert: is it a low or high alarm? Is it a transmit or receive alarm? The action to take for F5 branded optics (the following troubleshooting steps) depends on a condition derived from the two states (low/high and transmit/receive):
  • Low (Alarm)/Transmit (Alarm): See if the BCM port is enabled. If not, then enable it.
  • High (Alarm)/Transmit (Alarm): Hot swap extract and insert F5 Optics multiple times. Check to see if a link comes up without a DDM error after each insertion. If a problem persists, then it is a bad F5 Optic.
  • Low (Alarm)/Receive (Alarm): Verify F5 optics module with local loopback cable. Verify that the transmission power on the other end of the cable is correct. Recheck the optical link budget calculations. Clean the optical cables, connectors, and/or lens. For any receive problem, look at the transmitter to make sure it is okay and the correct protocol.
  • High (Alarm)/Receive (Alarm): Check the protocol setting on both link partners and make sure they are compatible. Verify the transmission power on the other end is okay. Recheck the optical link budget calculations. For any receive problem, look at the transmitter to make sure it is okay and the correct protocol.
bigipDDMPowerAlarmClear (.1.3.6.1.4.1.3375.2.4.0.160)
The DDM on a pluggable optical transceiver no longer detects an alarm condition. DDM monitors both transmit and receive optical power to ensure the laser power is between vendor-specified power thresholds.
Depending on the state of the network, action might or might not be required. The previous alarm has cleared.
bigipDDMPowerWarnClear (.1.3.6.1.4.1.3375.2.4.0.161)
The DDM on a pluggable optical transceiver no longer detects a warning condition. DDM monitors both transmit and receive optical power to ensure the laser power is between vendor-specified power thresholds.
Depending on the state of the network, action might or might not be required. The previous alarm has cleared.
bigipDDMNonF5Optics (.1.3.6.1.4.1.3375.2.4.0.162)
A non-F5 pluggable optical transceiver is present in an interface. See K8153 at
http://support.f5.com
 for restrictions on third-party hardware components with F5 products.
Might need to replace with an F5 branded optic.

SQL monitoring daemon related traps and recommended actions

This table provides information about the SQL monitoring daemon related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipMonitoringDBDaemonHungSQL (.1.3.6.1.4.1.3375.2.4.0.195)
Hung SQL monitor connection.
Information only, no action required.
bigipMonitoringDBDaemonIdle (.1.3.6.1.4.1.3375.2.4.0.196)
DBDaemon unresponsive or inactive, shutting down.
Information only, no action required.

SOD related traps and recommended actions

This table provides information about the SOD related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipSODpeerfailovercondition (.1.3.6.1.4.1.3375.2.4.0.163)
A traffic group has reported a failover condition and will not be able to go active. This trap is is logged when the traffic group fails over from the peer device.
Check the peer device for reason of the traffic group failover, and correct the issue.
bigipSODpeerfailoverconditionclear (.1.3.6.1.4.1.3375.2.4.0.164)
Failover condition for a traffic group has been cleared. This trap is logged when the failure that caused the traffic group failover has cleared on the peer device. The traffic group can fall back to the peer device in case of a failure on the local device.
Information only, no action required.
bigipDisablenonF5Optics (.1.3.6.1.4.1.3375.2.4.0.165)
A non F5 pluggable optical transceiver has been disabled in an interface. See K8153 in support.f5.com for restrictions on third-party hardware components with F5 products.
Information only, no action required.

DoS-related traps and recommended actions

This table provides information about the denial-of-service (DoS)-related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipAggrReaperStateChange (.1.3.6.1.4.1.3375.2.4.0.22)
The state of the aggressive reaper has changed, indicating that the BIG-IP system is moving to a distress mode.
Use the default denial-of-service (DoS) settings. You can also add rate filters to survive the attack.
bigipDosAttackStart (.1.3.6.1.4.1.3375.2.4.0.133)
The BIG-IP system detected a DoS attack start.
Check the attack name in the notification to determine the kind of attack that is detected.
bigipDosAttackStop (.1.3.6.1.4.1.3375.2.4.0.134)
The BIG-IP system detected a DoS attack stop.
Information only, no action required.

General traps and recommended actions

This table provides information about the general notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipDiskPartitionWarn (.1.3.6.1.4.1.3375.2.4.0.25)
Free space on the disk partition is less than the specified limit. By default, the limit is 30% of total disk space.
Increase the available disk space.
bigipDiskPartitionGrowth (.1.3.6.1.4.1.3375.2.4.0.26)
The disk partition use exceeds the specified growth limit. By default, the limit is 5% of total disk space.
Increase the available disk space.
bigipUpdatePriority (.1.3.6.1.4.1.3375.2.4.0.153)
There is a high priority software update available.
Download and install the software update.
bigipUpdateServer (.1.3.6.1.4.1.3375.2.4.0.154)
Unable to connect to the F5 server running update checks.
Verify the server connection settings.
bigipUpdateError (.1.3.6.1.4.1.3375.2.4.0.155)
There was an error checking for updates.
Investigate the error.
bigipAgentStart (.1.3.6.1.4.1.3375.2.4.0.1)
The SNMP agent on the BIG-IP system has been started.
For your information only. No action required.
bigipAgentShutdown (.1.3.6.1.4.1.3375.2.4.0.2)
The SNMP agent on the BIG-IP system is in the process of being shut down.
For your information only. No action required.
bigipAgentRestart (.1.3.6.1.4.1.3375.2.4.0.3)
The SNMP agent on the BIG-IP system has been restarted.
This trap is for future use only.

BIG-IP DNS-related traps and recommended actions

This table provides information about the DNS-related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipGtmBoxAvail (.1.3.6.1.4.1.3375.2.4.0.77)
The BIG-IP system has come UP.
Information only, no action required.
bigipGtmBoxNotAvail (.1.3.6.1.4.1.3375.2.4.0.78)
The BIG-IP system has gone DOWN.
Information only, no action required.
bigipGtmBig3dSslCertExpired (.1.3.6.1.4.1.3375.2.4.0.81)
The certificate
/config/big3d/client.crt
 has expired.
Replace the certificate.
bigipGtmBig3dSslCertWillExpire (.1.3.6.1.4.1.3375.2.4.0.82)
The certificate
/config/big3d/client.crt
 will expire soon.
Replace the certificate.
bigipGtmSslCertExpired (.1.3.6.1.4.1.3375.2.4.0.83)
The certificate
/config/gtm/server.crt
 has expired.
Replace the certificate.
bigipGtmSslCertWillExpire (.1.3.6.1.4.1.3375.2.4.0.84)
The certificate
/config/gtm/server.crt
 will expire soon.
Replace the certificate.
bigipGtmPoolAvail (.1.3.6.1.4.1.3375.2.4.0.40)
A global traffic management pool is available.
Information only, no action required.
bigipGtmPoolNotAvail (.1.3.6.1.4.1.3375.2.4.0.41)
A global traffic management pool is not available.
Information only, no action required.
bigipGtmPoolDisabled (.1.3.6.1.4.1.3375.2.4.0.42)
A global traffic management pool is disabled.
Check the status of the pool.
bigipGtmPoolEnabled (.1.3.6.1.4.1.3375.2.4.0.43)
A global traffic management pool is enabled.
Information only, no action required.
bigipGtmLinkAvail (.1.3.6.1.4.1.3375.2.4.0.44)
A global traffic management link is available.
Information only, no action required.
bigipGtmLinkNotAvail (.1.3.6.1.4.1.3375.2.4.0.45)
A global traffic management link is not available.
Check the status of the link, as well as the relevant detailed log message.
bigipGtmLinkDisabled (.1.3.6.1.4.1.3375.2.4.0.46)
A global traffic management link is disabled.
Check the status of the link.
bigipGtmLinkEnabled (.1.3.6.1.4.1.3375.2.4.0.47)
A global traffic management link is enabled.
Information only, no action required.
bigipGtmWideIpAvail (.1.3.6.1.4.1.3375.2.4.0.48)
A global traffic management wide IP is available.
Information only, no action required.
bigipGtmWideIpNotAvail (.1.3.6.1.4.1.3375.2.4.0.49)
A global traffic management wide IP is unavailable.
Check the status of the wide IP, as well as the relevant detailed log message.
bigipGtmWideIpDisabled (.1.3.6.1.4.1.3375.2.4.0.50)
A global traffic management wide IP is disabled.
Check the status of the wide IP.
bigipGtmWideIpEnabled (.1.3.6.1.4.1.3375.2.4.0.51)
A global traffic management wide IP is enabled.
Information only, no action required.
bigipGtmPoolMbrAvail (.1.3.6.1.4.1.3375.2.4.0.52)
A global traffic management pool member is available.
Information only, no action required.
bigipGtmPoolMbrNotAvail (.1.3.6.1.4.1.3375.2.4.0.53)
A global traffic management pool member is not available.
Check the status of the pool member, as well as the relevant detailed log message.
bigipGtmPoolMbrDisabled (.1.3.6.1.4.1.3375.2.4.0.54)
A global traffic management pool member is disabled.
Check the status of the pool member.
bigipGtmPoolMbrEnabled (.1.3.6.1.4.1.3375.2.4.0.55)
A global traffic management pool member is enabled.
Information only, no action required.
bigipGtmServerAvail (.1.3.6.1.4.1.3375.2.4.0.56)
A global traffic management server is available.
Information only, no action required.
bigipGtmServerNotAvail (.1.3.6.1.4.1.3375.2.4.0.57)
A global traffic management server is unavailable.
Check the status of the server, as well as the relevant detailed log message.
bigipGtmServerDisabled (.1.3.6.1.4.1.3375.2.4.0.58)
A global traffic management server is disabled.
Check the status of the server.
bigipGtmServerEnabled (.1.3.6.1.4.1.3375.2.4.0.59)
A global traffic management server is enabled.
Information only, no action required.
bigipGtmVsAvail (.1.3.6.1.4.1.3375.2.4.0.60)
A global traffic management virtual server is available.
Information only, no action required.
bigipGtmVsNotAvail (.1.3.6.1.4.1.3375.2.4.0.61)
A global traffic management virtual server is unavailable.
Check the status of the virtual server, as well as the relevant detailed log message.
bigipGtmVsDisabled (.1.3.6.1.4.1.3375.2.4.0.62)
A global traffic management virtual server is disabled.
Check the status of the virtual server.
bigipGtmVsEnabled (.1.3.6.1.4.1.3375.2.4.0.63)
A global traffic management virtual server is enabled.
Information only, no action required.
bigipGtmDcAvail (.1.3.6.1.4.1.3375.2.4.0.64)
A global traffic management data center is available.
Information only, no action required.
bigipGtmDcNotAvail (.1.3.6.1.4.1.3375.2.4.0.65)
A global traffic management data center is unavailable.
Check the status of the data center, as well as the relevant detailed log message.
bigipGtmDcDisabled (.1.3.6.1.4.1.3375.2.4.0.66)
A global traffic management data center is disabled.
Check the status of the data center.
bigipGtmDcEnabled (.1.3.6.1.4.1.3375.2.4.0.67)
A global traffic management data center is enabled.
Information only, no action required.
bigipGtmAppObjAvail (.1.3.6.1.4.1.3375.2.4.0.69)
A global traffic management application object is available.
Information only, no action required.
bigipGtmAppObjNotAvail (.1.3.6.1.4.1.3375.2.4.0.70)
A global traffic management application object is unavailable.
Check the status of the application object, as well as the relevant detailed log message.
bigipGtmAppAvail (.1.3.6.1.4.1.3375.2.4.0.71)
A global traffic management application is available.
Information only, no action required.
bigipGtmAppNotAvail (.1.3.6.1.4.1.3375.2.4.0.72)
A global traffic management application is unavailable.
Check the status of the application, as well as the relevant detailed log message.
bigipGtmJoinedGroup (.1.3.6.1.4.1.3375.2.4.0.73)
The BIG-IP system joined a global traffic management synchronization group.
Information only, no action required.
bigipGtmLeftGroup (.1.3.6.1.4.1.3375.2.4.0.74)
The BIG-IP system left a global traffic management synchronization group.
Information only, no action required.
bigipGtmKeyGenerationExpiration (.1.3.6.1.4.1.3375.2.4.0.95)
A generation of a DNSSEC key expired.
Information only, no action required.
bigipGtmKeyGenerationRollover (.1.3.6.1.4.1.3375.2.4.0.94)
A generation of a DNSSEC key rolled over.
Information only, no action required.
bigipGtmProberPoolDisabled (.1.3.6.1.4.1.3375.2.4.0.99)
A global traffic management prober pool is disabled.
Check the status of the prober pool.
bigipGtmProberPoolEnabled (.1.3.6.1.4.1.3375.2.4.0.100)
A global traffic management prober pool is enabled.
Information only, no action required.
bigipGtmProberPoolStatusChange (.1.3.6.1.4.1.3375.2.4.0.97)
The status of a global traffic management prober pool has changed.
Check the status of the prober pool.
bigipGtmProberPoolStatusChangeReason (.1.3.6.1.4.1.3375.2.4.0.98)
The reason the status of a global traffic management prober pool has changed.
The action required is based on the reason given.
bigipGtmProberPoolMbrDisabled (.1.3.6.1.4.1.3375.2.4.0.103)
A global traffic management prober pool member is disabled.
Check the status of the prober pool member.
bigipGtmProberPoolMbrEnabled (.1.3.6.1.4.1.3375.2.4.0.104)
A global traffic management prober pool member is enabled.
Information only, no action required.
bigipGtmProberPoolMbrStatusChange (.1.3.6.1.4.1.3375.2.4.0.101)
The status of a global traffic management prober pool member has changed.
Check the status of the prober pool member.
bigipGtmProberPoolMbrStatusChangeReason (.1.3.6.1.4.1.3375.2.4.0.102)
The reason the status of a global traffic management prober pool member has changed.
The action required is based on the reason given.
bigipGtmGtmDeletedFromGroup (.1.3.6.1.4.1.3375.2.4.0.156)
The global traffic management is deleted from the group.
Information only, no action required.
bigipGtmServerNoipStatusChangeReason (.1.3.6.1.4.1.3375.2.4.0.157)
The reason the status of a global traffic management server has changed.
The action required is based on the reason given.

Hardware-related traps and recommended actions

This table provides information about hardware-related notifications that an SNMP manager can receive. If you receive any of these alerts, contact F5 technical support.
Trap name and Associated OID
Description
Recommended action
bigipAomCpuTempTooHigh (.1.3.6.1.4.1.3375.2.4.0.93)
The AOM is reporting that the air temperature near the CPU is too high.
Check the input and output air temperatures. Run an iHealth report and troubleshoot based on the results. If the condition persists, contact F5 technical support.
bigipBladeNoPower (.1.3.6.1.4.1.3375.2.4.0.88)
A blade lost power.
Contact F5 technical support.
bigipBladeTempHigh (.1.3.6.1.4.1.3375.2.4.0.87)
The temperature of a blade is too high.
This trap might be spurious. If the condition persists, contact F5 technical support.
bigipBladeOffline (.1.3.6.1.4.1.3375.2.4.0.90)
A blade has failed.
Remove the blade. Contact F5 technical support.
bigipChmandAlertFanTrayBad (.1.3.6.1.4.1.3375.2.4.0.121)
A fan tray in a chassis is bad or was removed.
Replace the fan tray. If the condition persists, contact F5 technical support.
bigipCpuTempHigh
The CPU temperature is too high.
Check the input and output air temperatures. Run an iHealth report and troubleshoot based on the results. If the condition persists, contact F5 technical support.
bigipCpuFanSpeedLow (.1.3.6.1.4.1.3375.2.4.0.5)
The CPU fan speed is too low.
Check the CPU temperature. If the CPU temperature is normal, the condition is not critical. If the condition persists, contact F5 technical support.
bigipCpuFanSpeedBad (.1.3.6.1.4.1.3375.2.4.0.6)
The CPU fan is not receiving a signal.
Check the CPU temperature. If the CPU temperature is normal, the condition is not critical. If the condition persists, contact F5 technical support.
bigipSystemCheckAlertFanSpeedLow (.1.3.6.1.4.1.3375.2.4.0.115)
The system fan speed is too low.
This condition is critical. Replace the fan tray. These appliances do not have fan trays: 1600, 3600, 3900, EM4000, 2000, 4000. If the condition persists, contact F5 technical support.
bigipSystemCheckAlertVoltageHigh (.1.3.6.1.4.1.3375.2.4.0.114)
The system voltage is too high.
Review additional error messages in the log files. Unplug the system. Contact F5 technical support.
This alert does not happen for standby power.
bigipSystemCheckAlertVoltageLow (.1.3.6.1.4.1.3375.2.4.0.123)
The system voltage is too low.
Review additional error messages in the log files. Unplug the system. Contact F5 technical support.
This alert does not happen for standby power.
bigipSystemCheckAlertMilliVoltageHigh (.1.3.6.1.4.1.3375.2.4.0.124)
The system milli-voltage is too high.
Review additional error messages in the log files. Unplug the system. Contact F5 technical support.
This alert does not happen for standby power.
bigipSystemCheckAlertMilliVoltageLow (.1.3.6.1.4.1.3375.2.4.0.127)
The system milli-voltage is too low.
Review additional error messages in the log files. Unplug the system. Contact F5 technical support.
This alert does not happen for standby power.
bigipSystemCheckAlertTempHigh (.1.3.6.1.4.1.3375.2.4.0.113)
The system temperature is too high.
Check the system and air temperatures. If the condition persists, contact F5 technical support.
bigipSystemCheckAlertCurrentHigh (.1.3.6.1.4.1.3375.2.4.0.125)
The system current is too high.
Review additional error messages in the log files. Unplug the system. Contact F5 technical support.
This alert does not happen for standby power.
bigipSystemCheckAlertCurrentLow (.1.3.6.1.4.1.3375.2.4.0.128)
The system current is too low.
Review additional error messages in the log files. Unplug the system. Contact F5 technical support.
This alert does not happen for standby power.
bigipSystemCheckAlertPowerHigh (.1.3.6.1.4.1.3375.2.4.0.126)
The system power is too high.
Review additional error messages in the log files. Unplug the system. Contact F5 technical support.
This alert does not happen for standby power.
bigipSystemCheckAlertPowerLow (.1.3.6.1.4.1.3375.2.4.0.129)
The system power is too low.
Review additional error messages in the log files. Unplug the system. Contact F5 technical support.
This alert does not happen for standby power.
bigipChassisTempHigh (.1.3.6.1.4.1.3375.2.4.0.7)
The temperature of the chassis is too high.
Contact F5 technical support.
bigipChassisFanBad (.1.3.6.1.4.1.3375.2.4.0.8)
The chassis fan is not operating properly.
Replace the fan tray. If the condition persists, contact F5 technical support.
bigipChassisPowerSupplyBad (.1.3.6.1.4.1.3375.2.4.0.9)
The chassis power supply is not functioning properly.
Verify that the power supply is plugged in. In the case of a dual-power-supply system, verify that both power supplies are plugged in. Contact F5 technical support.
bigipLibhalBladePoweredOff (.1.3.6.1.4.1.3375.2.4.0.119)
A blade is powered off.
Contact F5 technical support.
bigipLibhalSensorAlarmCritical (.1.3.6.1.4.1.3375.2.4.0.120)
The hardware sensor on a blade indicates a critical alarm.
Review any additional error messages that your receive, and troubleshoot accordingly. If the condition persists, contact F5 technical support.
bigipLibhalDiskBayRemoved (.1.3.6.1.4.1.3375.2.4.0.118)
A disk sled was removed from a bay.
Information only, no action required.
bigipLibhalSsdLogicalDiskRemoved (.1.3.6.1.4.1.3375.2.4.0.117)
An SSD logical disk was removed from the BIG-IP system.
Information only, no action required.
bigipLibhalSsdPhysicalDiskRemoved (.1.3.6.1.4.1.3375.2.4.0.116)
An SSD physical disk was removed from the BIG-IP system.
Information only, no action required.
bigipRaidDiskFailure (.1.3.6.1.4.1.3375.2.4.0.96)
An disk in a RAID disk array failed.
On
www.askf5.com
, see
SOL10856: Overview of hard drive mirroring
. If the problem persists, contact F5 technical support.
bigipSsdMwiNearThreshold (.1.3.6.1.4.1.3375.2.4.0.111)
An SSD disk is reaching a known wear threshold.
Contact F5 technical support.
bigipSsdMwiReachedThreshold (.1.3.6.1.4.1.3375.2.4.0.112)
An SSD disk is worn out.
If this is the first alert, the disk might continue to operate for a short time. Contact F5 technical support.
bigipChassisInadequatelyPowered (.1.3.6.1.4.1.3375.2.4.0.198)
Chassis is inadequately powered.
Ensure that the power supply is properly seated. Contact F5 technical support.
bigipChassisUnidentified (.1.3.6.1.4.1.3375.2.4.0.199)
Power Supply Unit (PSU) is unidentified.
Replace the unsupported or unidentified PSU with a supported device. Hot-Plug the power supply, all sensor readings will be available in 30 seconds.
bigipNetLinkDown (.1.3.6.1.4.1.3375.2.4.0.24)
An interface link is down.
This alert applies to L1 and L2, which are internal links within the device connecting the CPU and Switch subsystems. These links should never be down. If this occurs, the condition is serious. Contact F5 technical support.
bigipExternalLinkChange (.1.3.6.1.4.1.3375.2.4.0.37)
The status of an external interface link has changed to either UP, DOWN, or UNPOPULATED.
This occurs when network cables are added or removed, and the network is reconfigured. Determine whether the link should be down or up, and then take the appropriate action.
bigipPsPowerOn (.1.3.6.1.4.1.3375.2.4.0.147)
The power supply for the BIG-IP system was powered on.
Information only, no action required, unless this trap is unexpected. In that case, verify that the power supply is working and that system has not rebooted.
bigipPsPowerOff (.1.3.6.1.4.1.3375.2.4.0.148)
The power supply for the BIG-IP system was powered off.
Information only, no action required, unless power off was unexpected. In that case, verify that the power supply is working and that system has not rebooted.
bigipPsAbsent (.1.3.6.1.4.1.3375.2.4.0.149)
The power supply for the BIG-IP system cannot be detected.
Information only, no action required when the BIG-IP device is operating with one power supply. For BIG-IP devices with two power supplies installed, verify that both power supplies are functioning correctly and evaluate symptoms.
bigipSystemShutdown (.1.3.6.1.4.1.3375.2.4.0.151)
The BIG-IP system has shut down.
Information only, no action required when the shut down was expected. Otherwise, investigate the cause of the unexpected reboot.
bigipFipsDeviceError (.1.3.6.1.4.1.3375.2.4.0.152)
The FIPS card in the BIG-IP system has encountered a problem.
Contact F5 technical support.
bigipFipsFault (.1.3.6.1.4.1.3375.2.4.0.166)
The BIG-IP detects a FIPS device fault and generates an SNMP trap, indicating that the device is no longer able to perform any FIPS operations.
Configure the Network Management System (NMS) to use the most recent BIG-IP Management Information Base (MIB) version, appropriate for the BIG-IP version. When you upgrade your BIG-IP version, or if new hardware is deployed, you should verify any FIPS module failures configured with your NMS.

High-availability system-related traps and recommended actions

This table provides information about the high-availability system-related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipStandby (.1.3.6.1.4.1.3375.2.4.0.14)
The BIG-IP system has switched to standby mode.
Review the log files in the
/var/log
directory and then search for core files in the
/var/core
directory. If you find a core file, or find text similar to fault at location
xxxx stack trace:
, contact F5 Networks technical support.
bigipStandByFail (.1.3.6.1.4.1.3375.2.4.0.75)
In failover condition, this standby system cannot become active.
Investigate failover condition on the standby system.
bigipActive (.1.3.6.1.4.1.3375.2.4.0.15)
The BIG-IP system has switched to active mode.
Information only, no action required.
bigipActiveActive (.1.3.6.1.4.1.3375.2.4.0.16)
The BIG-IP system is in active-active mode.
Information only, no action required.
bigipFeatureFailed (.1.3.6.1.4.1.3375.2.4.0.17)
A high-availability feature has failed.
View high-availability processes and their current status.
bigipFeatureOnline (.1.3.6.1.4.1.3375.2.4.0.18)
A high-availability feature is responding.
View high-availability processes and their current status.
bigipTrafficGroupStandby (.1.3.6.1.4.1.3375.2.4.0.141)
The status of a traffic group has changed to stand by.
Information only, no action required. To determine the reason for the failover, review the LTM log
/var/log/ltm
 and search for keywords active or standby. Additionally, you can run the
tmsh
 command
tmsh show sys ha-status
 to view the failover conditions.
bigipTrafficGroupActive (.1.3.6.1.4.1.3375.2.4.0.142)
The status of a traffic group has changed to active.
Information only, no action required. To determine the reason for the failover, review the LTM log
/var/log/ltm
 and search for keywords active or standby. Additionally, you can run the
tmsh
 command
tmsh show sys ha-status
 to view the failover conditions.
bigipTrafficGroupOffline (.1.3.6.1.4.1.3375.2.4.0.143)
The status of a traffic group has changed to offline.
Information only, no action required.
bigipTrafficGroupForcedOffline (.1.3.6.1.4.1.3375.2.4.0.144)
The status of a traffic group has changed to forced offline.
Information only, no action required.
bigipTrafficGroupDeactivate (.1.3.6.1.4.1.3375.2.4.0.145)
A traffic group was deactivated.
Information only, no action required. To determine the reason for the deactivation, review the LTM log
/var/log/ltm
 and search for the keyword deactivate.
bigipTrafficGroupActivate (.1.3.6.1.4.1.3375.2.4.0.146)
A traffic group was activated.
Information only, no action required. To determine the reason for the deactivation, review the LTM log
/var/log/ltm
 and search for the keyword activate.

License-related traps and recommended actions

This table provides information about the license-related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipLicenseFailed (.1.3.6.1.4.1.3375.2.4.0.19)
Validation of a BIG-IP system license has failed, or the dossier has errors.
Occurs only when first licensing the system or adding a module key (such as HTTP compression) to an existing system. If using automatic licensing, verify connectivity to the outside world, fix the dossier if needed, and try again.
bigipLicenseExpired (.1.3.6.1.4.1.3375.2.4.0.20)
The BIG-IP license has expired.
Call F5 Networks technical support.
bigipDnsRequestRateLimiterEngaged (.1.3.6.1.4.1.3375.2.4.0.139)
The BIG-IP DNS Services license is rate-limited and the system has reached the rate limit.
Call F5 Networks technical support to upgrade your license.
bigipGtmRequestRateLimiterEngaged (.1.3.6.1.4.1.3375.2.4.0.140)
The BIG-IP DNS license is rate-limited and the system has reached the rate limit.
Call F5 Networks technical support to upgrade your license.
bigipCompLimitExceeded (.1.3.6.1.4.1.3375.2.4.0.35)
The compression license limit is exceeded.
Purchase additional compression licensing from F5 Networks.
bigipSslLimitExceeded (.1.3.6.1.4.1.3375.2.4.0.36)
The SSL license limit is exceeded, either for transactions per second (TPS) or for megabits per second (MPS).
Purchase additional SSL licensing from F5 Networks.
bigipKeyManagementCertExpiration (.1.3.6.1.4.1.3375.2.4.0.205)
Certificate with lifecycle management options configured will expire within a week.
Take the necessary actions to renew the certificate.

LTM-related traps and recommended actions

This table provides information about the LTM-related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipUnsolicitedRepliesExceededThreshold (.1.3.6.1.4.1.3375.2.4.0.122)
The BIG-IP system DNS cache received unsolicited query replies exceeding the configured threshold.
Check the BIG-IP system logs to determine if the system is experiencing a distributed denial-of-service (DDoS) attack.
bigipNodeRate (.1.3.6.1.4.1.3375.2.4.0.130)
A local traffic management node has received connections exceeding the configured rate-limit.
Consider provisioning more resources on the BIG-IP system for this virtual server.
bigipNodeDown (.1.3.6.1.4.1.3375.2.4.0.12)
A BIG-IP system health monitor has marked a node as down.
Check the node and the cable connection.
bigipNodeUp (.1.3.6.1.4.1.3375.2.4.0.13)
A BIG-IP system health monitor has marked a node as up.
Information, no action required.
bigipMemberRate (.1.3.6.1.4.1.3375.2.4.0.131)
A local traffic management pool member has received connections exceeding the configured rate-limit.
Consider provisioning more resources on the BIG-IP system for this virtual server.
bigipVirtualRate (.1.3.6.1.4.1.3375.2.4.0.132)
A local traffic management virtual server has received connections exceeding the configured rate-limit.
Consider provisioning more resources on the BIG-IP system for this virtual server.
bigipLtmVsAvail (.1.3.6.1.4.1.3375.2.4.0.135)
A local traffic management virtual server is available to receive connections.
Information only, no action required.
bigipLtmVsUnavail (.1.3.6.1.4.1.3375.2.4.0.136)
A local traffic management virtual server is not available to receive connections.
Check the virtual server.
bigipLtmVsEnabled (.1.3.6.1.4.1.3375.2.4.0.137)
A local traffic management virtual server is enabled.
Information only, no action required.
bigipLtmVsDisabled (.1.3.6.1.4.1.3375.2.4.0.138)
A local traffic management virtual server is disabled.
Information only, no action required.
bigipServiceDown (.1.3.6.1.4.1.3375.2.4.0.10)
A BIG-IP system health monitor has detected a service on a node to be stopped and thus marked the node as down.
Restart the service on the node.
bigipServiceUp (.1.3.6.1.4.1.3375.2.4.0.11)
A BIG-IP system health monitor has detected a service on a node to be running and has therefore marked the node as up.
Information only, no action required.
bigipPacketRejected (.1.3.6.1.4.1.3375.2.4.0.34)
The BIG-IP system has rejected some packets.
Check the detailed message within this trap and act accordingly.
bigipInetPortExhaustion (.1.3.6.1.4.1.3375.2.4.0.76)
The TMM has run out of source ports and cannot open new communications channels with other machines.
Either increase the number of addresses available for SNAT automapping or SNAT pools, or lower the idle timeout value if the value is excessively high.
bigipIpsecTrapTunnelUp (.1.3.6.1.4.1.3375.2.4.0.200)
An IPsec tunnel has come up.
None, informational.
bigipIpsecTrapTunnelDown (.1.3.6.1.4.1.3375.2.4.0.201)
An IPsec tunnel has come down.
Alter the configuration so that a new security association can be negotiated, such as in the case where a peer's configuration has also changed. In this case, you must change the configuration in order to match the peer's configuration.
bigipMrfDiameterPeerDelayHealthChanged (.1.3.6.1.4.1.3375.2.4.0.202)
The time that the peer takes to process a request and send the response exceeds or is under the Peer Delay Critical Limit.
Check the logs that triggered the trap and act accordingly.
bigipMrfDiameterPeerOutgoingRatelimitChanged (.1.3.6.1.4.1.3375.2.4.0.203)
The number of messages sent to the peer exceeds or is under the Egress Critical or Egress Major Message Rate Limit, the system generates the trap.
Check the logs that triggered the trap and act accordingly.
bigipMrfDiameterPeerIncomingRatelimitChanged (.1.3.6.1.4.1.3375.2.4.0.204)
The number of messages received from the peer exceeds or is under the Ingress Critical or Ingress Major Message Rate Limit, the system generates the trap.
Check the logs that triggered the trap and act accordingly.
bigipMrfDiameterPeerErrorsHealthChanged (.1.3.6.1.4.1.3375.2.4.0.206)
If the percentage of error answers returned from the peer exceeds or is under the Peer Errors Major Threshold, the system generates the trap.
Check the logs that triggered the trap and act accordingly.
bigipMrfDiameterPeerTimeoutsHealthChanged (.1.3.6.1.4.1.3375.2.4.0.207)
If the percentage of peer timeouts exceeds or is under the Peer Timeouts Major Threshold, the system generates the trap.
Check the logs that triggered the trap and act accordingly.
bigipMrfDiameterPeerHealthChanged (.1.3.6.1.4.1.3375.2.4.0.208)
This trap is generated if the peer health is changed due to any of the following conditions: the time that the peer takes to process a request and send the response exceeds or is under the configured critical threshold, the percentage of error answers returned from the peer exceeds or is under the configured major threshold, or the percentage of peer timeouts exceeds or is under the configured major threshold.
Check the logs that triggered the trap and act accordingly.
bigipMrfDiameterPeerConnectionStateChanged (.1.3.6.1.4.1.3375.2.4.0.209)
The connection to peer terminates because the BIG-IP initiates the disconnect or the peer initiates the disconnect, the system generates the trap.
Check the logs that triggered the trap and act accordingly.
bigipSctpActivePathDown (.1.3.6.1.4.1.3375.2.4.0.210)
In a Stream Control Transmission Protocol (SCTP) association enabled with multi-homing, when the current active path goes down and an alternate path is selected, the system generates the trap.
Information only, no action required.
bigipSctpPathRestored (.1.3.6.1.4.1.3375.2.4.0.211)
In an SCTP association, when a path is restored, the system generates the trap.
Information only, no action required.
bigipGeoredundancyStateOffline (.1.3.6.1.4.1.3375.2.4.0.212)
The geo-redundancy status is set to offline.
Information only, no action required.
bigipGeoredundancyStateConnected (.1.3.6.1.4.1.3375.2.4.0.213)
The geo-redundancy status is set to connected.
Information only, no action required.
bigipGeoredundancyStateReloadReceiving (.1.3.6.1.4.1.3375.2.4.0.214)
The geo-redundancy status is set to reload receiving.
Information only, no action required.
bigipGeoredundancyStateReloadSending (.1.3.6.1.4.1.3375.2.4.0.215)
The geo-redundancy status is set to reload sending.
Information only, no action required.
bigipGeoredundancyWatchdogAlive (.1.3.6.1.4.1.3375.2.4.0.216)
The watchdog status is set to alive.
Information only, no action required.
bigipGeoredundancyWatchdogExpired (.1.3.6.1.4.1.3375.2.4.0.217)
The watchdog status is set to expired.
Information only, no action required.

Logging-related traps and recommended actions

This table provides information about the logging-related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipShellConfigurationLoaded (.1.3.6.1.4.1.3375.2.4.0.28)
The component which created this event has been deprecated. The configuration was loaded.
None, informational.
bigipLogEmerg (.1.3.6.1.4.1.3375.2.4.0.29)
The BIG-IP system is unusable. This notification occurs when the system logs a message with the log level LOG_EMERG.
Check the detailed message within this trap and within the
/var/log
 files to determine which process has the emergency. Then act accordingly.
bigipLogAlert (.1.3.6.1.4.1.3375.2.4.0.30)
The BIG-IP system requires immediate action to function properly. This notification occurs when the system logs a message with the log level LOG_ALERT.
Check the detailed message within this trap and within the
/var/log
files to determine which process has the alert situation. Then act accordingly.
bigipLogCrit (.1.3.6.1.4.1.3375.2.4.0.31)
The BIG-IP system is in critical condition. This notification occurs when the system logs a message with the log level LOG_CRIT.
Check the detailed message within this trap and within the
/var/log
 files to determine which process has the critical situation. Then act accordingly.
bigipLogErr (.1.3.6.1.4.1.3375.2.4.0.32)
The BIG-IP system has some error conditions. This notification occurs when the system logs a message with the log level LOG_ERR.
Check the detailed message within this trap and within the
/var/log
 files to determine which processes have the error conditions. Then act accordingly.
bigipLogWarning (.1.3.6.1.4.1.3375.2.4.0.33)
The BIG-IP system is experiencing some warning conditions. This notification occurs when the system logs a message with the log level LOG_WARNING.
Check the detailed message within this trap and within the
/var/log
 files to determine which processes have the warning conditions. Then act accordingly.

Network-related traps and recommended actions

This table provides information about the network-related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipARPConflict (.1.3.6.1.4.1.3375.2.4.0.23)
The BIG-IP system has detected an ARP advertisement for any of its own ARP-enabled addresses. This can occur for a virtual server address or a self IP address.
Check IP addresses and routes.

vCMP-related traps and recommended actions

This table provides information about the virtual clustered multiprocessing (vCMP)-related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipVcmpAlertsVcmpPowerOn (.1.3.6.1.4.1.3375.2.4.0.107)
The BIG-IP system powered on a vCMP guest from a suspended or powered-off state.
Information only, no action required.
bigipVcmpAlertsVcmpPowerOff (.1.3.6.1.4.1.3375.2.4.0.108)
The BIG-IP system powered off a vCMP guest.
Information only, no action required.
bigipVcmpAlertsVcmpHBLost (.1.3.6.1.4.1.3375.2.4.0.109)
The BIG-IP system cannot detect a heartbeat from a vCMP guest.
Check the guest and restart, if necessary.
bigipVcmpAlertsVcmpHBDetected (.1.3.6.1.4.1.3375.2.4.0.110)
The BIG-IP system detected a heartbeat from a new or returning vCMP guest.
Information only, no action required.

VIPRION-related traps and recommended actions

This table provides information about the VIPRION-related notifications that an SNMP manager can receive.
Trap name
Description
Recommended action
bigipClusterdNoResponse (.1.3.6.1.4.1.3375.2.4.0.89)
The cluster daemon failed to respond for 10 seconds or more.
Start the cluster daemon.
bigipClusterPrimaryChanged (.1.3.6.1.4.1.3375.2.4.0.150)
The primary cluster has changed.
Information only, no action required.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information