Manual Chapter :
Health monitoring and alerts using SMTP and
SNMP alerts
Applies To:
Show VersionsBIG-IQ Centralized Management
- 8.2.0, 8.1.0
Health monitoring and alerts using SMTP and
SNMP alerts
Specify an SMTP server to send email alerts
You specify an SMTP server so F5 BIG-IQ Centralized Management can send email to alert
specified people when a certain condition happens, such as when an SSL certificate is about
to expire.
- At the top of the screen, clickSystem.
- On the left, clickSMTP configuration.
- On the SMTP Configuration screen, if there is no mail server set up, click theAddbutton.
- In theNamefield, type a name for this SMTP configuration.
- In theSMTP Server HostandSMTP Server Portfields, type the SMTP server and TCP port.By default, SMTP uses TCP 25.
- In theFrom Email Addressfield, type the email address from which to send the alert email.
- From theEncryptionlist, select the type of encryption to use for the email.
- To require a user name and password, from theUse Authlist, selectYes, and type the required user name and password.
- To verify that you can reach the server you configured, click theTest Connectionbutton.
- Click theSave & Closebutton.
You can now specify email recipients and set up
the alert conditions that prompt BIG-IQ to send an email when a certain event happens on a
managed device.
How do I set up BIG-IQ to work with SNMP?
Set up BIG-IQ to work with SNMP so you can receive alerts when certain
things happen on a managed device.
To set up BIG-IQ to work with SNMP, you must:
- Set up the SNMP Agent
- Configure SNMP Access
- Specify settings for the SNMP Trap
Before you configure SNMP
Gather the following information before you start your SNMP configuration.
CONFIGURATION COMPONENT | CONSIDERATIONS | FOR MY CONFIGURATION |
---|---|---|
SNMP administrator contact information | Find out or decide who is responsible for SNMP administration. The contact
information is a MIB-II simple string variable. | |
Machine location | Find out the location of the BIG-IQ system. The location is a MIB-II simple
string variable. | |
BIG-IQ client allow list | Gather the IP or network addresses (with netmasks) of the SNMP managers from
which the SNMP agent will accept requests. | |
Access | Find the OID for the top-most node of the SNMP tree to provide access to. | |
Community | Get the v1 and v2c communities and the IP addresses of the SNMP managers you want
to grant access to. | |
Users | Get the v3 users you want to grant access to SNMP data, along with the privacy
protocols and passwords, Community, Destination, and Port. |
Configuring SNMP agent for sending alerts
This screen displays specified user addresses allowed to access your
3rd-party SNMP Manager BIG-IQ through the SNMP Agent. An agent can communicate with
multiple managers, so you can configure BIG-IQ to support communications with one
management station using the SNMP version1 protocol, one using the SNMP version 2C
protocol, and another using SMNP version 3.
- At the top of the screen, clickSystem.
- On the left, click.
- At the top of the screen, click theDownload MIBbutton to download the F5-required MIBs.
- At the top of the screen, clickEdit.
- Edit theContact InformationandMachine Locationfields to reflect your SNMP agent settings and click theSave & Closebutton at the bottom of the screen.
- Click theSave & Closebutton at the bottom of the screen to save your changes.
- For theSNMP Access - Client Allowed Listsetting, click theAddbutton.
- In theAddresses/NetworksandMaskfields, type the IP address and networks and the netmask (if applicable) that the SNMP manager is allowed to access.
- To add another address, click the plus (+) sign.
You can now configure SNMP access and SNMP
traps.
Configure Access and Traps for SNMP version 3 to send
alerts
After you configure the SNMP agent, you can
configure SNMP access and SNMP traps.
You configure SNMP access to allow the SNMP agent to accept requests from specific SNMP
managers.
- At the top of the screen, clickSystem.
- On the left, click.
- In theNameandUser Namefields, type a name for this SNMP access and the user name.
- If you want to specify the authentication protocol for SNMP traps, from theTypelist, select an option.
- MD5specifies digest algorithm.
- SHAspecifies secure hash algorithm.
- If you selected an authentication protocol, in thePasswordandConfirm Passwordfields, type and confirm the password for access.The password must be between 8 and 32 characters, include alphabetic, numeric, and special characters, but no control characters.
- If you want to encrypt the SNMP traps, from theProtocollist, select an option.
- AESspecifies Advanced Encryption Standard
- DESspecifies Data Encryption Standard
- If you selected a privacy protocol, in thePasswordandConfirm Passwordfields, type the password to use for authentication.Alternatively, you can select theUse Authentication Passwordcheck box to use the authentication password.
- In theOIDfield, type the object identifier (OID) you want to associate with this user.
- From theAccesslist, select an option:
- Read Only- This user can only view the MIB.
- Read/Write- This user can view and modify the MIB.
The most secure access level or type takes precedence when there is a conflict. When you set the access level to read/write, and an individual data object has a read-only access type, access to the object remains read-only. - Click theSave & Closebutton at the bottom of the screen to save your changes.
- On the left, clickSNMP Traps.
- In theNamefield, type a name for this SNMP trap.
- From theVersionlist, selectV3.
- In theDestinationandPortfields, type the IP address and the port for this trap destination.
- For theSecurity Levelsetting, select an option.Auth, No Privacyprocesses SNMP messages using authentication, but no encryption.Auth and Privacyprocesses SNMP messages using authentication and encryption.
- For theSecurity Namesetting, specify the user name you want to use to handle SNMP version 3 traps.
- For theEngine IDsetting, specify the unique identifier (snmpEngineID) of the remote SNMP protocol engine.
- In thePasswordandConfirm Passwordfields, type and confirm the password for the protocol.
- Click theSave & Closebutton at the bottom of the screen to save your changes.
You can now specify email recipients for
alerts.
Configuring Access and Traps for SNMP version 1 and 2C to send
alerts
After you configure the SNMP agent, you can
configure SNMP access and SNMP traps.
You configure SNMP access to allow the SNMP agent to accept requests from specific SNMP
managers.
- At the top of the screen, clickSystem.
- On the left,
- At the top left of the screen, click theCreatebutton.
- In theNamefield, type the SNMP manager's user name.
- From theTypelist, select the format for the IP address.
- In theCommunityfield, type the community string (password) for access to the MIB.
- From theSourcelist, select a source or selectSpecifyand type the source address for access to the MIB.
- In theOIDfield, type the object identifier (OID) you want to associate with this user.
- From theAccesslist, select an option:
- Read Only- This user can only view the MIB.
- Read/Write- This user can view and modify the MIB.
The most secure access level or type takes precedence when there is a conflict. When you set the access level to read/write, and an individual data object has a read-only access type, access to the object remains read-only. - Click theSave & Closebutton at the bottom of the screen to save your changes.
- On the left, clickSNMP Traps.
- At the top left of the screen, click theCreatebutton.
- In theNamefield, type a name for this SNMP trap.
- In theCommunity,Destination, andPortfields, type, respectively, the community name, IP address, and port for the trap destination.
You can now specify email recipients for
alerts.
Add email recipients for SMTP and SNMP alerts
After you configure SMTP and/or SNMP, you can add
email recipients.
Email recipients you add will get alert notifications when specified events happen on
BIG-IQ or your managed devices
- At the top of the screen, clickSystem.
- On the left, click.
- At the top left of the screen, click theCreatebutton.
- In theNametheEmailaddress fields, type the name and email address of the person you want to receive an alert.
- In theDescriptionfield, you can type an optional description to help identify this user.
- Select the check box next to each type of notification you want this user to receive an email about.
- To add another email recipient, click+.
- Click theSave & Closebutton at the bottom of the screen to save your changes.
You can now configure the alert settings that
trigger BIG-IQ to send an email to the specified recipients.
How do I monitor SSL certificate expiration dates for my managed devices?
When you manage BIG-IP devices that load balance SSL traffic, you must
monitor their SSL traffic.
BIG-IQ imports the certificates for every managed BIG-IP device you
discover. This makes it easy to monitor the expiration dates all of your devices' SSL
certificates from one location.
You can also:
- Set up alerts to let you know when a certain certificate is about to expire within a specified number of days.
- Download the data to a CSV file for reporting purposes.
Set up alert conditions that triggers BIG-IQ to send a
notification
After you set up the SNMP and/or SMTP on F5 BIG-IQ Centralized Management, you can select
the alerts that prompt BIG-IQ to send an email to the people you specified.
- At the top of the screen, clickSystem.
- On the left, clickALERTS & NOTIFICATIONS.
- At the top of the screen, click theSettingsbutton.
- Select theEnabledcheck box next to each alert you want to receive and, if applicable, specify theThreshold.Only SNMP events specified asYesare available for SNMP alerts. BIG-IQ uses SMTP for all other event types.
- ForCertificate Expiration, you can add up to 3 separate alerts to notify your of the number of days required to update an SSL certificate.Once you enable the alert, you add the number of days prior to expiration you would like to receive an alert notification. Use the icons to the right of theCertificate Expirationfield to add or subtract alert configurations.
- Click theSave & Closebutton.