Manual Chapter : Health monitoring and alerts using SMTP and SNMP alerts

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.2.0, 8.1.0
Manual Chapter

Health monitoring and alerts using SMTP and SNMP alerts

Specify an SMTP server to send email alerts

You specify an SMTP server so F5 BIG-IQ Centralized Management can send email to alert specified people when a certain condition happens, such as when an SSL certificate is about to expire.
  1. At the top of the screen, click
    System
    .
  2. On the left, click
    SMTP configuration.
  3. On the SMTP Configuration screen, if there is no mail server set up, click the
    Add
    button.
  4. In the
    Name
    field, type a name for this SMTP configuration.
  5. In the
    SMTP Server Host
    and
    SMTP Server Port
    fields, type the SMTP server and TCP port.
    By default, SMTP uses TCP 25.
  6. In the
    From Email Address
    field, type the email address from which to send the alert email.
  7. From the
    Encryption
    list, select the type of encryption to use for the email.
  8. To require a user name and password, from the
    Use Auth
    list, select
    Yes
    , and type the required user name and password.
  9. To verify that you can reach the server you configured, click the
    Test Connection
    button.
  10. Click the
    Save & Close
    button.
You can now specify email recipients and set up the alert conditions that prompt BIG-IQ to send an email when a certain event happens on a managed device.

How do I set up BIG-IQ to work with SNMP?

Set up BIG-IQ to work with SNMP so you can receive alerts when certain things happen on a managed device.
To set up BIG-IQ to work with SNMP, you must:
  1. Set up the SNMP Agent
  2. Configure SNMP Access
  3. Specify settings for the SNMP Trap

Before you configure SNMP

Gather the following information before you start your SNMP configuration.
CONFIGURATION COMPONENT
CONSIDERATIONS
FOR MY CONFIGURATION
SNMP administrator contact information
Find out or decide who is responsible for SNMP administration. The contact information is a MIB-II simple string variable.
Machine location
Find out the location of the BIG-IQ system. The location is a MIB-II simple string variable.
BIG-IQ client allow list
Gather the IP or network addresses (with netmasks) of the SNMP managers from which the SNMP agent will accept requests.
Access
Find the OID for the top-most node of the SNMP tree to provide access to.
Community
Get the v1 and v2c communities and the IP addresses of the SNMP managers you want to grant access to.
Users
Get the v3 users you want to grant access to SNMP data, along with the privacy protocols and passwords, Community, Destination, and Port.

Configuring SNMP agent for sending alerts

This screen displays specified user addresses allowed to access your 3rd-party SNMP Manager BIG-IQ through the SNMP Agent. An agent can communicate with multiple managers, so you can configure BIG-IQ to support communications with one management station using the SNMP version1 protocol, one using the SNMP version 2C protocol, and another using SMNP version 3.
  1. At the top of the screen, click
    System
    .
  2. On the left, click
    SNMP Configuration
    SNMP Agent
    .
  3. At the top of the screen, click the
    Download MIB
    button to download the F5-required MIBs.
  4. At the top of the screen, click
    Edit
    .
  5. Edit the
    Contact Information
    and
    Machine Location
    fields to reflect your SNMP agent settings and click the
    Save & Close
    button at the bottom of the screen.
  6. Click the
    Save & Close
    button at the bottom of the screen to save your changes.
  7. For the
    SNMP Access - Client Allowed List
    setting, click the
    Add
    button.
  8. In the
    Addresses/Networks
    and
    Mask
    fields, type the IP address and networks and the netmask (if applicable) that the SNMP manager is allowed to access.
  9. To add another address, click the plus (
    +
    ) sign.
You can now configure SNMP access and SNMP traps.

Configure Access and Traps for SNMP version 3 to send alerts

After you configure the SNMP agent, you can configure SNMP access and SNMP traps.
You configure SNMP access to allow the SNMP agent to accept requests from specific SNMP managers.
  1. At the top of the screen, click
    System
    .
  2. On the left, click
    LOCAL HOST SETTINGS
    SNMP Configuration
    SNMP Access (v3)
    .
  3. In the
    Name
    and
    User Name
    fields, type a name for this SNMP access and the user name.
  4. If you want to specify the authentication protocol for SNMP traps, from the
    Type
    list, select an option.
    • MD5
      specifies digest algorithm.
    • SHA
      specifies secure hash algorithm.
  5. If you selected an authentication protocol, in the
    Password
    and
    Confirm Password
    fields, type and confirm the password for access.
    The password must be between 8 and 32 characters, include alphabetic, numeric, and special characters, but no control characters.
  6. If you want to encrypt the SNMP traps, from the
    Protocol
    list, select an option.
    • AES
      specifies Advanced Encryption Standard
    • DES
      specifies Data Encryption Standard
  7. If you selected a privacy protocol, in the
    Password
    and
    Confirm Password
    fields, type the password to use for authentication.
    Alternatively, you can select the
    Use Authentication Password
    check box to use the authentication password.
  8. In the
    OID
    field, type the object identifier (OID) you want to associate with this user.
  9. From the
    Access
    list, select an option:
    • Read Only
      - This user can only view the MIB.
    • Read/Write
      - This user can view and modify the MIB.
    The most secure access level or type takes precedence when there is a conflict. When you set the access level to read/write, and an individual data object has a read-only access type, access to the object remains read-only.
  10. Click the
    Save & Close
    button at the bottom of the screen to save your changes.
  11. On the left, click
    SNMP Traps
    .
  12. In the
    Name
    field, type a name for this SNMP trap.
  13. From the
    Version
    list, select
    V3
    .
  14. In the
    Destination
    and
    Port
    fields, type the IP address and the port for this trap destination.
  15. For the
    Security Level
    setting, select an option.
    Auth, No Privacy
    processes SNMP messages using authentication, but no encryption.
    Auth and Privacy
    processes SNMP messages using authentication and encryption.
  16. For the
    Security Name
    setting, specify the user name you want to use to handle SNMP version 3 traps.
  17. For the
    Engine ID
    setting, specify the unique identifier (snmpEngineID) of the remote SNMP protocol engine.
  18. In the
    Password
    and
    Confirm Password
    fields, type and confirm the password for the protocol.
  19. Click the
    Save & Close
    button at the bottom of the screen to save your changes.
You can now specify email recipients for alerts.

Configuring Access and Traps for SNMP version 1 and 2C to send alerts

After you configure the SNMP agent, you can configure SNMP access and SNMP traps.
You configure SNMP access to allow the SNMP agent to accept requests from specific SNMP managers.
  1. At the top of the screen, click
    System
    .
  2. On the left,
    LOCAL HOST SETTINGS
    SNMP Configuration
    SNMP Access (V1, V2C)
  3. At the top left of the screen, click the
    Create
    button.
  4. In the
    Name
    field, type the SNMP manager's user name.
  5. From the
    Type
    list, select the format for the IP address.
  6. In the
    Community
    field, type the community string (password) for access to the MIB.
  7. From the
    Source
    list, select a source or select
    Specify
    and type the source address for access to the MIB.
  8. In the
    OID
    field, type the object identifier (OID) you want to associate with this user.
  9. From the
    Access
    list, select an option:
    • Read Only
      - This user can only view the MIB.
    • Read/Write
      - This user can view and modify the MIB.
    The most secure access level or type takes precedence when there is a conflict. When you set the access level to read/write, and an individual data object has a read-only access type, access to the object remains read-only.
  10. Click the
    Save & Close
    button at the bottom of the screen to save your changes.
  11. On the left, click
    SNMP Traps
    .
  12. At the top left of the screen, click the
    Create
    button.
  13. In the
    Name
    field, type a name for this SNMP trap.
  14. In the
    Community
    ,
    Destination
    , and
    Port
    fields, type, respectively, the community name, IP address, and port for the trap destination.
You can now specify email recipients for alerts.

Add email recipients for SMTP and SNMP alerts

After you configure SMTP and/or SNMP, you can add email recipients.
Email recipients you add will get alert notifications when specified events happen on BIG-IQ or your managed devices
  1. At the top of the screen, click
    System
    .
  2. On the left, click
    THIS DEVICE
    Email Notification Recipients
    .
  3. At the top left of the screen, click the
    Create
    button.
  4. In the
    Name
    the
    Email
    address fields, type the name and email address of the person you want to receive an alert.
  5. In the
    Description
    field, you can type an optional description to help identify this user.
  6. Select the check box next to each type of notification you want this user to receive an email about.
  7. To add another email recipient, click
    +
    .
  8. Click the
    Save & Close
    button at the bottom of the screen to save your changes.
You can now configure the alert settings that trigger BIG-IQ to send an email to the specified recipients.

How do I monitor SSL certificate expiration dates for my managed devices?

When you manage BIG-IP devices that load balance SSL traffic, you must monitor their SSL traffic.
BIG-IQ imports the certificates for every managed BIG-IP device you discover. This makes it easy to monitor the expiration dates all of your devices' SSL certificates from one location.
You can also:
  • Set up alerts to let you know when a certain certificate is about to expire within a specified number of days.
  • Download the data to a CSV file for reporting purposes.

Set up alert conditions that triggers BIG-IQ to send a notification

After you set up the SNMP and/or SMTP on F5 BIG-IQ Centralized Management, you can select the alerts that prompt BIG-IQ to send an email to the people you specified.
  1. At the top of the screen, click
    System
    .
  2. On the left, click
    ALERTS & NOTIFICATIONS.
  3. At the top of the screen, click the
    Settings
    button.
  4. Select the
    Enabled
    check box next to each alert you want to receive and, if applicable, specify the
    Threshold
    .
    Only SNMP events specified as
    Yes
    are available for SNMP alerts. BIG-IQ uses SMTP for all other event types.
  5. For
    Certificate Expiration
    , you can add up to 3 separate alerts to notify your of the number of days required to update an SSL certificate.
    Once you enable the alert, you add the number of days prior to expiration you would like to receive an alert notification. Use the icons to the right of the
    Certificate Expiration
    field to add or subtract alert configurations.
  6. Click the
    Save & Close
    button.