Debug mode enabled-f5-all

Knowledge
, , ,
#1

Debug mode enabled-f5-all

Vendor: f5

OS: all

Description:
Indeni will alert if one of the debug mechanisms on a device is enabled when the default is for it to be disabled.

Remediation Steps:
Turn off the debug as soon as possible.
Follow the applicable remediation steps. mcpd-force-reload: Delete the file /service/mcpd/forceload (https://support.f5.com/csp/article/K13030), tm.rstcause.log: https://support.f5.com/csp/article/K13223, tm.rstcause.pkt: https://support.f5.com/csp/article/K13223 ",

How does this work?
This alert logs into the F5 load balancer and verifies if the forcereload flag is set.

Why is this important?
If the file /service/mcpd/forceload exists and an F5 reboots, an extra amount of time will be taken for the device to fully reload. This file is manually created and intentional if there is a need for the mcpd process to force a reload of the BIG-IP configuration (K13030). If this file is not removed afterwards and the device reboots, this would result in more logged downtime.

Without Indeni how would you find this?
Login to the device with SSH and run “ls -l /service/mcpd/forceload” and verify that the file is not present.

f5-ls-service-mcpd-forcereload

name: f5-ls-service-mcpd-forcereload
description: Verify that the forcereload flag is not set
type: monitoring
monitoring_interval: 30 minutes
requires:
    vendor: f5
    product: load-balancer
    shell: bash
comments:
    debug-status:
        why: |
            If the file /service/mcpd/forceload exists and an F5 reboots, an extra amount of time will be taken for the device to fully reload. This file is manually created and intentional if there is a need for the mcpd process to force a reload of the BIG-IP configuration (K13030). If this file is not removed afterwards and the device reboots, this would result in more logged downtime.
        how: |
            This alert logs into the F5 load balancer and verifies if the forcereload flag is set.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15  /bin/ls /service/mcpd/forceload
    parse:
        type: AWK
        file: ls-service-mcpd-forceload.parser.1.awk

cross_vendor_debug_on

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_debug_on.scala