Suggest an automation script

Suggest an automation script
0

#21

Check the TMM log for TCL exceptions.


Device Make/Model

  • F5 Networks

Operating System

  • Any TMOS version

Description

  • TCL exceptions detected

Remediation Steps

  • Examine the error message and fix the iRule in question.

Command or Method

  • cat /var/log/ltm

Output Example

Aug 11 06:30:09 slot1/PRD err tmm[19587]: 01220001:3: TCL error: /Common/VanityIRule - Could not find class VURL_google (line 3) invoked from within "class match -value [string tolower [HTTP::uri]] equals VURL_[string tolower [HTTP::host]]"


#22

Some more contact options would be awesome.


Examples:


  • Slack
  • Hipchat
  • Telegram
  • Prowl


/Patrik


#23

Device Make/Model

  • BIGIP F5 LTM

Operating System

  • tmos

Description

  • Apache Tomcat has run out of memory

Remediaion Steps

  • To mitigate receiving this message, you can use the provision.tomcat.extramb database variable to increase the maximum amount of Java virtual memory available to the tomcat process
  • See more details in F5 article https://support.f5.com/csp/article/K9719

Command or Method

  • Check file /var/log/tomcat/catalina.out for usage of string: java.lang.OutOfMemoryError

Output Example

java.lang.OutOfMemoryError

Output Expectations



#24

F5: Create an alert for usage of ciphers vulnerable to ROBOT.


https://support.f5.com/csp/article/K21905460


#25

Device Make/Model

  • BIGIP F5 LTM

Operating System

  • tmos

Description

  • Clock advanced by <number> ticks

Remediaion Steps

  • Check for high resource usage
  • See https://support.f5.com/csp/article/K10095

Command or Method

  • cat /var/log/ltm for entries of

Output Example

  • 01010029:5: Clock advanced by 518 ticks

Output Expectations

  • any line with "Clock advanced by [0-9]+ ticks"

#26

F5: Warn user if their hardware is too weak to support the next major version.


https://support.f5.com/csp/article/K9476


/Patrik


#27

F5: Warn user if the iRules is not CMP compatible.


https://support.f5.com/csp/article/K13033


/Patrik


#28

Device Make/Model

  • BIG IP F5 LTM

Operating System

  • tmos

Description

  • An HTTP monitor send string does not end with the required CR/LF sequence

Remediaion Steps

  • Make sure that all monitors ends with the CR/LF sequence
  • more info here: https://support.f5.com/csp/article/K2167

Command or Method

  • Check all bigip.conf and check if monitors end with this sequence.

Output Example

send "GET /health-monitor/en/ HTTP/1.1\r\nHost:app.site.com\r\nUser-agent: Mozilla/5.0 (something;Windows NT 6.1;)\r\n\r\n"


Output Expectations

  • any send string that does not end with \r\n\r\n

#29
  • Device Make/ModelCheck Point, all HW
  • Operating SystemGaia
  • DescriptionRead errors from disk
  • Remediaion StepsRMA the appliance
  • Command or Methoddmesg
  • Output Example


ata1.00: status: { DRDY ERR }
ata1.00: error: { UNC }
ata1.00: configured for UDMA/133
ata1: EH complete
ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
ata1.00: BMDMA stat 0x25
ata1.00: cmd c8/00:08:60:ef:b3/00:00:00:00:00/e5 tag 0 dma 4096 in
         res 51/40:03:65:ef:b3/00:00:00:00:00/05 Emask 0x9 (media error)
sd 0:0:0:0: SCSI error: return code = 0x08000002
sda: Current [descriptor]: sense key: Medium Error
    Add. Sense: Unrecovered read error - auto reallocate failed

Descriptor sense data with sense descriptors (in hex):
72 03 11 04 00 00 00 0c 00 0a 80 00 00 00 00 00
05 b3 ef 65
end_request: I/O error, dev sda, sector 95678309
ata1: EH complete
SCSI device sda: 625142448 512-byte hdwr sectors (320073 MB)
sda: Write Protect is off
sda: Mode Sense: 00 3a 00 00
SCSI device sda: drive cache: write back
SCSI device sda: 625142448 512-byte hdwr sectors (320073 MB)
sda: Write Protect is off
sda: Mode Sense: 00 3a 00 00
SCSI device sda: drive cache: write back



    • Output Expectations
      alert on for example I/O error

#30

Hi all,


I noticed a brief discussion on Cisco NGFW last November and can propose a smart solution.


  • Device Make/Model - Cisco Firepower
  • Operating System - Linux-based
  • Description - CPU and memory monitor
  • Remediaion Steps - user top command to obtain real-time data, produce alerts when limits esceeded (especially swap spase usage).
  • Command or Method - top command on Linux console
  • Output Example - not needed I guess
  • Output Expectations - custom limits should be set for analysis.


To get access to NGFW console you should SSH to the ASA, then issue session sfr console command, authenticate (credentials usually different from ASA console) and switch to expert mode.




#31
  • Device Make/ModelCheck point - all appliances
  • Operating SystemGaia
  • DescriptionNetwork interface hang
  • Remediaion StepsContact check point support
  • Command or Methoddmesg
  • Output Example

e1000e 0000:04:00.0: eth2: Detected Hardware Unit Hang:

TDH <369>

TDT <36b>

next_to_use <36b>

next_to_clean <369>

buffer_info[next_to_clean]:

time_stamp <8024cc2e>

next_to_watch <369>

jiffies <8024d2b4>

next_to_watch.status <0>

MAC Status <80783>

PHY Status <796d>

PHY 1000BASE-T Status <3800>

PHY Extended Status <3000>

PCI Status <10>



    • Output Expectations

#32

...


#33
  • Device Make/Model
    • F5
  • Description
    • License expiring nearing rule not updating/generating the alert.

#34

  • Device Make/Model
    • F5
  • Description
    • License expiring nearing rule not updating/generating the alert.

#37
Device Make/Model : Juniper EX and SRX series
Operating System : Junos
Description : Perform check for OS mismatch on Dual boot Juniper EX and SRX devices for firmware. 
Remediaion Steps : Perform recovery procedure
Command or Method : request system snapshot media internal slice alternate