Manual Chapter : Monitoring BIG-IP System Traffic with SNMP

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 12.1.1, 12.1.0

BIG-IP APM

  • 12.1.1, 12.1.0

BIG-IP Link Controller

  • 12.1.1, 12.1.0

BIG-IP Analytics

  • 12.1.1, 12.1.0

BIG-IP LTM

  • 12.1.1, 12.1.0

BIG-IP PEM

  • 12.1.1, 12.1.0

BIG-IP AFM

  • 12.1.1, 12.1.0

BIG-IP DNS

  • 12.1.1, 12.1.0

BIG-IP ASM

  • 12.1.1, 12.1.0
Manual Chapter

Monitoring BIG-IP System Traffic with SNMP

Overview: Configuring network monitoring using SNMP

SNMP is an industry standard protocol for monitoring devices on IP networks. You can configure the BIG-IP® system with SNMP traps and an SNMP agent that sends data to an SNMP manager. You can then use the collected data to help you troubleshoot the BIG-IP system.

SNMP deployment worksheet

This table provides information about the prerequisites for a BIG-IP® system SNMP deployment.

Configuration component Prerequisite tasks and considerations
SNMP administrator contact information Determine who is responsible for SNMP administration for the BIG-IP system. The contact information is a MIB-II simple string variable.
Machine location Determine the location of the BIG-IP system. The contact information is a MIB-II simple string variable.
BIG-IP system user role Ensure that your assigned user role is either Administrator or Resource Administrator.
BIG-IP system client allow list Gather the IP or network addresses (with netmask) of the SNMP managers from which the SNMP agent will accept requests.
SNMP manager routes Define a route to the BIG-IP system on the SNMP manager to specify where the manager sends SNMP requests. If the SNMP manager is not on the same subnet as the BIG-IP system, you must also add the route to the SNMP manager to the BIG-IP system routes table, and enable one of the dynamic routing protocols.
Note: For VIPRION systems, the route you define to the BIG-IP system on the SNMP manager must be the route to the VIPRION system cluster management IP address, because SNMP traps are sourced from that IP address.
Access Determine the OID for the top-most node of the SNMP tree to which the access applies.
Communities Determine the v1 and v2c communities and the IP addresses of the SNMP managers that you want to grant access to SNMP data.
Users Determine the v3 users that you want to grant access to SNMP data. Gather authentication types and passwords, and privacy protocols and passwords for each user.
BIG-IP system statistics BIG-IP system statistics are defined by 64-bit counters. SNMP v2c and v3 support 64-bit counters. Therefore, your SNMP manager must use SNMP v2c or v3 to query the BIG-IP system. SNMP v1 does not support 64-bit counters.

Component overview

SNMP device management is based on the standard MIB-II, as well as object IDs and MIB files. A standard SNMP implementation, includes the following components:

SNMP manager
The part of an SNMP system that runs on a management system and makes requests to the BIG-IP system.
SNMP agent
The part of an SNMP system that runs on the BIG-IP system and fulfills requests from the SNMP manager.
Management Information Base (MIB)
A set of data that defines the standard objects on the BIG-IP system that can be managed by the SNMP manager. The objects are presented in a hierarchical, tree structure.
Object identifier (OID)
A numeric identifier that indicates the location of an object within the MIB tree. Each object defined in the MIB has a unique OID, written as a series of integers.
Enterprise MIB
A set of data that defines the objects on the BIG-IP system that are specific to F5 Networks, Inc., and can be managed by the SNMP manager.
MIB file
An ASCII text file that describes SNMP network elements as a list of data objects, including the data type and current validity of each object, as well as a brief description of the purpose of each object. A set of MIB files consists of standard SNMP MIB files and enterprise MIB files.

Permissions on SNMP data objects

This table shows that access to an object depends on the object's access type and the access assigned to a user.

Access type Assigned access level (for community or user) Result access
Read-only Read-only Read-only
Read-only Read-write Read-only
Read-write Read-only Read-only
Read-write Read-write Read-write

About enterprise MIB files

The enterprise MIB files contain F5® Networks specific information. All OIDS for the BIG-IP® system data are contained in the F5 enterprise MIB files, including all interface statistics (1.3.6.1.4.1.3375.2.1.2.4 (sysNetwork.sysInterfaces)). These enterprise MIB files reside on the BIG-IP system:

F5-BIGIP-COMMON-MIB.txt
Contains information that the SNMP manager can use to help manage F5-specific notifications (SNMP traps) that all other BIG-IP MIB files reference.
F5-BIGIP-SYSTEM-MIB.txt
Contains information that the SNMP manager can use to help manage BIG-IP system objects, such as global statistic data, network information, and platform information.
F5-BIGIP-LOCAL-MIB.txt
Contains information that the SNMP manager can use to help manage BIG-IP local traffic objects, such as virtual servers, pools, nodes, profiles, health monitors, iRules®, and SNATs. Also contains information on AFM™ objects, such as firewall rules and DoS vectors.
F5-BIGIP-GLOBAL-MIB.txt
Contains information that the SNMP manager can use to help manage global traffic objects, such as wide IPs, virtual servers, pools, links, servers, and data centers.
F5-BIGIP-APM-MIB.txt
Contains information that the SNMP manager can use to help manage access policy objects, such as profiles, statistics, lease pools, and ACLs.
F5-BIGIP-WAM-MIB.txt
Contains information that the SNMP manager can use to help manage traffic acceleration objects, such as applications, profiles, and statistics.

Task summary

Perform these tasks when working with MIB files.

Downloading enterprise and NET-SNMP MIBs to the SNMP manager

View the set of standard SNMP MIB files that you can download to the SNMP manager, by listing the contents of the BIG-IP® system directory /usr/share/snmp/mibs.
Download compressed files that contain the enterprise and NET-SNMP MIBs.
  1. Click the About tab.
  2. Click Downloads.
  3. Click Download F5 MIBs (mibs_f5.tar.gz) or Download NET-SNMP MIBs (mibs_netsnmp.tar.gz).
  4. Follow the instructions on the screen to complete the download.

Viewing objects in enterprise MIB files

You must have the Administrator user role assigned to your user account.
View information about a BIG-IP system object by listing the contents of an enterprise MIB file.
  1. Access a console window on the BIG-IP system.
  2. At the command prompt, list the contents of the directory /usr/share/snmp/mibs.
  3. View available objects in the relevant MIB file.

Viewing SNMP traps in F5-BIGIP-COMMON-MIB.txt

Verify that you have the Administrator user role assigned to your user account.

When an F5-specific trap sends a notification to the SNMP manager, the SNMP manager receives a text message describing the event or problem that has occurred. You can identify the traps specified in the F5-BIGIP-COMMON-MIB.txt file by viewing the file.

  1. Access a console window on the BIG-IP system.
  2. At the command prompt, list the contents of the directory /usr/share/snmp/mibs.
  3. View the F5-BIGIP-COMMON-MIB.txt file. Look for object names with the designation NOTIFICATION-TYPE.

Viewing dynamic routing SNMP traps and associated OIDs

Verify that you have the Administrator user role assigned to your user account.

When you want to set up your network management systems to watch for problems with dynamic routing, you can view SNMP MIB files to discover the SNMP traps that the dynamic routing protocols send, and to find the OIDs that are associated with those traps.

  1. Access a console window on the BIG-IP system.
  2. At the command prompt, list the contents of the directory /usr/share/snmp/mibs.
  3. View the following dynamic routing MIB files:
    • BGP4-MIB.txt
    • ISIS-MIB.txt
    • OSPF6-MIB.txt
    • OSPF-MIB.txt
    • OSPF-TRAP-MIB.txt
    • RIPv2-MIB.txt

Monitoring BIG-IP system processes using SNMP

Ensure that your SNMP manager is running either SNMP v2c or SNMP v3, because all BIG-IP® system statistics are defined by 64-bit counters, and only SNMP v2c and SNMP v3 support 64-bit counters. Ensure that you have downloaded the F-5 Networks enterprise and NET-SNMP MIBs to the SNMP manager.

You can monitor a specific process on the BIG-IP system using SNMP. To do this you can use the HOST-RESOURCES MIB and write a script to monitor the process.

Write a script to monitor a BIG-IP system process using the HOST-RESOURCES MIB.

For example, this command determines the number of TMM processes currently running on the system: snmpwalk -v2c -c public localhost hrSWRunName | egrep "\"tmm(.[0-9]+)?\"" | wc -l

The script can now query the BIG-IP system about the status of processes.

Collecting BIG-IP system memory usage data using SNMP

You can use an SNMP command with OIDs to gather data on the number of bytes of memory currently being used on the BIG-IP® system.

Note: To interpret data on memory use, you do not need to perform a calculation on the collected data.
Write an SNMP command to gather data on the number of bytes of memory currently being used on the BIG-IP system.

For example, this SNMP command collects data on current memory usage, where public is the community name and bigip is the host name of the BIG-IP system: snmpget -c public bigip sysGlobalStat.sysStatMemoryUsed.0

The SNMP manager can now query the BIG-IP system about CPU and memory usage.

Collecting BIG-IP system data on HTTP requests using SNMP

You can use SNMP commands with an OID to gather and interpret data on the number of current HTTP requests on the BIG-IP® system. The following table shows the required OIDs for polling data on HTTP requests.

Performance Graph Graph Metrics Required SNMP OIDs
HTTP Requests HTTP Requests sysStatHttpRequests (.1.3.6.1.4.1.3375.2.1.1.2.1.56)

The following table shows the required calculations for interpreting metrics on HTTP requests.

Performance Graph Graph Metric Required calculations for HTTP requests
HTTP Requests HTTP Requests <DeltaStatHttpRequests> / <interval>
  1. For each OID, perform two separate polls, at an interval of your choice. For example, poll OID sysStatHttpRequests (.1.3.6.1.4.1.3375.2.1.1.2.1.56)twice, at a 10-second interval. This results in two values, <sysStatHttpRequests1> and <sysStatHttpRequests2>.
  2. Calculate the delta of the two poll values. For example:
    <DeltaStatHttpRequests> = <sysStatHttpRequests2> - <sysStatHttpRequests1>
  3. Perform the calculation on the OID deltas. The value for interval is 10. For example, to calculate the value of the HTTP Requests graph metric:
    (<DeltaStatHttpRequests>) / <interval>

Collecting BIG-IP system data on throughput rates using SNMP

You can use SNMP commands with various OIDs to gather and interpret data on the throughput rate on the BIG-IP® system. The following table shows the individual OIDs that you must poll, retrieving two separate poll values for each OID.

Performance Graph Graph Metrics Required SNMP OIDs
Throughput (summary graph) Client Bits

Client Bits

Server Bits

Server Bits

sysStatClientBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.3)

sysStatClientBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.5)

sysStatServerBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.10)

sysStatServerBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.12)

Client-side Throughput (detailed graph) Client Bits In

Client Bits Out

sysStatClientBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.3)

sysStatClientBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.5)

Server-side Throughput (detailed graph) Server Bits In

Server Bits Out

sysStatServerBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.10)

sysStatServerBytesOut (.1.3.6.1.4.1.3375.2.1.1.2.1.12)

HTTP Compression Rate (detailed graph)

Compression

sysHttpCompressionStatPrecompressBytes (.1.3.6.1.4.1.3375.2.1.1.2.22.2)

The following table shows the required calculations for interpreting metrics on throughput rates.

Performance Graph Graph Metrics Required calculations for throughput rates
Throughput (summary graph) Client Bits

Server  Bits

Compression

( (<DeltaStatClientBytesIn> + <DeltasysStatClientBytesOut> )*8 / <interval>

( (<DeltaStatServerBytesIn> + <DeltaServerStatServerBytesOut> )*8 / <interval>

( <DeltaHttpStatPrecompressBytes>)*8 / <interval>

Throughput (detailed graph) Client Bits In

Client Bits Out

Server Bits In

Server Bits Out

Compression

( <DeltaStatClientBytesIn>)*8 / <interval>

( <DeltaStatClientBytesOut>*8) / <interval>

( <DeltaStatServerBytesIn >*8) / <interval>

( <DeltaStatServerBytesOut>*8) / <interval>

( <DeltaHttpStatPrecompressBytes>*8) / <interval>

  1. For each OID, perform two separate polls, at an interval of your choice. For example, poll OID sysStatServerBytesIn (.1.3.6.1.4.1.3375.2.1.1.2.1.10)twice, at a 10-second interval. This results in two values, <sysStatServerBytesIn1> and <sysStatServerBytesIn2>.
  2. Calculate the delta of the two poll values. For example, for the Server Bits In graphic metric, perform this calculation:
    <DeltaStatServerBytesIn> = <sysStatServerBytesIn2> - <sysStatServerBytesIn1>
  3. Perform the calculation on the OID deltas. For this calculation, it is the average per second in the last <interval>. The value for interval is 10. For example, to calculate the value of the Server Bits In graph metric:
    (<DeltaStatServerBytesIn>) / <interval>

Collecting BIG-IP system data on RAM cache using SNMP

You can use an SNMP command with various OIDs to gather and interpret data on RAM cache use. The following table shows the required OIDs for polling for data on RAM Cache use.

Performance Graph Graph Metric Required SNMP OIDs
RAM Cache Utilization Hit Rate sysWebAccelerationStatCacheHits (.1.3.6.1.4.1.3375.2.1.1.2.23.2)

sysWebAccelerationStatCacheMisses (.1.3.6.1.4.1.3375.2.1.1.2.23.3)

CPU Cache Utilization Byte Rate sysWebAccelerationStatCacheHitBytes (.1.3.6.1.4.1.3375.2.1.1.2.23.5)

sysWebAccelerationStatCacheMissBytes (.1.3.6.1.4.1.3375.2.1.1.2.23.6)

RAM Cache Utilization Eviction Rate sysWebAccelerationStatCacheEvictions (.1.3.6.1.4.1.3375.2.1.1.2.23.10), sysWebAccelerationStatCacheHits (.1.3.6.1.4.1.3375.2.1.1.2.23.2)

sysWebAccelerationStatCacheMisses (.1.3.6.1.4.1.3375.2.1.1.2.23.3)

The following table shows the required calculations for interpreting metrics on RAM Cache use.

Performance Graph Graph Metric Required SNMP OIDs
RAM cache Utilization Hit Rate <sysWebAccelerationStatCacheHits1>) / (<sysWebAccelerationStatCacheHits1> +

<sysWebAccelerationStatCacheMisses1>) / *100

RAM cache Utilization Byte Rate <sysWebAccelerationStatCacheHitBytes1) /

(<sysWebAccelerationStatCacheHitBytes1> +

<sysWebAccelerationStatCacheMissBytes1>) / *100

RAM cache Utilization Eviction Rate <sysWebAccelerationStatCacheEvictions1>) / (<sysWebAccelerationStatCacheHits1> +

<sysWebAccelerationStatCacheMisses1>) / *100

  1. For each OID, poll for data. For example, poll OID sysWebAccelerationStatCacheHits(.1.3.6.1.4.1.3375.2.1.1.2.23.2). This results in a value <sysWebAccelerationStatCacheHits> .
  2. Poll OID sysWebAccelerationStatCacheHits(.1.3.6.1.4.1.3375.2.1.1.2.23.2). This results in a value <sysWebAccelerationStatCacheMisses>.
  3. Perform the calculation using the OID data. For example, to calculate the value of the Hit Rate graphic metric:
    <sysWebAccelerationStatCacheHits> / <sysWebAccelerationStatCacheHits1> + <>) *100).

Collecting BIG-IP system data on SSL transactions using SNMP

You can use SNMP commands with an OID to gather and interpret data on SSL performance. The following table shows the individual OIDS that you must use to poll for SSL transactions using SNMP.

Performance Graph Graph Metrics Required SNMP OIDs
SSL TPS SSL TPS sysClientsslStatToNativeConns (.1.3.6.1.4.1.3375.2.1.1.2.9.6)
SSL TPS SSL TPS sysClientsslStatTotCompatConns (.1.3.6.1.4.1.3375.2.1.1.2.9.9)
SSL TPS SSL TPS sysServersslStatTotNativeConns (.1.3.6.1.4.1.3375.2.1.1.2.10.6)
SSL TPS SSL TPS sysServersslStatTotCompatConns (.1.3.6.1.4.1.3375.2.1.1.2.10.9)

The following table shows the required calculations for interpreting metrics on SSL transactions using SNMP.

Performance Graph Graph Metric Required calculations for SSL TPS
SSL TPS SSL TPS <DeltaClientsslStatClientTotConns>) / (<interval>
  1. For each OID, poll for data. For example, poll OID sysClientsslStatToNativeConns (.1.3.6.1.4.1.3375.2.1.1.2.23.2) and sysClientsslStatTotCompatConns (.1.3.6.1.4.1.3375.2.1.1.2.9.9).
  2. Add the two values together. This results in the value sysClientsslStartTotConns1.
  3. Poll the two OIDs again, within ten seconds of the previous polls.
  4. Again, add the two values together. This results in the value sysClientsslStatToComms2.
  5. Calculate the delta of the two sums:
    <DeltaClientsslStatTotConns> = <sysClientsslStatTotConns2> - <sysClientsslStatTotConns1>.
  6. Perform the calculation on the OID deltas. The value for interval is 10. For example, to calculate the value of the SSL transactions using SNMP:
    (<DeltaClientsslStatClientTotConns>) / <interval>

Collecting BIG-IP system data on CPU usage based on a predefined polling interval

For the CPU[0-n] and Global Host CPU Usage graph metrics, you can instruct the BIG-IP® system to gather and collect CPU usage data automatically, based on a predifined polling interval. Use the sysMultiHostCpu and sysGlobalHostCpu MIBs.

The following table shows the required OIDs for automatic collection of CPU[0-n] graphic metrics.

Performance Graph Graph Metric Required SNMP OIDs
CPU Usage CPU[0-n]

5-second Polling Interval

sysMultiHostCpuUser5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.12)

sysMultiHostCpuNice5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.13)

sysMultiHostCpuSystem5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.14)

sysMultiHostCpuIdle5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.15)

sysMultiHostCpuIrq5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.16)

sysMultiHostCpuSoftirq5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.17)

sysMultiHostCpuIowait5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.18)

sysMultiHostCpuUsageRatio5s (.1.3.6.1.4.1.3375.2.1.7.5.2.1.19)

sysMultiHostCpuUsageRatio (.1.3.6.1.4.1.3375.2.1.7.5.2.1.11)

CPU Usage CPU[0-n]

1-minute Polling Interval

sysMultiHostCpuUser1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.20)

sysMultiHostCpuNice1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.21)

sysMultiHostCpuSystem1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.22)

sysMultiHostCpuIdle1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.23)

sysMultiHostCpuIrq1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.24)

sysMultiHostCpuSoftirq1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.25)

sysMultiHostCpuIowait1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.26)

sysMultiHostCpuUsageRatio1m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.26)

CPU Usage CPU[0-n]

5-minute Polling Interval

sysMultiHostCpuUse5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.28)

sysMultiHostCpuNice5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.29)

sysMultiHostCpuSystem5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.30)

sysMultiHostCpuIdle5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.31)

sysMultiHostCpuIrq5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.32)

sysMultiHostCpuSoftirq5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.33)

sysMultiHostCpuIowait5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.34)

sysMultiHostCpuUsageRatio5m (.1.3.6.1.4.1.3375.2.1.7.5.2.1.35)

The following table shows the required OIDs for automatic collection of Global Host CPU Usage graph metrics.

Performance Graph Graph Metric Required SNMP OIDs
CPU Usage Global Host CPU Usage

5-second Polling Interval

sysGlobalHostCpuUser5s (.1.3.6.1.4.1.3375.2.1.1.2.20.14)

sysGlobalHostCpuNice5s (.1.3.6.1.4.1.3375.2.1.1.2.20.15)

sysGlobalHostCpuSystem5s (.1.3.6.1.4.1.3375.2.1.1.2.20.16)

sysGlobalHostCpuIdle5s (.1.3.6.1.4.1.3375.2.1.1.2.20.17)

sysGlobalHostCpuIrq5s (.1.3.6.1.4.1.3375.2.1.1.2.20.18)

sysGlobalHostCpuSoftirq5s (.1.3.6.1.4.1.3375.2.1.1.2.20.19)

sysGlobalHostCpuIowait5s (.1.3.6.1.4.1.3375.2.1.1.2.20.20)

sysGlobalHostCpuUsageRatio5s (.1.3.6.1.4.1.3375.2.1.1.2.20.21)

sysGlobalHostCpuUsageRatio (.1.3.6.1.4.1.3375.2.1.1.2.20.13)

CPU Usage Global Host CPU Usage

1-minute Polling Interval

sysGlobalHostCpuUser1m (.1.3.6.1.4.1.3375.2.1.1.2.20.22)

sysGlobalHostCpuNice1m (.1.3.6.1.4.1.3375.2.1.1.2.20.23)

sysGlobalHostCpuSystem1m (.1.3.6.1.4.1.3375.2.1.1.2.20.24)

sysGlobalHostCpuIdle1m (.1.3.6.1.4.1.3375.2.1.1.2.20.25)

sysGlobalHostCpuIrq1m (.1.3.6.1.4.1.3375.2.1.1.2.20.26)

sysGlobalHostCpuSoftirq1m (.1.3.6.1.4.1.3375.2.1.1.2.20.27)

sysGlobalHostCpuIowait1m (.1.3.6.1.4.1.3375.2.1.1.2.20.28)

sysGlobalHostCpuUsageRatio1m (.1.3.6.1.4.1.3375.2.1.1.2.20.29)

CPU Usage Global Host CPU Usage

5-minute Polling Interval

sysGlobalHostCpuUse5m (.1.3.6.1.4.1.3375.2.1.1.2.20.30)

sysGlobalHostCpuNice5m (.1.3.6.1.4.1.3375.2.1.1.2.20.31)

sysGlobalHostCpuSystem5m (.1.3.6.1.4.1.3375.2.1.1.2.20.32)

sysGlobalHostCpuIdle5m (.1.3.6.1.4.1.3375.2.1.1.2.20.33))

sysGlobalHostCpuIrq5m (.1.3.6.1.4.1.3375.2.1.1.2.20.34)

sysGlobalHostCpuSoftirq5m (.1.3.6.1.4.1.3375.2.1.1.2.20.35)

sysGlobalHostCpuIowait5m (.1.3.6.1.4.1.3375.2.1.1.2.20.36)

sysGlobalHostCpuUsageRatio5m (.1.3.6.1.4.1.3375.2.1.1.2.20.37)

Collecting BIG-IP system data on CPU usage based on a custom polling interval

For the CPU[0-n], Global Host CPU, and TMM CPU Usage graph metrics, an alternative to instructing the BIG-IP® system to collect CPU usage data automatically, is to do it maually, based on a custom polling interval. For the CPU[0-n] and Global Host CPU graph metrics, use the sysMultiHostCpu and sysGlobalHostCpu MIBs. For the TMM CPU Usage graphic metric, use the sysStatTm MIB.

The following table shows the required SNMP OIDs for collecting CPU data manually.

Performance Graph Graph Metric Required SNMP OIDs
CPU Usage CPU[0-n] sysMultiHostCpuUser (.1.3.6.1.4.1.3375.2.1.7.5.2.1.4)

sysMultiHostCpuNice (.1.3.6.1.4.1.3375.2.1.7.5.2.1.5)

sysMultiHostCpuSystem (.1.3.6.1.4.1.3375.2.1.7.5.2.1.6)

sysMultiHostCpuIdle (.1.3.6.1.4.1.3375.2.1.7.5.2.1.7)

sysMultiHostCpuIrq (.1.3.6.1.4.1.3375.2.1.7.5.2.1.8)

sysMultiHostCpuSoftirq (.1.3.6.1.4.1.3375.2.1.7.5.2.1.9)

sysMultiHostCpuIowait (.1.3.6.1.4.1.3375.2.1.7.5.2.1.10)

CPU Usage TMM[0-m] sysTmmStatTmUsageRatio5s (.1.3.6.1.4.1.3375.2.1.8.2.3.1.37.[tmm_id])

sysTmmStatTmUsageRatio1m (.1.3.6.1.4.1.3375.2.1.8.2.3.1.38.[tmm_id])

sysTmmStatTmUsageRatio5m (.1.3.6.1.4.1.3375.2.1.8.2.3.1.39.[tmm_id])

CPU Usage Global Host CPU Usage sysGlobalHostCpuCount (.1.3.6.1.4.1.3375.2.1.1.2.20.4)

sysGlobalHostActiveCpu (.1.3.6.1.4.1.3375.2.1.1.2.20.5)

sysGlobalHostCpuUser (.1.3.6.1.4.1.3375.2.1.1.2.20.6)

sysGlobalHostCpuNice (.1.3.6.1.4.1.3375.2.1.1.2.20.7)

sysGlobalHostCpuSystem (.1.3.6.1.4.1.3375.2.1.1.2.20.8)

sysGlobalHostCpuIdle (.1.3.6.1.4.1.3375.2.1.1.2.20.9)

sysGlobalHostCpuIrq (.1.3.6.1.4.1.3375.2.1.1.2.20.10)

sysGlobalHostCpuSoftirq (.1.3.6.1.4.1.3375.2.1.1.2.20.11)

sysGlobalHostCpuIowait (.1.3.6.1.4.1.3375.2.1.1.2.20.12)

CPU Usage Global TMM CPU Usage sysGlobalTmmStatTmUsageRatio5s (.1.3.6.1.4.1.3375.2.1.1.2.21.34)

sysGlobalTmmStatTmUsageRatio1m (.1.3.6.1.4.1.3375.2.1.1.2.21.35)

sysGlobalTmmStatTmUsageRatio5m (.1.3.6.1.4.1.3375.2.1.1.2.21.36)
CPU Usage TMM CPU Usage sysStatTmTotalCycles (.1.3.6.1.4.1.3375.2.1.1.2.1.41)

sysStatTmIdleCycles (.1.3.6.1.4.1.3375.2.1.1.2.1.42)

sysStatTmSleepCycles (.1.3.6.1.4.1.3375.2.1.1.2.1.43)

The following table shows the formulas for calculating metrics on CPU use.

Performance Graph Graph Metric Required calculations for CPU use
CPU Usage CPU[0-n] (<DeltaCpuUsers>) + (<DeltaCpuNice> + <DeltaCpuSystem> /

(<DeltaCpuUsers>) + <DeltaCpuNice> + <DeltaCpuIdle> +

<DeltaCpuSystem> + <DeltaCpulrq> + <DeltaCpuSoftirq> +

<DeltaCpulowait>) *100

CPU Usage Global Host CPU Usage (<DeltaCpuUsers> + <DeltaCpuNice> + <DeltaCpuSystem>) /

(<DeltaCpuUsers> + <DeltaCpuNice> + <DeltaCpuIdle> +

<DeltaCpuSystem> + <DeltaCpuIrq> + <DeltaCpuSoftirq> +

<DeltaCpuIowait>) *100

  1. Poll the OID sysMultiHostCpuUser (.1.3.6.1.4.1.3375.2.1.7.5.2.1.4) twice, at a 10-second interval. This results in two values, sysMultiHostCpuUser1and and sysMultiHostCpuUser2.
  2. Calculate the delta of the two poll values. For example:
    <DeltaCpuUser> = <sysMultiHostCpuUser2> - <sysMultiHostCpuUser1>.
  3. Repeat steps 1 and 2 for each OID pertaining to the CPU[0-n] graph metric.
  4. Repeat steps 1 and 2 again, using the OIDs from the MIBs sysStatTmand sysGlobalHostCpu.
  5. Calculate the values of the graphic metrics using the formulas in the table above.

Collecting BIG-IP system performance data on new connections using SNMP

You can use SNMP commands with various OIDs to gather and interpret data on the number of new connections on the BIG-IP® system. The following table shows the required OIDs for the Performance graphs in the Configuration utility.

Performance Graph Graph Metrics Required SNMP OIDs
New Connections Summary Client Accepts

Server Connects

sysTcpStatAccepts (.1.3.6.1.4.1.3375.2.1.1.2.12.6)

sysStatServerTotConns (.1.3.6.1.4.1.3375.2.1.1.2.1.14)

Total New Connections Client Accepts

Server Connects

sysStatClientTotConns(.1.3.6.1.4.1.3375.2.1.1.2.1.7)

sysStatServerTotConns (.1.3.6.1.4.1.3375.2.1.1.2.1.14)

New Client SSL Profile Connections SSL Client

SSL Server

sysClientsslStatTotNativeConns (.1.3.6.1.4.1.3375.2.1.1.2.9.6), sysClientsslStatTotCompatConns (.1.3.6.1.4.1.3375.2.1.1.2.9.9)

sysServersslStatTotNativeConns(.1.3.6.1.4.1.3375.2.1.1.2.10.6), sysServersslStatTotCompatConns (.1.3.6.1.4.1.3375.2.1.1.2.10.9)

New Accepts/ Connects Client Accepts

Server Connects

sysTcpStatAccepts (.1.3.6.1.4.1.3375.2.1.1.2.12.6)

sysTcpStatConnects (.1.3.6.1.4.1.3375.2.1.1.2.12.8)

The following table shows the required calculations for interpreting metrics on new connections.

Performance Graph Graph Metrics Required SNMP OIDs
New Connections Summary Client Accepts

Server Connects

<DeltaTcpStatAccept> / <interval>

<DeltaStatServerTotConns> / <interval>

Total New Connections Client Connects

Server Connects

<DeltaStatClientTotConns> / <interval>

<DeltaStatServerTotConns> / <interval>

New Client SSL Profile Connections SSL Client

SSL Server

( <DeltaClientsslStatTotNativeConns> + <DeltaClientsslStatTotCompatConns>) / <interval>

(<DeltaServersslStatTotNativeConns> + <DeltaServersslStatTotCompatConns>) / <interval>

New Accepts/ Connects Client Accepts

Server Connects

<DeltaTcpStatAccepts> / <interval>

<DeltaTcpStatConnects> / <interval>

  1. For each OID, perform two separate polls, at an interval of your choice.
    For example, for the client accepts metric, poll OID sysTcpStatAccepts (.1.3.6.1.4.1.3375.2.1.1.2.12.6) twice, at a 10-second interval. This results in two values, <sysTcpStatAccepts1> and <sysTcpStatAccepts2>.
  2. Calculate the delta of the two poll values.
    For example, for the client accepts metric, perform this calculation:
    <DeltaTcpStatAccepts> = <sysTcpStatAccepts2> - <sysTcpStatAccepts1>
  3. Perform a calculation on the OID deltas. The value for interval is the polling interval. For example, to calculate the value of the client accepts metric:
    <DeltaTcpStatAccepts> / <interval>

Collecting BIG-IP system performance data on active connections using SNMP

Write an SNMP command with the various OIDs shown in the table to gather and interpret data on the number of active connections on the BIG-IP® system.
Note: To interpret data on active connections, you do not need to perform any calculations on the collected data.
Performance Graph Graph Metrics Required SNMP OIDs
Active Connections Summary Connections sysStatClientCurConns (.1.3.6.1.4.1.3375.2.1.1.2.1.8)
Active Connections Detailed Client

Server

SSL Client

SSL Server

sysStatClientCurConns (.1.3.6.1.4.1.3375.2.1.1.2.1.8)

sysStatServerCurConns (.1.3.6.1.4.1.3375.2.1.1.2.1.15)

sysClientsslStatCurConns (.1.3.6.1.4.1.3375.2.1.1.2.9.2)

sysServersslStatCurConns (.1.3.6.1.4.1.3375.2.1.1.2.10.2)

About the RMON MIB file

The BIG-IP® system provides the remote network monitoring (RMON) MIB file, RMON-MIB.txt. This file contains remote network monitoring information. The implementation of RMON on the BIG-IP system differs slightly from the standard RMON implementation, in the following ways:

  • The BIG-IP system implementation of RMON supports only these four of the nine RMON groups: statistics, history, alarms, and events.
  • The RMON-MIB.txt file monitors the BIG-IP system interfaces (that is, sysIfIndex), and not the standard Linux interfaces.
  • For hardware reasons, the packet-length-specific statistics in the RMON statistics group offer combined transmission and receiving statistics only. This behavior differs from the behavior described in the definitions of the corresponding OIDs.

About customized MIB entries

Customized MIB entries are defined in a TCL file named custom_mib.tcl that you create and save on the BIG-IP® system in the directory /config/snmp/. You must register the customized MIB entries and provide callback to the newly registered MIB using the TCL command register_mib in this format: register_mib oid callback type. The three arguments for the command are described in this table.

Argument Description
oid A customized OID with a format of .1.2.3.4 with a limit of four digits. The common root of a customized MIB OID on the BIG-IP system is .1.3.6.1.4.1.3375.2.100.
callback A TCL procedure that is called when the registered MIB OID is browsed. The procedure cannot have any arguments. The return value of the procedure is returned for the registered MIB entry.
type The type of MIB entry you are customizing. Four types are supported: INT, STRING, GAUGE, and COUNTER.
Here is sample TCL code for two custom MIBs:
  register_mib ".1" system_descr string
  register_mib ".2" tmmcpucnt int
  
  proc system_descr {}
  {
  set status [catch {exec uname -a} result]
  return $result
  }
  
  proc tmmcpucnt {}
  {
  set status [catch {exec tmctl  cpu_status_stat | grep cpu | wc -l} result]
  return $result
  }
  
Note: Customized MIB entries are read-only through SNMP.

Task summary

Perform this task to create a custom MIB entry.

Creating custom MIB entries

You can add customized MIB entries to a BIG-IP® system to provide visibility to statistics and information that are not available through standard MIBs. These statistics and information can help you make decisions about optimizing the BIG-IP system configuration.
  1. Create a TCL file named custom_mib.tcl that contains the customized MIB entries you want to use on the BIG-IP system.
    Ensure accuracy of the TCL procedures you use in the file. Avoid errors, such as infinite loops, which can affect how snmpd works.
    Note: snmpd restarts after being unresponsive for longer than the heartbeat time interval configured in config/snmp/bigipTrafficMgmt.conf.
  2. Save the TCL file to the /config/snmp/ directory on the BIG-IP system.
    Note: After you save custom_mib.tcl, you can modify the file at any time; however, your changes become effective only after you restart snmpd.
  3. Restart snmpd.
    Customized MIB entries are registered. If logging is turned on, you might see log entries in /var/log/snmpd.log, such as custom mib initialization completed. total 4 custom mib entry registered.
Use a MIB browser or snmpwalk to obtain the values of the newly registered MIB entries. Use this information to help you manage your network traffic.

Overview: BIG-IP SNMP agent configuration

You can use the industry-standard SNMP protocol to manage BIG-IP® devices on a network. To do this, you must configure the SNMP agent on the BIG-IP system. The primary tasks in configuring the SNMP agent are configuring client access to the SNMP agent, and controlling access to SNMP data.

Task summary

Perform these tasks to configure SNMP on the BIG-IP system.

Specifying SNMP administrator contact information and system location information

Specify contact information for the SNMP administrator, as well as the physical location of the BIG-IP system running an SNMP agent.

  1. On the Main tab, click System > SNMP > Agent > Configuration .
  2. In the Global Setup area, in the Contact Information field, type contact information for the SNMP administrator for this BIG-IP system.
    The contact information is a MIB-II simple string variable. The contact information usually includes both a user name and an email address.
  3. In the Machine Location field, type the location of the system, such as Network Closet 1.
    The machine location is a MIB-II simple string variable.
  4. Click Update.

Configuring SNMP manager access to the SNMP agent on the BIG-IP system

Gather the IP addresses of the SNMP managers that you want to have access to the SNMP agent on this BIG-IP® system.
Configure the SNMP agent on the BIG-IP system to allow a client running the SNMP manager to access the SNMP agent for the purpose of remotely managing the BIG-IP system.
  1. On the Main tab, click System > SNMP > Agent > Configuration .
  2. In the Client Allow List area, for the Type setting, select either Host or Network, depending on whether the IP address you specify is a host system or a subnet.
    Note: By default, SNMP is enabled only for the BIG-IP system loopback interface (127.0.0.1).
  3. In the Address field, type either an IP address or network address from which the SNMP agent can accept requests.
  4. If you selected Network in step 2, type the netmask in the Mask field.
  5. Click Add.
  6. Click Update.
The BIG-IP system now contains a list of IP addresses for SNMP managers from which SNMP requests are accepted.

Granting community access to v1 or v2c SNMP data

To better control access to SNMP data, you can assign an access level to an SNMP v1 or v2c community.
Note: SNMPv1 does not support Counter64 OIDs, which are used for accessing most statistics. Therefore, for SNMPv1 clients, an snmp walk command skips any OIDs of type Counter64. F5 Networks recommends that you use only clients that support SNMPv2 or higher.
  1. On the Main tab, click System > SNMP > Agent > Access (v1, v2c) .
  2. Click Create.
  3. From the Type list, select either IPv4 or IPv6.
  4. In the Community field, type the name of the SNMP community for which you are assigning an access level.
  5. From the Source list, select All, or select Select and type the source IP address in the field that displays.
  6. In the OID field, type the OID for the top-most node of the SNMP tree to which the access applies.
  7. From the Access list, select an access level, either Read Only or Read/Write.
    Note: When you set the access level of a community or user to read/write, and an individual data object has a read-only access type, access to the object remains read-only. In short, the access level or type that is the most secure takes precedence when there is a conflict.
  8. Click Finished.
The BIG-IP system updates the snmpd.conf file, assigning only a single access setting to the community as shown in this sample snmpd.conf file.

Example snmpd.conf file

In the following sample code from an snmpd.conf file, string rocommunity public default identifies a community named public that has the default read-only access-level. This access-level prevents any allowed SNMP manager in community public from modifying a data object, even if the object has an access type of read/write. The string rwcommunity public1 identifies a community named public1 as having a read/write access-level. This access-level allows any allowed SNMP manager in community public1 to modify a data object under the tree node .1.3.6.1.4.1.3375.2.2.10.1 (ltmVirtualServ) on the local host 127.0.0.1, if that data object has an access type of read/write.
   rocommunity public default
   rwcommunity public1 127.0.0.1  .1.3.6.1.4.1.3375.2.2.10.1
  

Granting user access to v3 SNMP data

To better control access to SNMP data, you can assign an access level to an SNMP v3 user.
  1. On the Main tab, click System > SNMP > Agent > Access (v3) .
  2. Click Create.
  3. In the User Name field, type the name of the user for which you are assigning an access level.
  4. In the Authentication area, from the Type list, select a type of authentication to use, and then type and confirm the user’s password.
  5. In the Privacy area, from the Protocol list, select a privacy protocol, and either type and confirm the user’s password, or select the Use Authentication Password check box.
  6. In the OID field, type the OID for the top-most node of the SNMP tree to which the access applies.
  7. From the Access list, select an access level, either Read Only or Read/Write.
    Note: When you set the access level of a community or user to read/write, and an individual data object has a read-only access type, access to the object remains read-only. In short, the access level or type that is the most secure takes precedence when there is a conflict.
  8. Click Finished.
The BIG-IP system updates the snmpd.conf file, assigning only a single access setting to the user.

Overview: SNMP trap configuration

SNMP traps are definitions of unsolicited notification messages that the BIG-IP® alert system and the SNMP agent send to the SNMP manager when certain events occur on the BIG-IP system. Configuring SNMP traps on a BIG-IP system means configuring how the BIG-IP system handles traps, as well as setting the destination to which the notifications are sent.

The BIG-IP system stores SNMP traps in two specific files:

/etc/alertd/alert.conf
Contains default SNMP traps.
Important: Do not add or remove traps from the /etc/alertd/alert.conf file.
/config/user_alert.conf
Contains user-defined SNMP traps.

Task summary

Perform these tasks to configure SNMP traps for certain events and set trap destinations.

Enabling traps for specific events

You can configure the SNMP agent on the BIG-IP® system to send, or refrain from sending, notifications to the traps destinations.

  1. On the Main tab, click System > SNMP > Traps > Configuration .
  2. To send traps when an administrator starts or stops the SNMP agent, verify that the Enabled check box for the Agent Start/Stop setting is selected.
  3. To send notifications when authentication warnings occur, select the Enabled check box for the Agent Authentication setting.
  4. To send notifications when certain warnings occur, verify that the Enabled check box for the Device setting is selected.
  5. Click Update.
The BIG-IP system automatically updates the alert.conf file.

Setting v1 and v2c trap destinations

Specify the IP address of the SNMP manager in order for the BIG-IP® system to send notifications.

  1. On the Main tab, click System > SNMP > Traps > Destination .
  2. Click Create.
  3. For the Version setting, select either v1 or v2c.
  4. In the Community field, type the community name for the SNMP agent running on the BIG-IP system.
  5. In the Destination field, type the IP address of the SNMP manager.
  6. In the Port field, type the port number on the SNMP manager that is assigned to receive the traps.
  7. For the Network setting, select a trap network.
    The BIG-IP system sends the SNMP trap out of the network that you select.
  8. Click Finished.

Setting v3 trap destinations

Specify the destination SNMP manager to which the BIG-IP® system sends notifications.

  1. On the Main tab, click System > SNMP > Traps > Destination .
  2. Click Create.
  3. For the Version setting, select v3.
  4. In the Destination field, type the IP address of the SNMP manager.
  5. In the Port field, type the port number on the SNMP manager that is assigned to receive the traps.
  6. For the Network setting, select a trap network.
    The BIG-IP system sends the SNMP trap out of the network that you select.
  7. From the Security Level list, select the level of security at which you want SNMP messages processed.
    Option Description
    Auth, No Privacy Process SNMP messages using authentication but without encryption. When you use this value, you must also provide values for the Security Name, Authentication Protocol, and Authentication Password settings.
    Auth and Privacy Process SNMP messages using authentication and encryption. When you use this value, you must also provide values for the Security Name, Authentication Protocol, Authentication Password, Privacy Protocol, and Privacy Password settings.
  8. In the Security Name field, type the user name the system uses to handle SNMP v3 traps.
  9. In the Engine ID field, type an administratively unique identifier for an SNMP engine. (This setting is optional.) You can find the engine ID in the /config/net-snmp/snmpd.conf file on the BIG-IP system. Please note that this ID is identified in the file as the value of the oldEngineID token.
  10. From the Authentication Protocol list, select the algorithm the system uses to authenticate SNMP v3 traps.
    When you set this value, you must also enter a value in the Authentication Password field.
  11. In the Authentication Password field, type the password the system uses to handle an SNMP v3 trap.
    When you set this value, you must also select a value from the Authentication Protocol list.
    Note: The authentication password must be at least 8 characters long.
  12. If you selected Auth and Privacy from the Security Level list, from the Privacy Protocol list, select the algorithm the system uses to encrypt SNMP v3 traps. When you set this value, you must also enter a value in the Privacy Password field.
  13. If you selected Auth and Privacy from the Security Level list, in the Privacy Password field, type the password the system uses to handle an encrypted SNMP v3 trap. When you set this value, you must also select a value from the Privacy Protocol list.
    Note: The authentication password must be at least 8 characters long.
  14. Click Finished.

Viewing pre-configured SNMP traps

Verify that your user account grants you access to the advanced shell.

Pre-configured traps are stored in the /etc/alertd/alert.conf file. View these SNMP traps to understand the data that the SNMP manager can use.

Use this command to view the SNMP traps that are pre-configured on the BIG-IP® system: cat /etc/alertd/alert.conf.

Creating custom SNMP traps

Verify that your user account grants you access to tmsh.
Create custom SNMP traps that alert the SNMP manager to specific SNMP events that occur on the network when the pre-configured traps do not meet all of your needs.
  1. Log in to the command line.
  2. Create a backup copy of the file /config/user_alert.conf, by typing this command: cp /config/user_alert.conf backup_file_name
    For example, type: cp /config/user_alert.conf /config/user_alert.conf.backup
  3. With a text editor, open the file /config/user_alert.conf.
  4. Add a new SNMP trap.
    The required format is:
    alert alert_name "matched message" {     
        snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.XXX"
       }
    • alert_name represents a descriptive name. The alert_name or matched_message value cannot match the corresponding value in any of the SNMP traps defined in the /etc/alertd/alert.conf or /config/user_alert.conf file.
    • matched_message represents the text that matches the Syslog message that triggers the custom trap. You can specify either a portion of the Syslog message text or use a regular expression. Do not include the Syslog prefix information, such as the date stamp and process ID, in the match string.
    • The XXX portion of the OID value represents a number that is unique to this OID. Specify any OID that meets all of these criteria:
      • Is in standard OID format and within the range .1.3.6.1.4.1.3375.2.4.0.300 through .1.3.6.1.4.1.3375.2.4.0.999.
      • Is in a numeric range that can be processed by your trap receiving tool.
      • Does not exist in the MIB file /usr/share/snmp/mibs/F5-BIGIP-COMMON-MIB.txt.
      • Is not used in another custom trap.

    As an example, to create a custom SNMP trap that is triggered whenever the system logs switchboard failsafe status changes, add the following trap definition to /config/user_alert.conf.

    alert SWITCHBOARD_FAILSAFE_STATUS "Switchboard Failsafe (.*)" {
             snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.500"
        }
        
    This trap definition causes the system to log the following message to the file /var/log/ltm, when switchboard failsafe is enabled: Sep 23 11:51:40 bigip1.askf5.com lacpd[27753]: 01160016:6: Switchboard Failsafe enabled.
  5. Save the file.
  6. Close the text editor.
  7. Restart the alertd daemon by typing this command: bigstart restart alertd
    If the alertd daemon fails to start, examine the newly-added trap entry to ensure that the format is correct.

Overview: About troubleshooting SNMP traps

When the BIG-IP® alert system and the SNMP agent send traps to the SNMP manager, you can respond to the alert using the recommended actions for each SNMP trap.

AFM-related traps and recommended actions

This table provides information about the AFM™-related notifications that an SNMP manager can receive.

Trap name Description Recommended action
BIGIP_TMM_TMMERR_DOS_ATTACK_START (.1.3.6.1.4.1.3375.2.4.0.133) The start of a possible DoS attack was registered. Determine your response to this type of DoS attack, if required.
BIGIP_TMM_TMMERR_DOS_ATTACK_STOP (.1.3.6.1.4.1.3375.2.4.0.134) The end of a possible DoS attack was detected. None, informational.
BIGIP_DOSPROTECT_DOSPROTECT_AGGRREAPEROID (.1.3.6.1.4.1.3375.2.4.0.22) The flow sweeper started or stopped. None, informational.

ASM-related traps and recommended actions

This table provides information about the ASM™-related notifications that an SNMP manager can receive.

Trap name Description Recommended action
bigipAsmRequestBlocked (.1.3.6.1.4.1.3375.2.4.0.38) The BIG-IP® system blocked an HTTP request because the request contained at least one violation to the active security policy. Check the HTTP request to determine the cause of the violation.
bigipAsmRequestViolation (.1.3.6.1.4.1.3375.2.4.0.39) The BIG-IP system issued an alert because an HTTP request violated the active security policy. Check the HTTP request to determine the cause of the violation.
bigipAsmFtpRequestBlocked (.1.3.6.1.4.1.3375.2.4.0.79) The BIG-IP system blocked an FTP request because the request contained at least one violation to the active security policy. Check the FTP request to determine the cause of the violation.
bigipAsmFtpRequestViolation (.1.3.6.1.4.1.3375.2.4.0.80) The BIG-IP system issued an alert because an FTP request violated the active security policy. Check the FTP request to determine the cause of the violation.
bigipAsmSmtpRequestBlocked (.1.3.6.1.4.1.3375.2.4.0.85) The BIG-IP system blocked an SMTP request because the request contained at least one violation to the active security policy. Check the SMTP request to determine the cause of the violation.
bigipAsmSmtpRequestViolation (.1.3.6.1.4.1.3375.2.4.0.86) The BIG-IP system issued an alert because an SMTP request violated the active security policy. Check the SMTP request to determine the cause of the violation.
bigipAsmDosAttackDetected (.1.3.6.1.4.1.3375.2.4.0.91) The BIG-IP system detected a denial-of-service (DoS) attack. Determine the availability of the application by checking the response time of the site.

Check the BIG-IP ASM logs:

  • Identify the source IP of the attack and observe other violations from the same source. Determine if the source IP is attacking other resources. Consider blocking the source IP in the ACL.
  • Identify the URL that is under attack. Consider disabling the URL, if the attack is not mitigated quickly.
bigipAsmBruteForceAttackDetected (.1.3.6.1.4.1.3375.2.4.0.92) The BIG-IP system detected a brute force attack. Check the BIG-IP ASM logs:
  • Identify the source IP of the attack and observe other violations from the same source. Determine if the source IP is attacking other resources. Consider blocking the source IP in the ACL.
  • Identify the user name that is under attack. Consider contacting the user and locking their account.

Application Visibility and Reporting-related traps and recommended actions

This table provides information about the Application Visibility and Reporting (AVR) notifications that an SNMP manager can receive.

Trap name Description Recommended action
bigipAvrAlertsMetricSnmp (.1.3.6.1.4.1.3375.2.4.0.105) A BIG-IP system AVR SNMP metric changed. Information only, no action required.
bigipAvrAlertsMetricSmtp (.1.3.6.1.4.1.3375.2.4.0.106) A BIG-IP system AVR SMTP metric changed. Information only, no action required.

Authentication-related traps and recommended actions

This table provides information about the authentication-related notifications that an SNMP manager can receive.

Trap Name Description Recommended Action
bigipTamdAlert (.1.3.6.1.4.1.3375.2.4.0.21) More than 60 authentication attempts have failed within one second, for a given virtual server. Investigate for a possible intruder.
bigipAuthFailed (.1.3.6.1.4.1.3375.2.4.0.27) A login attempt failed. Check the user name and password.

DoS-related traps and recommended actions

This table provides information about the denial-of-service (DoS)-related notifications that an SNMP manager can receive.

Trap name Description Recommended action
bigipAggrReaperStateChange (.1.3.6.1.4.1.3375.2.4.0.22) The state of the aggressive reaper has changed, indicating that the BIG-IP® system is moving to a distress mode. Use the default denial-of-service (DoS) settings. You can also add rate filters to survive the attack.
bigipDosAttackStart (.1.3.6.1.4.1.3375.2.4.0.133) The BIG-IP system detected a DoS attack start. Check the attack name in the notification to determine the kind of attack that is detected.
bigipDosAttackStop (.1.3.6.1.4.1.3375.2.4.0.134) The BIG-IP system detected a DoS attack stop. Information only, no action required.

General traps and recommended actions

This table provides information about the general notifications that an SNMP manager can receive.

Trap name Description Recommended action
bigipDiskPartitionWarn (.1.3.6.1.4.1.3375.2.4.0.25) Free space on the disk partition is less than the specified limit. By default, the limit is 30% of total disk space. Increase the available disk space.
bigipDiskPartitionGrowth (.1.3.6.1.4.1.3375.2.4.0.26) The disk partition use exceeds the specified growth limit. By default, the limit is 5% of total disk space. Increase the available disk space.
bigipUpdatePriority (.1.3.6.1.4.1.3375.2.4.0.153) There is a high priority software update available. Download and install the software update.
bigipUpdateServer (.1.3.6.1.4.1.3375.2.4.0.154) Unable to connect to the F5® server running update checks. Verify the server connection settings.
bigipUpdateError (.1.3.6.1.4.1.3375.2.4.0.155) There was an error checking for updates. Investigate the error.
bigipAgentStart (.1.3.6.1.4.1.3375.2.4.0.1) The SNMP agent on the BIG-IP system has been started. For your information only. No action required.
bigipAgentShutdown (.1.3.6.1.4.1.3375.2.4.0.2) The SNMP agent on the BIG-IP system is in the process of being shut down. For your information only. No action required.
bigipAgentRestart (.1.3.6.1.4.1.3375.2.4.0.3) The SNMP agent on the BIG-IP system has been restarted. This trap is for future use only.

BIG-IP DNS-related traps and recommended actions

This table provides information about the DNS-related notifications that an SNMP manager can receive.

Trap name Description Recommended action
bigipGtmBoxAvail (.1.3.6.1.4.1.3375.2.4.0.77) The BIG-IP® system has come UP. Information only, no action required.
bigipGtmBoxNotAvail (.1.3.6.1.4.1.3375.2.4.0.78) The BIG-IP system has gone DOWN. Information only, no action required.
bigipGtmBig3dSslCertExpired (.1.3.6.1.4.1.3375.2.4.0.81) The certificate /config/big3d/client.crt has expired. Replace the certificate.
bigipGtmBig3dSslCertWillExpire (.1.3.6.1.4.1.3375.2.4.0.82) The certificate /config/big3d/client.crt will expire soon. Replace the certificate.
bigipGtmSslCertExpired (.1.3.6.1.4.1.3375.2.4.0.83) The certificate /config/gtm/server.crt has expired. Replace the certificate.
bigipGtmSslCertWillExpire (.1.3.6.1.4.1.3375.2.4.0.84) The certificate /config/gtm/server.crt will expire soon. Replace the certificate.
bigipGtmPoolAvail (.1.3.6.1.4.1.3375.2.4.0.40) A global traffic management pool is available. Information only, no action required.
bigipGtmPoolNotAvail (.1.3.6.1.4.1.3375.2.4.0.41) A global traffic management pool is not available. Information only, no action required.
bigipGtmPoolDisabled (.1.3.6.1.4.1.3375.2.4.0.42) A global traffic management pool is disabled. Check the status of the pool.
bigipGtmPoolEnabled (.1.3.6.1.4.1.3375.2.4.0.43) A global traffic management pool is enabled. Information only, no action required.
bigipGtmLinkAvail (.1.3.6.1.4.1.3375.2.4.0.44) A global traffic management link is available. Information only, no action required.
bigipGtmLinkNotAvail (.1.3.6.1.4.1.3375.2.4.0.45) A global traffic management link is not available. Check the status of the link, as well as the relevant detailed log message.
bigipGtmLinkDisabled (.1.3.6.1.4.1.3375.2.4.0.46) A global traffic management link is disabled. Check the status of the link.
bigipGtmLinkEnabled (.1.3.6.1.4.1.3375.2.4.0.47) A global traffic management link is enabled. Information only, no action required.
bigipGtmWideIpAvail (.1.3.6.1.4.1.3375.2.4.0.48) A global traffic management wide IP is available. Information only, no action required.
bigipGtmWideIpNotAvail (.1.3.6.1.4.1.3375.2.4.0.49) A global traffic management wide IP is unavailable. Check the status of the wide IP, as well as the relevant detailed log message.
bigipGtmWideIpDisabled (.1.3.6.1.4.1.3375.2.4.0.50) A global traffic management wide IP is disabled. Check the status of the wide IP.
bigipGtmWideIpEnabled (.1.3.6.1.4.1.3375.2.4.0.51) A global traffic management wide IP is enabled. Information only, no action required.
bigipGtmPoolMbrAvail (.1.3.6.1.4.1.3375.2.4.0.52) A global traffic management pool member is available. Information only, no action required.
bigipGtmPoolMbrNotAvail (.1.3.6.1.4.1.3375.2.4.0.53) A global traffic management pool member is not available. Check the status of the pool member, as well as the relevant detailed log message.
bigipGtmPoolMbrDisabled (.1.3.6.1.4.1.3375.2.4.0.54) A global traffic management pool member is disabled. Check the status of the pool member.
bigipGtmPoolMbrEnabled (.1.3.6.1.4.1.3375.2.4.0.55) A global traffic management pool member is enabled. Information only, no action required.
bigipGtmServerAvail (.1.3.6.1.4.1.3375.2.4.0.56) A global traffic management server is available. Information only, no action required.
bigipGtmServerNotAvail (.1.3.6.1.4.1.3375.2.4.0.57) A global traffic management server is unavailable. Check the status of the server, as well as the relevant detailed log message.
bigipGtmServerDisabled (.1.3.6.1.4.1.3375.2.4.0.58) A global traffic management server is disabled. Check the status of the server.
bigipGtmServerEnabled (.1.3.6.1.4.1.3375.2.4.0.59) A global traffic management server is enabled. Information only, no action required.
bigipGtmVsAvail (.1.3.6.1.4.1.3375.2.4.0.60) A global traffic management virtual server is available. Information only, no action required.
bigipGtmVsNotAvail (.1.3.6.1.4.1.3375.2.4.0.61) A global traffic management virtual server is unavailable. Check the status of the virtual server, as well as the relevant detailed log message.
bigipGtmVsDisabled (.1.3.6.1.4.1.3375.2.4.0.62) A global traffic management virtual server is disabled. Check the status of the virtual server.
bigipGtmVsEnabled (.1.3.6.1.4.1.3375.2.4.0.63) A global traffic management virtual server is enabled. Information only, no action required.
bigipGtmDcAvail (.1.3.6.1.4.1.3375.2.4.0.64) A global traffic management data center is available. Information only, no action required.
bigipGtmDcNotAvail (.1.3.6.1.4.1.3375.2.4.0.65) A global traffic management data center is unavailable. Check the status of the data center, as well as the relevant detailed log message.
bigipGtmDcDisabled (.1.3.6.1.4.1.3375.2.4.0.66) A global traffic management data center is disabled. Check the status of the data center.
bigipGtmDcEnabled (.1.3.6.1.4.1.3375.2.4.0.67) A global traffic management data center is enabled. Information only, no action required.
bigipGtmAppObjAvail (.1.3.6.1.4.1.3375.2.4.0.69) A global traffic management application object is available. Information only, no action required.
bigipGtmAppObjNotAvail (.1.3.6.1.4.1.3375.2.4.0.70) A global traffic management application object is unavailable. Check the status of the application object, as well as the relevant detailed log message.
bigipGtmAppAvail (.1.3.6.1.4.1.3375.2.4.0.71) A global traffic management application is available. Information only, no action required.
bigipGtmAppNotAvail (.1.3.6.1.4.1.3375.2.4.0.72) A global traffic management application is unavailable. Check the status of the application, as well as the relevant detailed log message.
bigipGtmJoinedGroup (.1.3.6.1.4.1.3375.2.4.0.73) The BIG-IP system joined a global traffic management synchronization group. Information only, no action required.
bigipGtmLeftGroup (.1.3.6.1.4.1.3375.2.4.0.74) The BIG-IP system left a global traffic management synchronization group. Information only, no action required.
bigipGtmKeyGenerationExpiration (.1.3.6.1.4.1.3375.2.4.0.95) A generation of a DNSSEC key expired. Information only, no action required.
bigipGtmKeyGenerationRollover (.1.3.6.1.4.1.3375.2.4.0.94) A generation of a DNSSEC key rolled over. Information only, no action required.
bigipGtmProberPoolDisabled (.1.3.6.1.4.1.3375.2.4.0.99) A global traffic management prober pool is disabled. Check the status of the prober pool.
bigipGtmProberPoolEnabled (.1.3.6.1.4.1.3375.2.4.0.100) A global traffic management prober pool is enabled. Information only, no action required.
bigipGtmProberPoolStatusChange (.1.3.6.1.4.1.3375.2.4.0.97) The status of a global traffic management prober pool has changed. Check the status of the prober pool.
bigipGtmProberPoolStatusChangeReason (.1.3.6.1.4.1.3375.2.4.0.98) The reason the status of a global traffic management prober pool has changed. The action required is based on the reason given.
bigipGtmProberPoolMbrDisabled (.1.3.6.1.4.1.3375.2.4.0.103) A global traffic management prober pool member is disabled. Check the status of the prober pool member.
bigipGtmProberPoolMbrEnabled (.1.3.6.1.4.1.3375.2.4.0.104) A global traffic management prober pool member is enabled. Information only, no action required.
bigipGtmProberPoolMbrStatusChange (.1.3.6.1.4.1.3375.2.4.0.101) The status of a global traffic management prober pool member has changed. Check the status of the prober pool member.
bigipGtmProberPoolMbrStatusChangeReason (.1.3.6.1.4.1.3375.2.4.0.102) The reason the status of a global traffic management prober pool member has changed. The action required is based on the reason given.

Hardware-related traps and recommended actions

This table provides information about hardware-related notifications that an SNMP manager can receive. If you receive any of these alerts, contact F5® Networks technical support.

Trap name and Associated OID Description Recommended action
bigipAomCpuTempTooHigh (.1.3.6.1.4.1.3375.2.4.0.93) The AOM is reporting that the air temperature near the CPU is too high. Check the input and output air temperatures. Run an iHealth® report and troubleshoot based on the results. If the condition persists, contact F5 Networks technical support.
bigipBladeNoPower (.1.3.6.1.4.1.3375.2.4.0.88) A blade lost power. Contact F5 Networks technical support.
bigipBladeTempHigh (.1.3.6.1.4.1.3375.2.4.0.87) The temperature of a blade is too high. This trap might be spurious. If the condition persists, contact F5 Networks technical support.
bigipBladeOffline (.1.3.6.1.4.1.3375.2.4.0.90) A blade has failed. Remove the blade. Contact F5 Networks technical support.
bigipChmandAlertFanTrayBad (.1.3.6.1.4.1.3375.2.4.0.121) A fan tray in a chassis is bad or was removed. Replace the fan tray. If the condition persists, contact F5 Networks technical support.
bigipCpuTempHigh The CPU temperature is too high. Check the input and output air temperatures. Run an iHealth report and troubleshoot based on the results. If the condition persists, contact F5 Networks technical support.
bigipCpuFanSpeedLow (.1.3.6.1.4.1.3375.2.4.0.5) The CPU fan speed is too low. Check the CPU temperature. If the CPU temperature is normal, the condition is not critical. If the condition persists, contact F5 Networks technical support.
bigipCpuFanSpeedBad (.1.3.6.1.4.1.3375.2.4.0.6) The CPU fan is not receiving a signal. Check the CPU temperature. If the CPU temperature is normal, the condition is not critical. If the condition persists, contact F5 Networks technical support.
bigipSystemCheckAlertFanSpeedLow (.1.3.6.1.4.1.3375.2.4.0.115) The system fan speed is too low. This condition is critical. Replace the fan tray. These appliances do not have fan trays: 1600, 3600, 3900, EM4000, 2000, 4000. If the condition persists, contact F5 Networks technical support.
bigipSystemCheckAlertVoltageHigh (.1.3.6.1.4.1.3375.2.4.0.114) The system voltage is too high. Review additional error messages in the log files. Unplug the system. Contact F5 Networks technical support.
Note: This alert does not happen for standby power.
bigipSystemCheckAlertVoltageLow (.1.3.6.1.4.1.3375.2.4.0.123) The system voltage is too low. Review additional error messages in the log files. Unplug the system. Contact F5 Networks technical support.
Note: This alert does not happen for standby power.
bigipSystemCheckAlertMilliVoltageHigh (.1.3.6.1.4.1.3375.2.4.0.124) The system milli-voltage is too high. Review additional error messages in the log files. Unplug the system. Contact F5 Networks technical support.
Note: This alert does not happen for standby power.
bigipSystemCheckAlertMilliVoltageLow (.1.3.6.1.4.1.3375.2.4.0.127) The system milli-voltage is too low. Review additional error messages in the log files. Unplug the system. Contact F5 Networks technical support.
Note: This alert does not happen for standby power.
bigipSystemCheckAlertTempHigh (.1.3.6.1.4.1.3375.2.4.0.113) The system temperature is too high. Check the system and air temperatures. If the condition persists, contact F5 Networks technical support.
bigipSystemCheckAlertCurrentHigh (.1.3.6.1.4.1.3375.2.4.0.125) The system current is too high. Review additional error messages in the log files. Unplug the system. Contact F5 Networks technical support.
Note: This alert does not happen for standby power.
bigipSystemCheckAlertCurrentLow (.1.3.6.1.4.1.3375.2.4.0.128) The system current is too low. Review additional error messages in the log files. Unplug the system. Contact F5 Networks technical support.
Note: This alert does not happen for standby power.
bigipSystemCheckAlertPowerHigh (.1.3.6.1.4.1.3375.2.4.0.126) The system power is too high. Review additional error messages in the log files. Unplug the system. Contact F5 Networks technical support.
Note: This alert does not happen for standby power.
bigipSystemCheckAlertPowerLow (.1.3.6.1.4.1.3375.2.4.0.129) The system power is too low. Review additional error messages in the log files. Unplug the system. Contact F5 Networks technical support.
Note: This alert does not happen for standby power.
bigipChassisTempHigh (.1.3.6.1.4.1.3375.2.4.0.7) The temperature of the chassis is too high. Contact F5 Networks technical support.
bigipChassisFanBad (.1.3.6.1.4.1.3375.2.4.0.8) The chassis fan is not operating properly. Replace the fan tray. If the condition persists, contact F5 Networks technical support.
bigipChassisPowerSupplyBad (.1.3.6.1.4.1.3375.2.4.0.9) The chassis power supply is not functioning properly. Verify that the power supply is plugged in. In the case of a dual-power-supply system, verify that both power supplies are plugged in. Contact F5 Networks technical support.
bigipLibhalBladePoweredOff (.1.3.6.1.4.1.3375.2.4.0.119) A blade is powered off. Contact F5 Networks technical support.
bigipLibhalSensorAlarmCritical (.1.3.6.1.4.1.3375.2.4.0.120) The hardware sensor on a blade indicates a critical alarm. Review any additional error messages that your receive, and troubleshoot accordingly. If the condition persists, contact F5 Networks technical support.
bigipLibhalDiskBayRemoved (.1.3.6.1.4.1.3375.2.4.0.118) A disk sled was removed from a bay. Information only, no action required.
bigipLibhalSsdLogicalDiskRemoved (.1.3.6.1.4.1.3375.2.4.0.117) An SSD logical disk was removed from the BIG-IP® system. Information only, no action required.
bigipLibhalSsdPhysicalDiskRemoved (.1.3.6.1.4.1.3375.2.4.0.116) An SSD physical disk was removed from the BIG-IP system. Information only, no action required.
bigipRaidDiskFailure (.1.3.6.1.4.1.3375.2.4.0.96) An disk in a RAID disk array failed. On www.askf5.com, see SOL10856: Overview of hard drive mirroring. If the problem persists, contact F5 Networks technical support.
bigipSsdMwiNearThreshold (.1.3.6.1.4.1.3375.2.4.0.111) An SSD disk is reaching a known wear threshold. Contact F5 Networks technical support.
bigipSsdMwiReachedThreshold (.1.3.6.1.4.1.3375.2.4.0.112) An SSD disk is worn out. If this is the first alert, the disk might continue to operate for a short time. Contact F5 Networks technical support.
bigipNetLinkDown (.1.3.6.1.4.1.3375.2.4.0.24) An interface link is down. This alert applies to L1 and L2, which are internal links within the device connecting the CPU and Switch subsystems. These links should never be down. If this occurs, the condition is serious. Contact F5 Networks technical support.
bigipExternalLinkChange (.1.3.6.1.4.1.3375.2.4.0.37) The status of an external interface link has changed to either UP, DOWN, or UNPOPULATED. This occurs when network cables are added or removed, and the network is reconfigured. Determine whether the link should be down or up, and then take the appropriate action.
bigipPsPowerOn (.1.3.6.1.4.1.3375.2.4.0.147) The power supply for the BIG-IP system was powered on. Information only, no action required, unless this trap is unexpected. In that case, verify that the power supply is working and that system has not rebooted.
bigipPsPowerOff (.1.3.6.1.4.1.3375.2.4.0.148) The power supply for the BIG-IP system was powered off. Information only, no action required, unless power off was unexpected. In that case, verify that the power supply is working and that system has not rebooted.
bigipPsAbsent (.1.3.6.1.4.1.3375.2.4.0.149) The power supply for the BIG-IP system cannot be detected.

Information only, no action required when the BIG-IP device is operating with one power supply. For BIG-IP devices with two power supplies installed, verify that both power supplies are functioning correctly and evaluate symptoms.

bigipSystemShutdown (.1.3.6.1.4.1.3375.2.4.0.151) The BIG-IP system has shut down. Information only, no action required when the shut down was expected. Otherwise, investigate the cause of the unexpected reboot.
bigipFipsDeviceError (.1.3.6.1.4.1.3375.2.4.0.152) The FIPS card in the BIG-IP system has encountered a problem. Contact F5 Networks technical support.

High-availability system-related traps and recommended actions

This table provides information about the high-availability system-related notifications that an SNMP manager can receive.

Trap name Description Recommended action
bigipStandby (.1.3.6.1.4.1.3375.2.4.0.14) The BIG-IP® system has switched to standby mode. Review the log files in the /var/log directory and then search for core files in the /var/core directory. If you find a core file, or find text similar to fault at location xxxx stack trace:, contact F5® Networks technical support.
bigipStandByFail (.1.3.6.1.4.1.3375.2.4.0.75) In failover condition, this standby system cannot become active. Investigate failover condition on the standby system.
bigipActive (.1.3.6.1.4.1.3375.2.4.0.15) The BIG-IP system has switched to active mode. Information only, no action required.
bigipActiveActive (.1.3.6.1.4.1.3375.2.4.0.16) The BIG-IP system is in active-active mode. Information only, no action required.
bigipFeatureFailed (.1.3.6.1.4.1.3375.2.4.0.17) A high-availability feature has failed. View high-availability processes and their current status.
bigipFeatureOnline (.1.3.6.1.4.1.3375.2.4.0.18) A high-availability feature is responding. View high-availability processes and their current status.
bigipTrafficGroupStandby (.1.3.6.1.4.1.3375.2.4.0.141) The status of a traffic group has changed to stand by. Information only, no action required. To determine the reason for the failover, review the LTM® log /var/log/ltm and search for keywords active or standby. Additionally, you can run the tmsh command tmsh show sys ha-status to view the failover conditions.
bigipTrafficGroupActive (.1.3.6.1.4.1.3375.2.4.0.142) The status of a traffic group has changed to active. Information only, no action required. To determine the reason for the failover, review the LTM log /var/log/ltm and search for keywords active or standby. Additionally, you can run the tmsh command tmsh show sys ha-status to view the failover conditions.
bigipTrafficGroupOffline (.1.3.6.1.4.1.3375.2.4.0.143) The status of a traffic group has changed to offline. Information only, no action required.
bigipTrafficGroupForcedOffline (.1.3.6.1.4.1.3375.2.4.0.144) The status of a traffic group has changed to forced offline. Information only, no action required.
bigipTrafficGroupDeactivate (.1.3.6.1.4.1.3375.2.4.0.145) A traffic group was deactivated. Information only, no action required. To determine the reason for the deactivation, review the LTM log /var/log/ltm and search for the keyword deactivate.
bigipTrafficGroupActivate (.1.3.6.1.4.1.3375.2.4.0.146) A traffic group was activated. Information only, no action required. To determine the reason for the deactivation, review the LTM log /var/log/ltm and search for the keyword activate.

License-related traps and recommended actions

This table provides information about the license-related notifications that an SNMP manager can receive.

Trap name Description Recommended action
bigipLicenseFailed (.1.3.6.1.4.1.3375.2.4.0.19) Validation of a BIG-IP® system license has failed, or the dossier has errors. Occurs only when first licensing the system or adding a module key (such as HTTP compression) to an existing system. If using automatic licensing, verify connectivity to the outside world, fix the dossier if needed, and try again.
bigipLicenseExpired (.1.3.6.1.4.1.3375.2.4.0.20) The BIG-IP license has expired. Call F5® Networks technical support.
bigipDnsRequestRateLimiterEngaged (.1.3.6.1.4.1.3375.2.4.0.139) The BIG-IP DNS Services license is rate-limited and the system has reached the rate limit. Call F5 Networks technical support to upgrade your license.
bigipGtmRequestRateLimiterEngaged (.1.3.6.1.4.1.3375.2.4.0.140) The BIG-IP DNS license is rate-limited and the system has reached the rate limit. Call F5 Networks technical support to upgrade your license.
bigipCompLimitExceeded (.1.3.6.1.4.1.3375.2.4.0.35) The compression license limit is exceeded. Purchase additional compression licensing from F5 Networks.
bigipSslLimitExceeded (.1.3.6.1.4.1.3375.2.4.0.36) The SSL license limit is exceeded, either for transactions per second (TPS) or for megabits per second (MPS). Purchase additional SSL licensing from F5 Networks.

LTM-related traps and recommended actions

This table provides information about the LTM®-related notifications that an SNMP manager can receive.

Trap name Description Recommended action
bigipUnsolicitedRepliesExceededThreshold (.1.3.6.1.4.1.3375.2.4.0.122) The BIG-IP® system DNS cache received unsolicited query replies exceeding the configured threshold. Check the BIG-IP system logs to determine if the system is experiencing a distributed denial-of-service (DDoS) attack.
bigipNodeRate (.1.3.6.1.4.1.3375.2.4.0.130) A local traffic management node has received connections exceeding the configured rate-limit. Consider provisioning more resources on the BIG-IP system for this virtual server.
bigipNodeDown (.1.3.6.1.4.1.3375.2.4.0.12) A BIG-IP system health monitor has marked a node as down. Check the node and the cable connection.
bigipNodeUp (.1.3.6.1.4.1.3375.2.4.0.13) A BIG-IP system health monitor has marked a node as up. Information, no action required.
bigipMemberRate (.1.3.6.1.4.1.3375.2.4.0.131) A local traffic management pool member has received connections exceeding the configured rate-limit. Consider provisioning more resources on the BIG-IP system for this virtual server.
bigipVirtualRate (.1.3.6.1.4.1.3375.2.4.0.132) A local traffic management virtual server has received connections exceeding the configured rate-limit. Consider provisioning more resources on the BIG-IP system for this virtual server.
bigipLtmVsAvail (.1.3.6.1.4.1.3375.2.4.0.135) A local traffic management virtual server is available to receive connections. Information only, no action required.
bigipLtmVsUnavail (.1.3.6.1.4.1.3375.2.4.0.136) A local traffic management virtual server is not available to receive connections. Check the virtual server.
bigipLtmVsEnabled (.1.3.6.1.4.1.3375.2.4.0.137) A local traffic management virtual server is enabled. Information only, no action required.
bigipLtmVsDisabled (.1.3.6.1.4.1.3375.2.4.0.138) A local traffic management virtual server is disabled. Information only, no action required.
bigipServiceDown (.1.3.6.1.4.1.3375.2.4.0.10) A BIG-IP system health monitor has detected a service on a node to be stopped and thus marked the node as down. Restart the service on the node.
bigipServiceUp (.1.3.6.1.4.1.3375.2.4.0.11) A BIG-IP system health monitor has detected a service on a node to be running and has therefore marked the node as up. Information only, no action required.
bigipPacketRejected (.1.3.6.1.4.1.3375.2.4.0.34) The BIG-IP system has rejected some packets. Check the detailed message within this trap and act accordingly.
bigipInetPortExhaustion (.1.3.6.1.4.1.3375.2.4.0.76) The TMM has run out of source ports and cannot open new communications channels with other machines. Either increase the number of addresses available for SNAT automapping or SNAT pools, or lower the idle timeout value if the value is excessively high.

Logging-related traps and recommended actions

This table provides information about the logging-related notifications that an SNMP manager can receive.

Trap name Description Recommended action
bigipLogEmerg (.1.3.6.1.4.1.3375.2.4.0.29) The BIG-IP® system is unusable. This notification occurs when the system logs a message with the log level LOG_EMERG. Check the detailed message within this trap and within the /var/log files to determine which process has the emergency. Then act accordingly.
bigipLogAlert (.1.3.6.1.4.1.3375.2.4.0.30) The BIG-IP system requires immediate action to function properly. This notification occurs when the system logs a message with the log level LOG_ALERT. Check the detailed message within this trap and within the /var/log files to determine which process has the alert situation. Then act accordingly.
bigipLogCrit (.1.3.6.1.4.1.3375.2.4.0.31) The BIG-IP system is in critical condition. This notification occurs when the system logs a message with the log level LOG_CRIT. Check the detailed message within this trap and within the /var/log files to determine which process has the critical situation. Then act accordingly.
bigipLogErr (.1.3.6.1.4.1.3375.2.4.0.32) The BIG-IP system has some error conditions. This notification occurs when the system logs a message with the log level LOG_ERR. Check the detailed message within this trap and within the /var/log files to determine which processes have the error conditions. Then act accordingly.
bigipLogWarning (.1.3.6.1.4.1.3375.2.4.0.33) The BIG-IP system is experiencing some warning conditions. This notification occurs when the system logs a message with the log level LOG_WARNING. Check the detailed message within this trap and within the /var/log files to determine which processes have the warning conditions. Then act accordingly.

Network-related traps and recommended actions

This table provides information about the network-related notifications that an SNMP manager can receive.

Trap name Description Recommended action
bigipARPConflict (.1.3.6.1.4.1.3375.2.4.0.23) The BIG-IP ®system has detected an ARP advertisement for any of its own ARP-enabled addresses. This can occur for a virtual server address or a self IP address. Check IP addresses and routes.

vCMP-related traps and recommended actions

This table provides information about the virtual clustered multiprocessing (vCMP®)-related notifications that an SNMP manager can receive.

Trap name Description Recommended action
bigipVcmpAlertsVcmpPowerOn (.1.3.6.1.4.1.3375.2.4.0.107) The BIG-IP® system powered on a vCMP guest from a suspended or powered-off state. Information only, no action required.
bigipVcmpAlertsVcmpPowerOff (.1.3.6.1.4.1.3375.2.4.0.108) The BIG-IP system powered off a vCMP guest. Information only, no action required.
bigipVcmpAlertsVcmpHBLost (.1.3.6.1.4.1.3375.2.4.0.109) The BIG-IP system cannot detect a heartbeat from a vCMP guest. Check the guest and restart, if necessary.
bigipVcmpAlertsVcmpHBDetected (.1.3.6.1.4.1.3375.2.4.0.110) The BIG-IP system detected a heartbeat from a new or returning vCMP guest. Information only, no action required.

VIPRION-related traps and recommended actions

This table provides information about the VIPRION®-related notifications that an SNMP manager can receive.

Trap name Description Recommended action
bigipClusterdNoResponse (.1.3.6.1.4.1.3375.2.4.0.89) The cluster daemon failed to respond for 10 seconds or more. Start the cluster daemon.
bigipClusterPrimaryChanged (.1.3.6.1.4.1.3375.2.4.0.150) The primary cluster has changed. Information only, no action required.