ABC F5 BIGIP Community MP Configuration

,

Hi Ruben Zimmermann I have followed your instructions as per the documentation however I’m not having a great deal of luck getting the MP to work.

See below my Screenshots. The two log files has the following content

F5-Discovery-rest.ps1.log.txt ======================

Start Logging on 09/27/2018 16:17:47

F5-Discovery-snmp.ps1.log.txt ======================

Function-Name: Inital test. Err: BigIP: not reachable!

I have a MIB Browser utility and I can definitely get from the Monitoring Server to the F5’s and do an SNMP Walk.

The same applies for the Web Management

Any idea what might be the reason why this isn’t working?

03.png

Hi@schoeman ,

 

it should work with the updated scripts on GitHub. In the past FQDNs were not supported, now they are.

 

Looking forward to read your testing result.

 

Ruben

1 Like

Just updated them after reading your question here. - Sure about using the latest ones?

Certificate issues should be ignored. & For SNMP they are not involved as far I know.

Do you still get the same error text when running the scripts?

Hm. Could you try to just use the hostname instead of the FQDN?

Can you ping the appliance by just using the hostname?

In our case we’re using default ports for SNMP and HTTPS. - F5 is controlling from which IP ranges it allows the access.

Do you get values if you run this in a PowerShell session?

$F5BigIPHost = 'MyF5Appliance'
$timeOut = 30

$oid = '.1.3.6.1.4.1.3375.2.1.6' #General Info
#or 
$oid =  '.1.3.6.1.4.1.3375.2.1.4' #product info

& C:\usr\bin\snmpwalk.exe -v 2c -t $timeOut -c public $F5BigIPHost $Oid

Hi @Ruben Zimmermann sorry for not getting back to you sooner. I have been away on a mini break. I have run the script for both OID’s see below

Getting the following error when running the code line by line - something to do with “GET not implemented”? Is there something I need to enable on the F5?

I’ve been testing with the free ABC MP, however we went back to the HYCU F5 Big-IP MP for SCOM.
This because we also want to monitor Certificates,…
When we tried to add more oid to monitor, we had troubles finding the correct mib/oid. Next
to that we also use SNMP v3 and base SCOM network monitoring.

I have found the problem:-

The problem is that we do not allow ICMP Ping to our F5 devices therefore when these two scripts run they check to see if the hosts specified in the F5-BigIP-Hosts.csv are up via Test-Connection (PING)

  • F5-Discovery-rest.ps1
  • F5-Discovery-snmp.ps1
I have amended the code on both scripts for where the scripts do a PING check:-

Here is the result for scanning two nodes

The only issue I have now is that nothing seems to be appearing in SCOM. The only thing that is populated is the MonitoringServer(Not Monitored)

Hi Andre,

 

I’ll be back in office on next Monday. Will feedback asap

 

Ruben

Hi Andre,

 

can you find the value in <applianceName>_F5-Discovery-snmp-GeneralInfo.json?

 

Kind regards

 

Ruben

Hi Ruben, The issue with the Appliance name was an error on my part – I didn’t extract the MIBs into the correct folder…

I wonder if you could shed some light on this issue?

We have 2 F5’s in site PW and 2 F5’s in site PB. I started setting up Site PW with WatcherPW (Server running script) – see below Fig 1 showing a health state for both PW1 and PW2 but nothing for BP1 and PB 2 as I have turned off the schedule on WatcherPB (Server running script)

After PW1 and PW2 were completely discovered and health state up-to-date I enabled the Schedule for Site PB to discover PB1 and PB2. See Fig 2 below – Now the health state for PW1 and PW2 have been discarded and PB1 and PB2’s health state is being represented. This has been like this for a few days and both site schedules are running perfectly.

It would seem that this applies to all the group health statuses – Node Addr Group, PoolsTatus Group and TrafficGroupItem Group

It seems the MP can’t represent both sites group statuses at the same time?

Fig 1

Fig 2

Hi there,

 

not sure if I understand you correct. Please confirm :slight_smile:

You firstly exported the information for the first set of F5 waited until they have been discovered. Then you changed the scripts to discover the second set of F5 is that right?

If so I know the reason for the problem. You need to keep all F5 appliance been discoverable. - Configuration files and CSV need to keep. If you don’t SCOM will purge them from the database.

 

Let me know …

Hi Andre,

finally I got your point! At the moment I don’t have a clue why it behaves like you mention. I will do some research and come back to you ?

 

Short update.

I’m working with our F5 guys to add DR set of appliances.- Then I will be able to test with our machines! ?

Hi Andre,

sorry for the late feedback. Even after adding a second monitoring server and another F5 I cannot reproduce the issue.

Currently I cannot find the time to check further.

I saw there is another free F5 MP in the mpcatalog. It looks nice, perhaps you can take a look?

 

Ruben

I have used the latest scripts from GitHub. Do you think it might be certificate related? What certificates do I need to install?

I have just downloaded the new scripts and tested again. No joy getting the same error

I have tried the hostname. What protocol and port does the script use to talk to the F5 device? I know port 161 and 162 need to be open for SNMP and port 443 but what else do I need?

Is it that you couldn’t find the actual MIB OID? If so you could use a utility called a MIB Browser from Manage Engine to do an SNMP Walk. Then you’ll be able to see what OID you need.

https://www.manageengine.com/products/mibbrowser-free-tool/

Had to allow ping from Monitor & SCOM Server to F5 and vice versa. The MP now seems to be working - For some reason the SystemNodeName isn’t being populated

Hi Ruben,
I have attached a Diagram to explain our environment.

Basically, we have two sites. One SCOM environment 2 SCOM servers per site and one SCOM Watcher server per site. Each Watcher server in turn run their own discovery against the F5’s and the agent feed the information back into the SCOM environment. - Hope that makes sense?

I use these Watcher servers for Skype For Business as well to run synthetic transaction etc