I was just about to post almost exactly the same message when I came across your post. In my case, I have a customized /etc/alertd/alert.conf to send me email notifications. And when I upgraded to v10, I suddenly started getting these notifications which I wasn't expecting. There is something more happening with alertd that I'd like to understand better.
As I dug into this, I confirmed (by commenting and uncommenting) the statement that is catching the event (and generating emails in my case) in "
/etc/alertd/alert.conf" is this:
alert BIGIP_LOG_EMERG "^[0-9]{8}:0: (.*)" {
And I guess this makes based only on the regex, since the event starts with the string "
01070417:0". But if you look for the error code "
01070417" in
/var/run/bigip_error_maps.dat, you'll see this:
0 LOG_NOTICE 01070417 BIGIP_MCPD_MCPDERR_AUDIT "AUDIT - user %s - transaction %u-%u - object %u - %s"
So /etc/alertd/alert.conf considers the alert EMER status, while /var/run/bigip_error_maps.dat considers it NOTICE. That is a disconnect that I just can't wrap my head around.