NimbostratusIn our case the poolmembers were just marked down by the monitor as they did not enter the SSL handshake. So parsing the list of all poolmembers for their status was answering the question for us.
In case this is a intermittent problem, watching the /var/log/ltm should reveal suspect poolmembers.
Finally a specific tcpdump proved the assumption.
Btw, 1.200 pools is really a lot. If each of these is having i.e. 2 poolmembers to be monitored with https I would also be a bit concerned about scalability of the BIG-IP´s monitoring capacity. You are using a very short monitoring interval?
