LTM - Auto Config Sync - Script not working.


Can you please help me urgently. I am trying to setup a script to do config sync automatically every 15mins on LTMs in HA.

What i have done so far is

1, I have created a script "" (see attachment) and put it in the folLowing directory /etc/cron.daily  on both LTMs.

2, also added to cron file to run script every 15mins.

[root@ltm01:Active] config # crontab -e
# cron tab for root

1-59/30 * * * * /usr/bin/diskmonitor
0,15,30 * * * * /etc/cron.daily/

The problem is the cron job i have schedule to run 15mins will not run. nothing happens   I know i have done something wrong. please advise.

Thanks in advance

what version of BIG-IP are you running?

question is from 2011, wonder if he is still looking :)

20 Answer(s):

First, why do you want to sync the config every 15 minutes? A lot of admins see automated config synching as a liability as you lose your ability to recover from a configuration issue by failing over to the unchanged peer unit.

That said, have you tried running the script manually as root? Does it run successfully?

If so, can you try redirecting the standard output and errors from the script to a file?

0,15,30 * * * * /etc/cron.daily/ 2>&1 >> /var/log/

Hello Aaron,

The plan is to run is every 12 hours at mid night. the 15mins interval now is to get it working.

Let me run your suggestions & get back to you .

the file is blank!

-rw-r--r-- 1 root root 0 May 31 22:15

I have tried to run it manually & i get permission denied! I am login as root on the ltm. any ideas?

[root@99bishltm01:Active] log #  /etc/cron.daily/
bash: /etc/cron.daily/ Permission denied
Hi Francisco,

Have you tried to chmod 755

Once you do that you should be able to run it then.

Hello Bhattman, yes that worked. I am getting errors below. It looks like the problem here is related to my script.

Can someone please help by reviewing the script & make sure i havent ,missed out anything. thaks

[root@99bishltm01:Active] cron.daily # chmod 755
[root@99bishltm01:Active] cron.daily # /etc/cron.daily/
/etc/cron.daily/ line 2: use: command not found
/etc/cron.daily/ line 3: use: command not found
/etc/cron.daily/ line 5: syntax error near unexpected token `$LockFile'
/etc/cron.daily/ line 5: ` my ($LockFile) = "/tmp/autocs.lck"; '
A few suggestions:

- This is a shell/perl error. Try searching online for the error message:
- Verify the file format is correct (od -c that you have !/usr/bin/perl as the first characters of the file and standard *nix line endings \n and not \r\n
- Rename the script from .sh to .pl to avoid confusing others that it's something other than a perl script

Can you run this:

perl /etc/cron.daily/

If yes, the script might be in DOS format. You can run this to fix it:

dos2unix /etc/cron.daily/

or, modify the cron job to:

0,15,30 * * * * /usr/bin/perl /etc/cron.daily/

That worked. Excellent. The good thing about the script iy detect which unit got the latest config (PULL/PUSH Mode) so it works on both units whether active or standby.

Guys, i appeciate your help very much and thank you all.

One more question, can i setup to send a  SNMP trap when the sync is complete.

I get the log from tail -f /var/log/ltm
Jun 1 12:05:24 local/99bishltm01 info bigpipe: Completed config sync pull operation

Can i get this sent as syslog including device name?


hmm try this:

Look for this block of code:
  if ( 
    &BigDB("Configsync.LocalConfigTime") > &BigDB("Configsync.PeerConfigTime") 
   ) { 
     system "$bigpipe config sync"; 
   } else { 
     system "$bigpipe config sync pull"; 

Change it to:

   my ($pull) = "";
   # If LocalConfigTime is smaller than PeerConfigTime then Pull Mode  
   # Else Push Mode 
   $pull = "pull" if ( &BigDB("Configsync.LocalConfigTime") < &BigDB("Configsync.PeerConfigTime") );
   system qq~$bigpipe config sync $pull~; 
   system qq~logger -p local0.debug "`hostname` completed config sync $pull" ~;

I've not tested the script. Please try it on non-production units ...

do i add this to ?

Thanks mate
Yes, you modify I also attached the modified script.

Thanks hum,
My syslog is setup but when config sync is done, i dont see anything on the syslog server!!

root@99bishltm01:Active] log # b syslog list all
syslog {
authpriv from notice
authpriv to emerg
cron from warning
cron to emerg
daemon from notice
daemon to emerg
include none
kern from notice
kern to emerg
mail from notice
mail to emerg
messages from notice
messages to warning
userlog from notice
userlog to emerg
remote server {
local ip none
remote port 514
Basically, the modification was to add a 'logger' command to send a syslog message with local0.debug priority when the ConfigSync is happening:

logger -p local0.debug "the message"

From shell prompt, you can experiment with it or commands to send snmp traps.
could i change it slightly by sending SNMP trap only if the config sycn fails and nothing else.

Automatic ConfigSync is now available in v11.2.1.

i understand auto sync does not sync failover (floating) objects, does it?

Available for Sync-Only device groups only, automatic synchronization (also known as auto sync) ensures that the BIG-IP system automatically synchronizes the configuration among device group members, whenever you make a change to any one of those members. During auto sync, the BIG-IP system performs incremental, rather than full, synchronization whenever possible.


A Sync-Only device group contains devices that synchronize configuration data, such as policy data, but do not synchronize failover objects. A maximum of 32 devices is supported in a Sync-Only device group.
Thanks for the clarification nitass, I think I need to do a bit more reading!

If you are still looking for automatic config sync script. Below is a simple script I revised from the previous script using "bigpipe" command. I tested on our onlt v11.3.x devices and wworked perfectly.


Revised to ConfigSync the active device to all devices in the device group in tmsh.

file: /shared/bin/

Added to /etc/crontab:

0 1 * * * root /shared/bin/ > /dev/null 2>&1

Variable to make sure this device is Active and out of sunc with the peer

Revised by Vivian Peng

Date: 08/28/2013

Note: This script is tested only on v11.3 devices only.

DFGID="name of your device failover group"
STATE=tmsh show /sys failover | cut -d" " -f 2 STATUS=tmsh show cm sync-status | grep -i status | cut -d" " -f 5

if [ $STATE == "active" ] && [ $STATUS != "Sync" ]; then tmsh run cm config-sync to-group $DFGID fi

Sorry, this is the first time I made my post here. Not sure why it strips out all "#" in front of comment lines. In stead of find out how to keep teh format, I am just post the lines that have no "#" in the front

DFGID="name of your device failover" # replace here to the name of your device group

STATE=tmsh show /sys failover | cut -d" " -f 2 STATUS=tmsh show cm sync-status | grep -i status | cut -d" " -f 5

if [ $STATE == "active" ] && [ $STATUS != "Sync" ]; then tmsh run cm config-sync to-group $DFGID fi

Your answer: