Forum Discussion

barry_7762's avatar
barry_7762
Icon for Nimbostratus rankNimbostratus
Jan 18, 2010

login to OWA and alert if failed..

I was hoping to setup an alert that will allow me to login to MS exchange 2007 OWA with some authenication and if it fails to email an alert. Does anyone have any idea if this can be done and if so where i would even start.

5 Replies

  • Hi Barry,

     

     

    Can you clarify what you are actually trying to accomplish?

     

     

    Are you trying to detect brute force attacks against the app?

     

     

    Or are you trying to monitor an OWA server to see if a login attempt with valid credentials fails?

     

     

    Do you want LTM to initiate the traffic or monitor live traffic?

     

     

    What authentication method(s) are you using with OWA (basic auth, NTLM, etc)?

     

     

    Thanks,

     

    Aaron
  • i am trying to get LTM to initiate a login attempt with valid credentials on MS exchange forms base to check to see if the server is up and running.

     

    Thanks for the quick responce.

     

     

    Barry
  • Which authentication methods does the server accept? Basic auth would be simple to do in a standard HTTP or HTTPS monitor. NTLM auth would require using an external monitor.

     

     

    Either option would allow you to set up an email alert based on the pool failing. Here is a post which covers both monitor options:

     

     

    HTTP Monitor that follows redirects

     

    http://devcentral.f5.com/Default.aspx?tabid=53&forumid=32&tpage=1&view=topic&postid=56552

     

     

    And a post which describes how to configue alertd to send an email for an alert:

     

     

    Email notification of node/vs down

     

    http://devcentral.f5.com/Default.aspx?tabid=53&forumid=31&tpage=1&view=topic&postid=20167

     

     

     

    First, you'd want to associate a monitor on the pool. Then you need to configure postfix to send mail remotely. And then configure alertd to send email. There are a few related solutions on AskF5 that you can use as a guide for this:

     

     

    SOL3667: Configuring SNMP trap alerts to send email notifications

     

    https://support.f5.com/kb/en-us/solutions/public/3000/600/sol3667.html?sr=392739

     

     

    SOL3664: Configuring BIG-IP to deliver locally-generated email messages

     

    https://support.f5.com/kb/en-us/solutions/public/3000/600/sol3664.html

     

     

    And if you want to generate a message based on a custom log event, refer to SOL3727:

     

     

    SOL3727: Configuring custom SNMP traps

     

    https://support.f5.com/kb/en-us/solutions/public/3000/700/sol3727.html

     

     

     

     

    Aaron
  • thanks very much it worked perfectly. I do have one more question in more like best practice. We presently have 2 ltm f5 boxes and was wondering if i should just change one of the boxes over to do the alertd notifacations or should we configure both boxes?

     

     

    again i thank you for all the great help.
  • It's always a good idea to have the same config for both units in a redundant pair to ensure a config sync from one unit to the other works and doesn't overwrite the changes you make. It's also good to have the same config in case one unit becomes unavailable. For monitors, the standby unit needs to know the pool member status from it's own place in the network. So I'd suggest enabling the monitoring and alerting from both units. If "duplicate" emails are a problem, maybe you could filter them on the host that receives them.

     

     

    Aaron