iRule with custom SNMP TRAP evertytime it matches, NOT every minute

Have you considered using HSL to send the logs to your SIEM or eventing system ?

Optionally you could keep track of occurrences using a "table - subtable" and reporting the data every 5 minutes.

cheers.

Hello Amit, thanks for your help

The customer need primarily is to send the snmp traps every time that happens the event, do you think it possible? they can be hundred connections per minute, if it is possible but it affects the performance of the bigip is the choice handle the numbered every 5 min and send the trap, but I would like to validate all the options

cheers,

Does not seem like a trivial solution. The alertd has a 1 minute frequency of looking up new logs and then sending out SNMP alerts based on log content.

The 1 option I would pursue is creating the SNMP packet directly in hex and sending the content out using SIDEBAND::send. Since SNMP is UDP and fairly defined protocol, you should be able to construct the packet but I would not typically go down this option unless it is really really required.

To warn you I had something similar requested to be alarmed as SNMP alerts and 2 weeks in Production and they were complaining about "too many events". Thats when we implemented the 5 minutes consolidated event.

https://devcentral.f5.com/wiki/iRules.send.ashx

cheers.

Hello

We need to make a count of the events and send a snmp trap with the results $count every 5 minutes, i understand this is possible with the table or subtables. We you have an example of this kind of request?

Thanks in advance