F5 BIG-IP V9产品的故障处理手册
The known_hosts files now need to be updated on the BIG-IP system and the SCCP, and the SSH keys need to be synchronized to the SCCP, and from the SCCP to the BIG-IP system. The following steps will back up the current known_hosts files and re-synchronize the SSH keys. Note: For this procedure, BIG-IP is also known as the host. 1.Log in to the Console command line as the root account.
2.Rename the /var/ssh/root/known_hosts file, by typing the following command: mv /var/ssh/root/known_hosts /var/ssh/root/known_hosts.orig
3.Synchronize the keys from the BIG-IP to the SCCP, by typing the following command: keyswap.sh sccp
A message will appear, indicating that the authenticity of host sccp (127.2.0.1) cannot be established. 4.At the Are you sure you want to continue connecting (yes/no)? prompt, type yes. You will be prompted for a password. 5.Type the SCCP password default.
You will be prompted several more times (approximately 6 times) for the password. Continue to type the password default for each prompt until you are returned to the BIG-IP command line. 6.Connect to the SCCP by typing the following command: ssh sccp
A message will appear indicating that the authenticity of host sccp (127.2.0.1) cannot be established. 7.At the Are you sure you want to continue connecting (yes/no)? prompt, type yes.
If the SSH keys have been properly synchronized from the host to the SCCP, the system should not prompt you for a password.
You should now be connected to the SCCP, and have an sccp# prompt. 8.Rename the /root/.ssh/known_hosts file, by typing the following command: mv /root/.ssh/known_hosts /root/.ssh/known_hosts.orig
9.Synchronize the keys from the SCCP to the host, by typing the following command:
keyswap.sh host
A message will appear indicating that the authenticity of host sccp (127.2.0.1) cannot be established. 10.At the Are you sure you want to continue connecting (yes/no)? prompt, type yes. You will be prompted for a password.
11.Type the password for the host's root account.
You will be prompted several more times (approximately 6 times) for the password. Continue to type the password default for each prompt until you are returned to the BIG-IP command line. 12.Connect to the host by typing the following command: ssh host
A message will appear, indicating that the authenticity of host sccp (127.2.0.2) cannot be established. 13.At the Are you sure you want to continue connecting (yes/no)? prompt, type yes.
If the SSH keys have been properly synchronized from the SCCP to the host, the system should not prompt you for a password.
You should now be connected to the host, and have the BIG-IP prompt [root@bigip:Standby] root #. 14.Exit the host and return to the SCCP, by typing the following command: exit
15.Exit the SCCP and return to the host, by typing the following command: 2014-3-17
F5 Networks China
第17页, 共44页
exit
16.Reboot the host, by typing the following command:
F5 BIG-IP V9产品的故障处理手册
4.1. 如何将BIG-IP监控到的服务器UP/DOWN信息发到外部Syslog
服务器上?
要将所监控的服务器的状态信息通过syslog发送到外部的syslog服务器的方法如下:
在命令行编辑/etc/syslog-ng/syslog-ng.conf文件, vi /etc/syslog-ng/syslog-ng.conf 在文件末尾增加以下内容:
filter notdebug { level(warning...emerg) and match(\destination loghost { udp(\log {
source(local); filter(notdebug); destination(loghost); };
其中192.168.10.168是syslog服务器, 514为syslog服务器监听端口。 level(warning...emerg) and match(\定义的要发送到syslog服务器的信息,match(\表示匹配Pool member (.*?):(.*?) monitor status down 中的member那一行,这样可以将其它与服务器监控无关的信息过滤掉。
编辑保存文件以后,运行/etc/init.d/syslog-ng restart, 输出以下信息:
Stopping syslog-ng: [OK ] Starting syslog-ng: [OK]
确认syslog运行正常即可。(注意:一定要确保syslog-ng.conf配置正确,使syslog能正常启动,否则会影响系统中其它依赖于syslog的进程)。
2014-3-17
F5 Networks China 第18页, 共44页
F5 BIG-IP V9产品的故障处理手册
4.2. BIG-IP Syslog的事件类型有哪些?
BIG-IP Syslog的事件类型有以下几种:
? 系统事件(System events)
System event messages are based on Linux events, and are not specific to the BIG-IP system。这一类的事件一般记录在/var/log/messages中。
? ? 包过滤事件(Packet filter events)
Packet filter messages are those that result from the implementation of
packet filters and packet-filter rules. 这一类的事件一般记录在/var/log/pktfilter.
? ? 本地流量管理事件(Local traffic events)
Local-traffic event messages pertain specifically to the local traffic management system. 这一类的事件一般记录在/var/log/ltm.
Some of the specific types of events that the BIG-IP system displays on the Local Traffic logging screen are:
? Address Resolution Protocol (ARP) packet and ARP cache events ? bigdbTM database events (such as populating and persisting bigdb variables)
? HTTP protocol events ? HTTP compression events
? IP packet discard events due to exceptional circumstances or invalid parameters (such as a bad checksum)
? Layer 4 events (events related to TCP, UDP, and Fast L4 processing) ? MCP/TMM configuration events ? Monitor configuration events ? Network events (layers 1 and 2)
? Packet Velocity? ASIC (PVA) configuration events ? iRuleTM events related to run-time iRule processing ? SSL traffic processing events
? General TMM events such as TMM startup and shutdown
这些事件对应的级别如下:
2014-3-17
F5 Networks China 第19页, 共44页
F5 BIG-IP V9产品的故障处理手册
? ? 审计事件(Audit events)
Audit event messagesare those that the BIG-IP system logs as a result of changes to the BIG-IP system configuration. Logging audit events is optional. 这一类的事件一般记录在
Audit logging is an optional feature that logs messages whenever a BIG-IP system object, such as a virtual server or a load balancing pool, is configured; that is, created, modified, or deleted. There are three ways that objects can be configured: ? By user action ? By system action
? By loading configuration data
The BIG-IP system logs the messages for these events in the file /var/log/ltm.
4.3. 如何设定BIG-IP Syslog的事件级别?
对于本地流量管理事件,你可以设置最小的记录级别。通过为不同的事件设定不同的日志级别,来控制哪些事件会被记录下来。你可以设定要SYSLOG记录别一级别的事件,目前的事件分为以下级别:
? Emergency ? Alert ? Critical ? Error
2014-3-17
F5 Networks China
第20页, 共44页
F5 BIG-IP V9产品的故障处理手册
? Warning ? Notice ? Informational ? Debug
举例来说,如果你将bigdb事件的最小日志级别设定为Error,那BIG-IP只记录Error以上级别的事件。如果将最小日志级别设成缺省的级别,则BIG-IP将会记录除Debug信息以外的所有事件。
4.4. BIG-IP Syslog事件记录的格式是怎么样的?
BIG-IP Syslog的事件记录的格式的解释请参见下表:
例如:
2014-3-17
F5 Networks China
第21页, 共44页