Monitoring Access Policy Manager

I have a customer who recently needed to monitor the APM logon page but noticed the default HTTP monitor was eating up APM access sessions. To address this issue we need the HTTP monitor to retain the MRHSession cookie as it follows the redirect from / to /my.policy. After the monitor determines the health of the APM logon page it needs to also access the logout page to delete it’s current access session.

To accomplish this we can use the cookie jar option in curl:

  • -c create the cookie jar
  • -b uses an existing cookie jar

We also tell curl to follow redirects with the -L argument.

In the example code below the monitor is looking for the F5 licensing statement at the bottom of the APM logon page. If you’ve customized the APM logon page this monitor can easily be modified to fit your specific requirements. You can also download a PDF version of the file here.

Update: I’ve added a new post on Configuring and Testing an External Monitor if you need help adding this monitor to GTM.

#!/bin/sh
#
# (c) Copyright 1996-2014 F5 Networks, Inc.
#
# This software is confidential and may contain trade secrets that are the
# property of F5 Networks, Inc.  No part of the software may be disclosed
# to other parties without the express written consent of F5 Networks, Inc.
# It is against the law to copy the software.  No part of the software may
# be reproduced, transmitted, or distributed in any form or by any means,
# electronic or mechanical, including photocopying, recording, or information
# storage and retrieval systems, for any purpose without the express written
# permission of F5 Networks, Inc.  Our services are only available for legal
# users of the program, for instance in the event that we extend our services
# by offering the updating of files via the Internet.
#
# @(#) $Id: http_monitor_cURL+GET,v 1.0 2007/06/28 16:10:15 deb Exp $
# (based on sample_monitor,v 1.3 2005/02/04 18:47:17 saxon)
#
# these arguments supplied automatically for all external monitors:
# $1 = IP (IPv6 notation. IPv4 addresses are passed in the form 
#                         ::ffff:w.x.y.z
#                         where "w.x.y.z" is the IPv4 address)
# $2 = port (decimal, host byte order)
#

# remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)
IP=`echo ${1} | sed 's/::ffff://'`
PORT=${2}

PIDFILE="/var/run/`basename ${0}`.${IP}_${PORT}.pid"
# kill of the last instance of this monitor if hung and log current pid
if [ -f $PIDFILE ]
then
   echo "EAV exceeded runtime needed to kill ${IP}:${PORT}" | logger -p local0.error
   kill -9 `cat $PIDFILE` > /dev/null 2>&1
fi
echo "$$" > $PIDFILE

# send request & check for expected response
curl -Lsk https://${IP}:${PORT} -c cookiejar.txt | grep "This product is licensed from F5 Networks" > /dev/null

# mark node UP if expected response was received
if [ $? -eq 0 ]
then
    rm -f $PIDFILE
    echo "UP"
else
    rm -f $PIDFILE
fi

# delete APM session
curl -Lsk https://${IP}:${PORT}/my.logout.php3 -b cookiejar.txt > /dev/null
exit

You can save this monitor to your F5 by following SOL13423 and for information on implementing external monitors click here.

2 thoughts on “Monitoring Access Policy Manager

  1. Hi,

    Thanks for this Article, I am trying to implement this External Monitor Solution to my F5 running version 11.6.0 and I am unable to test the new monitor

    I am at the right place
    # pwd
    /config/filestore/files_d/Common_d/external_monitor_d
    #ls
    -rwxr-xr-x 1 tomcat tomcat 2348 Sep 8 22:19 :Common:tlsv1_monitor_42876_1

    ./\:Common:tlsv1_monitor_42876_1 10.1.42.10 8030
    bash: ./:Common:tlsv1_monitor_42876_1: /bin/sh^M: bad interpreter: No such file or directory

    Can you help?

    1. It looks like you’re trying to test your external monitor. This looks like it is a Linux issue in the sense that the sh command can’t find this monitor. You can try using quotes or create a symbolic link to a filename without colons.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s