F5 BIG-IP icon   F5 BIGIP – Upgrade an active/standby cluster

Step by step procedure to upgrade an active/standby BIGIP cluster. In this example, I needed to upgrade from BIG IP v13.0.0.0 to v13.1.0.2


Login to https://downloads.f5.com/, search and download the ISO image of the version you want to upgrade to.
F5 BIGIP - Upgrade an activestandby cluster - Download BIGIP upgrade

F5 BIGIP - Upgrade an activestandby cluster - Download BIGIP upgrade

Export configuration

As a good sysadmin practice, it is better to export the configuration of both nodes … Read more

F5 BIG-IP icon   F5 BIGIP – LTM Policy GUI incorrectly shows conditions with datagroups

The last F5 BIGIP version (I upgraded from v13.0.0 some days ago – 2018 February) seems to generate a bug with the LTM policies.


Fortunately, the issue is only at the Presentation layer. The LTM policy show the rules conditions always with datagroups. This affects all rules and policies.

Better explained with an example:
If this is a … Read more

F5 BIG-IP icon   F5 BIGIP – HTTP header count exceeded maximum allowed count

Last week we published a new application on our web servers (which are balanced by the F5 BIGIP)
Accessing directly to the servers produced no problem, but when the connection was through the virtual balancing IP of the F5, the application did not work correctly.

Error message

Fortunately, monitoring the LTM module logs of the F5 (/var/log/ltm) while the problem … Read more

Security   Security – Create self signed SAN certificate with OpenSSL

This post explains how to generate self signed certificates with SAN – Subject Alternative Names using openssl. It is a common but not very funny task, only a minute is needed when using this method.

The example below generates a certificate with two SubAltNames: mydomain.com and www.mydomain.com

Create openssl configuration file

Create configuration file for openssh (In a Linux … Read more

Icinga icon   Icinga – Cannot login to Grafana. Forgot admin password

It is not the first time my Icinga suddenlty, stops showing the grafana graphs.
Icinga when cannot show Grafana graphs


If trying to log to Grafana, admin password is not accepted. I am pretty sure i have not changed the password but I am unable to login to Grafana.
Invalid username or password when login to Grafana
And even worse, given that I still have not configured Grafana SMTP section / admin … Read more

Icinga icon   Icinga2 – Understanding checks and notification types

Here I am trying to present (I hope in an easy way to understand) some Icinga concepts (maybe also applicable in Nagios) like active and passive checks, enabling and disabling freshness checks, soft and hard states,… and the related parameters to configure them.

ACTIVE and PASSIVE services

There are two types of services:

  • ACTIVE: Check initiated by the Icinga
Read more

Checkpoint   Checkpoint – GAIA commands to check backup status and logs

I have configured my VSX appliances to perfom scheduled backups every week. Today, my icinga monitoring system has raised an alert informing that VSX2 backup has failed.

Icinga monitoring checkpoint VSX backups

GAIA provides some commands to get useful data about the execution of the backup processes.


Show the the latest successful backup

vsx2:0> show backup last-successful
Backup Type: local ( latest )
Read more

Linux   Linux – Exim: Authenticated and TLS mail through smarthost

Exim is a very flexible and common MTA (mail transfer agent) in Unix systems.
This posts shows the way to configure Exim as client to send authenticated and encrypted (TLS) emails through a smarthost.

Lets suppose the smarthost email server is listening on port 587 for secure outgoing SMTP…

Configure exim to use the smarthost

To configure exim In … Read more

Linux   Linux – TCP listener daemon with tcpserver

To configure passive checks in Nagios/icinga I use a tcp listener daemon that launches a script (See Nagios – Using passive checks without agent)
Tried to use inetd superserver daemon, but in the last versions, i have not been able to make it work correctly (See last update in my post: Linux – cannot found / missing inetd.conf)Read more

Linux   Linux – cannot found / missing inetd.conf

Trying to configure a new inetd service needed for my Icinga (see Linux – Create custom inetd service), but i have not been able to find the inetd.conf file.
It seems inetd is not installed by default in the last Debian versions (mine is 9 – stretch).

Luckily, it is packetized in the inetutils-inetd

# apt-get install inetutils-inetd
Read more