Forum Discussion
Can someone help with scripting?
I need to run a monthly report. I have no clue on how to create a script. Need to find the SSO profile protocol statistics for each virtual server on CLI. F5 engineer point me to this site for help. Here's his recommendation. The profile information is separate from the virtual server information as they are different objects and one ssl profile can be used on more than one virtual server. The best way to grab this information in a report format would be to write a script that would query for the list of virtual servers and then loop through them one by one getting the proper name of the profile you want to query. You can then use the profile name to run the query and grep for the protocol data. This can all then be output to a file for you to review.
2 Replies
- you say SSO profile first and then SSL profile, which one is it? perhaps you will get lucky and some will provide a working script, but also for yourself it might be wise to try this yourself. first find out which command you need i would assume: tmsh show ltm profile client-ssl even better might be show ltm virtual profiles which shows you the client-ssl statistics for that virtual server. no you are left with cycling through your virtual server, that is in principle basic scripting, this is a nice moment to get into it.
Hi Ade,
Here is a quick sample script that will show all the Protocol stats for the clientssl profiles for the Virtual servers that have them enabled. This script is probably not perfect but I wrote it really quick and it seems to work in my environment. You might need to modify to meet your needs.
[root@device:Active:Standalone] config cat report.bash !/bin/bash List Profiles PROFILES=`tmsh list ltm profile client-ssl | grep "^ltm" | awk -F" " '{print $4}'` for all in ${PROFILES} do VS_NAME=`tmsh list ltm virtual one-line | grep $all | awk -F" " '{print $3}'` if [ "${VS_NAME}" != "" ] then echo "$VS_NAME -- $all" tmsh show ltm profile client-ssl $all | grep Protocol fi done [root@device:Active:Standalone] config
Here is what the output looks like.
[root@device:Active:Standalone] config bash report.bash test_NA_vs -- clientssl Protocol SSL Protocol Version 2 0 SSL Protocol Version 3 0 TLS Protocol Version 1.0 0 TLS Protocol Version 1.1 0 TLS Protocol Version 1.2 261 DTLS Protocol Version 1 0 my_policy_vs -- website.net_client Protocol SSL Protocol Version 2 0 SSL Protocol Version 3 0 TLS Protocol Version 1.0 1 TLS Protocol Version 1.1 0 TLS Protocol Version 1.2 6 DTLS Protocol Version 1 0 [root@device:Active:Standalone] config
You will need to save the report to the system and then run it. You can add this to cron if you want and add some mail commands around it then have it email the report when you want to see it.
As boneyard stated this is a great opportunity for you to look into scripting and learn a bit about it. I hope this helps you get started.
Regards,
Seth
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com