Forum Discussion

kyle_martin_evop's avatar
kyle_martin_evop
Icon for Nimbostratus rankNimbostratus
Jul 26, 2023

Finding all virtual servers with "log all traffic" policy applied via API

Hello, I am trying to locate virtual server configs in my F5 environment that are configured to log all traffic requests. Obviously, this has a detrimental impact to F5 logging performance. Is there...
LTM
rest api
security
TMSH
JRahm's avatar
JRahm
Icon for Admin rankAdmin

Hi kyle_martin_evop,

AubreyKingF5's solution will work with a slight modification:

tmsh list ltm virtual one-line | egrep -i 'log.all.requests' | awk '{ print $3 }'

You could run bash via iControl rest against all your BIG-IPs to get this output.

but you can also do this natively via iControl REST against the virtual endpoint:

####
# GET request to -> https://ltm15/mgmt/tm/ltm/virtual?$select=name,securityLogProfiles,
####
# RESULT:
{
  "kind": "tm:ltm:virtual:virtualcollectionstate",
  "selfLink": "https://localhost/mgmt/tm/ltm/virtual?$select=name%2CsecurityLogProfiles%2C&ver=15.1.8.1",
  "items": [
    {
      "name": "nginx-vip-tls",
      "securityLogProfiles": [
        "\"/Common/Log all requests\""
      ],
      "securityLogProfilesReference": [
        {
          "link": "https://localhost/mgmt/tm/security/log/profile/~Common~Log%20all%20requests?ver=15.1.8.1"
        }
      ]
    },
    {
      "name": "testapp-vip"
    },
    {
      "name": "testappssl-vip"
    }
  ]
}

You can then parse this on the client side to cut down to match only the virtual servers with the matching condition.

JRahm's avatar
JRahm
Icon for Admin rankAdmin
Jul 28, 2023

Whipped up a sample python script using the bigrest module to iterate through multiple hosts and virtuals...only tested against my one host and virtual, but should be a start as an idea of what you can do:

 

from bigrest.bigip import BIGIP

with open('hosts.txt', 'r') as hostfile:
    hosts = [line.strip() for line in hostfile]

for host in hosts:
    b = BIGIP(host, 'admin', 'admin', session_verify=False)
    try:
        vips = b.load('/mgmt/tm/ltm/virtual')
        for vip in vips:
            if 'securityLogProfiles' in vip.properties.keys():
                if '"/Common/Log all requests"' in vip.properties.get('securityLogProfiles'):
                    print(f'Host: {host}, Virtual: {vip.properties.get("name")}')
    except Exception as e:
            print(e)

 

When run:

 

python logallrequests.py 

Host: 172.16.2.115, Virtual: nginx-vip-tls

 

hosts file is just a text file with a single host per line...

Related Content