Forum Discussion

kyle_martin_evop's avatar
kyle_martin_evop
Icon for Nimbostratus rankNimbostratus
Jul 26, 2023

Finding all virtual servers with "log all traffic" policy applied via API

Hello,

I am trying to locate virtual server configs in my F5 environment that are configured to log all traffic requests. Obviously, this has a detrimental impact to F5 logging performance. Is there a way to use the TMSH shell or REST API to interrogate the F5 appliance via a script and get a listing of all virtuals that use a "log all traffic" policy so I can change the policy and give our logging servers a bit of respite?

 

Thank you,

Kyle

LTM
rest api
security
TMSH
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Jul 27, 2023

    Hi kyle_martin_evop,

    AubreyKingF5's solution will work with a slight modification:

    tmsh list ltm virtual one-line | egrep -i 'log.all.requests' | awk '{ print $3 }'

    You could run bash via iControl rest against all your BIG-IPs to get this output.

    but you can also do this natively via iControl REST against the virtual endpoint:

    ####
# GET request to -> https://ltm15/mgmt/tm/ltm/virtual?$select=name,securityLogProfiles,
####
# RESULT:
{
  "kind": "tm:ltm:virtual:virtualcollectionstate",
  "selfLink": "https://localhost/mgmt/tm/ltm/virtual?$select=name%2CsecurityLogProfiles%2C&ver=15.1.8.1",
  "items": [
    {
      "name": "nginx-vip-tls",
      "securityLogProfiles": [
        "\"/Common/Log all requests\""
      ],
      "securityLogProfilesReference": [
        {
          "link": "https://localhost/mgmt/tm/security/log/profile/~Common~Log%20all%20requests?ver=15.1.8.1"
        }
      ]
    },
    {
      "name": "testapp-vip"
    },
    {
      "name": "testappssl-vip"
    }
  ]
}

    You can then parse this on the client side to cut down to match only the virtual servers with the matching condition.

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin
      Jul 28, 2023

      Whipped up a sample python script using the bigrest module to iterate through multiple hosts and virtuals...only tested against my one host and virtual, but should be a start as an idea of what you can do:

       

      from bigrest.bigip import BIGIP

with open('hosts.txt', 'r') as hostfile:
    hosts = [line.strip() for line in hostfile]

for host in hosts:
    b = BIGIP(host, 'admin', 'admin', session_verify=False)
    try:
        vips = b.load('/mgmt/tm/ltm/virtual')
        for vip in vips:
            if 'securityLogProfiles' in vip.properties.keys():
                if '"/Common/Log all requests"' in vip.properties.get('securityLogProfiles'):
                    print(f'Host: {host}, Virtual: {vip.properties.get("name")}')
    except Exception as e:
            print(e)

       

      When run:

       

      python logallrequests.py 

Host: 172.16.2.115, Virtual: nginx-vip-tls

       

      hosts file is just a text file with a single host per line...

Related Content