Forum Discussion
TMSH Command to list ASM policies not attached to any virtual servers in all partitions
Hi there,
Can someone help find out the TMSH Command to list ASM policies not attached to any virtual servers in all partitions?
- f51
Cirrocumulus
To list ASM (Application Security Manager) policies that are not attached to any virtual servers in all partitions using TMSH (Traffic Management Shell), you can use the following command:
tmsh -q -c 'cd / ; list asm policy one-line' | awk '!/attached-to/ {print}'Copy
This command works by listing all ASM policies in a one-line format and then using awk to filter out those that are not attached to any virtual servers.
- tmsh -q -c 'cd / ; list asm policy one-line' lists all ASM policies in a concise format.
- awk '!/attached-to/ {print}' filters out the policies that do not have the "attached-to" field, meaning they are not attached to any virtual servers.
- omykhan
Altostratus
Hi, Thanks for the response
This command is perfectly working [ tmsh -q -c 'cd / ; list asm policy one-line' ] listing all the ASM policies in a partition, but the other one [ awk '!/attached-to/ {print}'Copy ] is not filtered out the unused policies which are not attached to any VS. It instead outputs all the ASM policies
For such tasks I have a script framework for the F5 REST-API named restsh. Unfortunately I can not share it, but this is a snippet to solve your demand:
F5_URI="https://<f5-mgmt-ip>" alias GET="curl -k -s --fail -u "<user>:<pass>" while read -r POLICY_ID do POLICY_DATA=$(GET "$F5_URI/mgmt/tm/asm/policies/$POLICY_ID?\$select=fullPath,virtualServers,manualVirtualServers") POLICY_NAME=$(jq -r ".fullPath" <<< "$POLICY_DATA") VIRTUAL_SERVERS=$(jq -r '[.virtualServers.[]?,.manualVirtualServers.[]?] | length' <<< "$POLICY_DATA") [ "$VIRTUAL_SERVERS" -eq 0 ] && echo "$POLICY_NAME" done < <(GET "$F5_URI/mgmt/tm/asm/policies?\$select=name,id" | jq -r '.items[].id')
Hi Omykhan,
You can obtain a list of all virtual servers that have no policy (and hence have no traffic going via ASM) via this command:
tmsh list ltm virtual one-line | grep -v policies | cut -d' ' -f 3
Here's a one liner that prints out virtual server and policy names when the policy includes 'asm disable':
for policy in `tmsh list ltm policy one-line | grep 'asm disable' | cut -d' ' -f3 `; do echo -n `tmsh list ltm virtual one-line | grep $policy | cut -d' ' -f3`; echo ::$policy; done
tmsh show asm virtual | grep -e "Asm::"
tmsh list ltm virtual all | grep -e -i "policy"
- omykhan
Altostratus
Hi, Thanks for the reply, but that didn't achieve what I required. Here's the scenario;
There are few partitions in BIG IP; let's say
- partition 1
- partition 2
- partition 3, and so on
And in each partition, there are multiple ASM policies and virtual servers;
Let's say in partition 1, there are
- VS1 -> attached to ASM1 policy
- VS2 -> attached to ASM 1 policy
- VS3 -> attached to ASM2 policy
- ASM3 policy -> attached to no VS
So, i need to capture the unused ASM policy information in all partitions that are not attached to any VS
I hope I have clarified this in a detailed way ...
Hey omykhan - seems you don't have a path forward. I will send you a Private Message with some contacts at F5 who should help. It would be awesome if A) you get it resolved and B) you can loop back here with the solution (or gap?) you discover.
Thanks!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com