BASH Script to find ClientSSL's mapped to Virtual Servers

Problem this snippet solves:

Often times we may require to generate a report to know how many of the clientssl profiles are mapped to which virtual servers. One can use the simple 

tmsh list ltm virtual all one-line | grep ssl-profile-name
.

But this would focus on one particular profile alone. 

How about for every clientssl profiles that's present and to which vip its mapped.

How to use this snippet:

Create a simple bash file and paste the below code.

[ltm1:Active:In Sync] ~ # vi find-clientssl-mapped-to-virtuals

Save and exit (wq).

Run the bash script.

[ltm1:Active:In Sync] ~ # bash find-clientssl-mapped-to-virtuals

Final output will be in CSV file like below, You can winscp the output from the location /var/tmp/

Filename would be 

clientssl-mapped-to-virtuals-output.csv

Code :

#!/bin/bash
echo "Virtual Server, Client-SSL Profile" > /var/tmp/clientssl-mapped-to-virtuals-output.csv
profile_names=`tmsh list ltm profile client-ssl one-line | awk -F" " '{print $4}'`
for x in ${profile_names}
do
virtual_name=`tmsh list ltm virtual one-line | grep $x | awk -F" " '{print $3}'`
if [ "${virtual_name}" != "" ]
then
for y in ${virtual_name}
do
echo "$y,$x" >> /var/tmp/clientssl-mapped-to-virtuals-output.csv
done
fi
done

Tested this on version:

11.5
Updated Jun 06, 2023
Version 2.0
application delivery
BIG-IP
LTM
security
  • patonbike's avatar
    patonbike
    Icon for Cirrus rankCirrus
    May 03, 2018

    Very nice, I was actually just doing the exact same thing.

    Here was my solution:

    for i in `tmsh list ltm virtual { destination  } |grep :https -B 1|grep ltm|awk '{print $3}'`; do 
echo $i; 
tmsh list ltm virtual $i { profiles }|grep clientside -B 1|grep -v clientside|grep -v tcp|grep -v "\-\-"|sed 's/{//g'; 
echo; 
done

  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for MVP rankMVP
    May 03, 2018

    Yup thats doable too. But instead of 

    grep -v clientside|grep -v tcp|grep -v "\-\-"|sed 's/{//g
    you can combine them as 
    grep -vE "clientside|tcp|--"
    too.

  • Thiyagu_343098's avatar
    Thiyagu_343098
    Icon for Nimbostratus rankNimbostratus
    May 05, 2018

    Thanks a lot guys for your help. I have tried executing this scrip. however I'm able to get the SSL client profile name and VIP which are in "Common" partition and I have also tried executing the script from other partition but it is not successful to get the SSL client profile and the associated VIP from the other partition.

     

    Could you please help me to modify the script to get the SSL client profile name and the associated VIP from other partition?

     

    Regards, Thiyagu

     

  • Jawed_347654's avatar
    Jawed_347654
    Icon for Nimbostratus rankNimbostratus
    Dec 04, 2018

    unfortunately both tricks did not work for me. the script creates empty csv and for loop also return nothing for me. even just running this list ltm virtual { destination } does not work so how i can expect further processing from this command