BigIP Report Old
Problem this snippet solves:
This codeshare has been deprecated due to a hosting platform corruption. I have moved code and conversation to a new record (on the same original URL) https://devcentral.f5.com/s/articles/bigip-report
can be Overview
This is a script which will generate a report of the BigIP LTM configuration on all your load balancers making it easy to find information and get a comprehensive overview of virtual servers and pools connected to them.
This information is used to relay information to our NOC and developers to give them insight in where things are located and to be able to plan patching and deploys. I also use it myself as a quick way get information or gather data used as a foundation for RFC's, ie get a list of all external virtual servers without compression profiles.
The script has been running on 13 pairs of load balancers, indexing over 1200 virtual servers for several years now and the report is widely used across the company and by many companies and governments across the world.
It's easy to setup and use and only requires guest permissions on your devices.
Demo/Preview
Please note that it takes time to make these so sometimes they're a bit outdated and they only cover one HA pair. However, they still serve the purpose of showing what you can expect from the report.
Interactive demo
http://loadbalancing.se/bigipreportdemo/
Screen shots
The main report:
The device overview:
Certificate details:
How to use this snippet:
This codeshare has been deprecated due to a hosting platform corruption. I have moved code and conversation to a new record (on the same original URL) https://devcentral.f5.com/s/articles/bigip-report
Installation instructions
BigipReport REST
This is the only branch we're updating since middle of 2020 and it supports 12.x and upwards (maybe even 11.6).
Download: https://loadbalancing.se/downloads/bigipreport-v5.5.4.zip
Documentation, installation instructions and troubleshooting: https://loadbalancing.se/bigipreport-rest/
Docker support
This will be the recommended way of running bigipreport in the near future. It's still undergoing testing but it's looking really good so far.
https://loadbalancing.se/2021/01/05/running-bigipreport-on-docker/
BigipReport (Legacy)
Older version of the report that only runs on Windows and is depending on a Powershell plugin originally written by Joe Pruitt (F5).
BigipReport (Stable):
https://loadbalancing.se/downloads/bigipreport-5.3.1.zip
BigipReport (BETA): https://loadbalancing.se/downloads/bigipreport-5.4.0-beta.zip
iControl Snapin: https://loadbalancing.se/downloads/f5-icontrol.zip
Documentation and installation instructions:
https://loadbalancing.se/bigip-report/
Upgrade instructions
Protect the report using APM and active directory
Written by DevCentral member Shann_P:
https://loadbalancing.se/2018/04/08/protecting-bigip-report-behind-an-apm-by-shannon-poole/
Got issues/problems/feedback?
Still have issues? Drop a comment below. We usually reply quite fast. Any bugs found, issues detected or ideas contributed makes the report better for everyone, so it's always appreciated.
---
Also trying out a Discord channel now. You're welcome to hang out with us there:
Code :
85931,86647,90730
Tested this on version:
13.0
Updated Dec 08, 2022
Version 2.0
Luc:
That's a symptom of broken java scripts. Have you updated the web files? If you have, please do a full "re-install"? If that does not work, please let me know the output of the console in Chrome?
Paul:
Ah, I **_think_** I took that into considerations for that, but will double check tomorrow.
/Patrik
Luc__184828Nimbostratus
Turns out it was a ID 10 T error ... incorrect permissions on the json folder because I decided I wanted to share it. DERP. Chrome Console pointed me in the right direction :)
I guess I should add some javascript exceptions too. A very large part of the Powershell script consists of error prevention and pre checks but the web front end contains none. :)
/Patrik
Paul, here's the snippet I'd like you to run. Please note the comments I've made in the output section at the bottom, there's a question mark in it for you to answer (if you can).
Configuration $User = "user" $Password = "password" $BigIP = "10.10.10.10" Allow TLS1.2 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Initialize Snapin if ( (Get-PSSnapin | Where-Object { $_.Name -eq "iControlSnapIn"}) -eq $null ){ Add-PSSnapIn iControlSnapIn } Connect to the BigIP $Success = Initialize-F5.iControl -HostName $BigIP -Username $User -Password $Password Get an iControl Handle $F5 = Get-F5.iControl $f5.LocalLBVirtualServer.get_profile("/Partition/VIP-name") profile_type profile_context profile_name ------------ --------------- ------------ PROFILE_TYPE_HTTP PROFILE_CONTEXT_TYPE_ALL /Common/http PROFILE_TYPE_CLIENT_SSL PROFILE_CONTEXT_TYPE_CLIENT /Common/sslprofile PROFILE_TYPE_TCP PROFILE_CONTEXT_TYPE_ALL /Common/tcp PROFILE_TYPE_WEBSECURITY PROFILE_CONTEXT_TYPE_ALL /Common/websecurity <-- Not sure where this comes from, but it seems like an indication that ASM is enabled? PROFILE_TYPE_UNKNOWN PROFILE_CONTEXT_TYPE_ALL /Partition/ASM_test_policy <-- This policy's real name is "test_policy". "ASM_" as added by the API (or configuration). This caused me a lot of grief when the writing the new version. :)- How does the profile names look to you? Is there a prefix?
- Do you also have a profile type called "PROFILE_TYPE_WEBSECURITY" for every VIP with an ASM policy?
/Patrik
paul_dawson_258Security Policy Disabled
$f5.LocalLBVirtualServer.get_profile("/Common/vipname.domain.com") profile_type profile_context profile_name ------------ --------------- ------------ PROFILE_TYPE_HTTP PROFILE_CONTEXT_TYPE_ALL /Common/http PROFILE_TYPE_CLIENT_SSL ...ILE_CONTEXT_TYPE_CLIENT /Common/vipname.domain.com PROFILE_TYPE_SERVER_SSL ...ILE_CONTEXT_TYPE_SERVER /Common/vipname.domain.com PROFILE_TYPE_TCP PROFILE_CONTEXT_TYPE_ALL /Common/tcpSecurity Policy Enabled:
$f5.LocalLBVirtualServer.get_profile("/Common/vipname.domain.com") Exception calling "get_profile" with "1" argument(s): "There is an error in XML document (50, 79)." At line:20 char:1 + $f5.LocalLBVirtualServer.get_profile("/Common/vipname.domain.com") + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : InvalidOperationExceptionNow that does not look promising at all. When running the actual report and listing $Global:virtualservers, do you get any profiles at all on the virtual servers that has ASM policies assigned to them?
/Patrik
Oh, and could you please try the same procedure on more devices?
/Patrik
Version 4.3.4 changes:
Fixed a mistake when referring to the wrong setting in the column settings (thanks to Paul Dawson for reporting it).
/Patrik
- paul_dawson_258
I've tried 2 different LB's and 2 different virtual servers with different virtual server names, one with asm_vsname and one without. I've also tried with different asm policynames such as asm_policyname and just TEMPLATE. Still no joy. I don't see asmpolicy being populated in $Global:virtualservers.
Ok, then it would look like it's not possible with version 11.6. :(
/Patrik
