BigIP Report Old
Problem this snippet solves:
This codeshare has been deprecated due to a hosting platform corruption. I have moved code and conversation to a new record (on the same original URL) https://devcentral.f5.com/s/articles/bigip-report
can be Overview
This is a script which will generate a report of the BigIP LTM configuration on all your load balancers making it easy to find information and get a comprehensive overview of virtual servers and pools connected to them.
This information is used to relay information to our NOC and developers to give them insight in where things are located and to be able to plan patching and deploys. I also use it myself as a quick way get information or gather data used as a foundation for RFC's, ie get a list of all external virtual servers without compression profiles.
The script has been running on 13 pairs of load balancers, indexing over 1200 virtual servers for several years now and the report is widely used across the company and by many companies and governments across the world.
It's easy to setup and use and only requires guest permissions on your devices.
Demo/Preview
Please note that it takes time to make these so sometimes they're a bit outdated and they only cover one HA pair. However, they still serve the purpose of showing what you can expect from the report.
Interactive demo
http://loadbalancing.se/bigipreportdemo/
Screen shots
The main report:
The device overview:
Certificate details:
How to use this snippet:
This codeshare has been deprecated due to a hosting platform corruption. I have moved code and conversation to a new record (on the same original URL) https://devcentral.f5.com/s/articles/bigip-report
Installation instructions
BigipReport REST
This is the only branch we're updating since middle of 2020 and it supports 12.x and upwards (maybe even 11.6).
Download: https://loadbalancing.se/downloads/bigipreport-v5.5.4.zip
Documentation, installation instructions and troubleshooting: https://loadbalancing.se/bigipreport-rest/
Docker support
This will be the recommended way of running bigipreport in the near future. It's still undergoing testing but it's looking really good so far.
https://loadbalancing.se/2021/01/05/running-bigipreport-on-docker/
BigipReport (Legacy)
Older version of the report that only runs on Windows and is depending on a Powershell plugin originally written by Joe Pruitt (F5).
BigipReport (Stable):
https://loadbalancing.se/downloads/bigipreport-5.3.1.zip
BigipReport (BETA): https://loadbalancing.se/downloads/bigipreport-5.4.0-beta.zip
iControl Snapin: https://loadbalancing.se/downloads/f5-icontrol.zip
Documentation and installation instructions:
https://loadbalancing.se/bigip-report/
Upgrade instructions
Protect the report using APM and active directory
Written by DevCentral member Shann_P:
https://loadbalancing.se/2018/04/08/protecting-bigip-report-behind-an-apm-by-shannon-poole/
Got issues/problems/feedback?
Still have issues? Drop a comment below. We usually reply quite fast. Any bugs found, issues detected or ideas contributed makes the report better for everyone, so it's always appreciated.
---
Also trying out a Discord channel now. You're welcome to hang out with us there:
Code :
85931,86647,90730
Tested this on version:
13.0
Updated Dec 08, 2022
Version 2.0
mike_89584Nimbostratus
Hi Patrik I have this running well on BIG-IP 12.0.0 Build 1.0.628 Hotfix HF1 but if I add another F5 running BIG-IP 11.6.0 Build 6.341.442 Engineering Hotfix HF6, I get similar issues as Iqbal_Khan. the v12 report still runs and populates correctly but v11 fails with the same errors as Iqbal_Khan - I am running PS4 with latest snapin I can find...Any assistance would be most appreciated :-)- We're not running any v12 devices, so it's nice to hear that the script still seem to work with them. :) Have you compared the management ciphers? /Patrik
- mike_89584Hi Patrik I have compared the management ciphers and both are identical: sys httpd { ssl-ciphersuite DEFAULT:!aNULL:!eNULL:!LOW:!RC4:!MD5:!EXP } Any other ideas please? :-)
- The "default" portion of the cipher strings differ between versions, but I checked the SOL article and TLS1.2 should be supported for all of the versions you mentioned. Is the TLS1.2 option set to $true in the config section? What's the exact error message you get? Does it matter in which order you run them? I will try and see if I can fire up a v12 in my home lab. /Patrik
Iqbal_khan_2304Hi Patrik, Tried all combinations mentioned regarding TLS1.2 but no joy :(... getting error message as below: Initialize-F5.iControl : Could not initialize connection with supplied information At C:\Program Files (x86)\F5 Networks\iControlSnapIn\MyBigIPReport.PS1:805 char:13 + $success = Initialize-F5.iControl -Username $user -Password $pass -HostName $Bi ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (test-lb-4:String) [Initialize-F5.iControl], Exception + FullyQualifiedErrorId : 2,iControlSnapIn.CmdLet.Global.InitializeiControl- Thank you for the update. Will get back to you as soon as I have something.
- mike_89584Hi Patrik Thanks for your reply - I did try both true and false for TLS1.2 but that made no difference. The error I was getting is the same as Iqbal_khan. HOWEVER it is now all working perfectly - the trouble is I have no idea why - it just decided to work - I did not change anything.... just arrived at work, decided to try and have another go at it, but is just worked. frustrating. Did you say there should be an "update available" button / indicator on the report? because if there is, I don't see it? Thanks
- Hi Mike. That's good news, if not a bit puzzling. :) Yes, the update button will appear after a while when a new report has been generated. The client runs a javascript which polls the page and checks if the document has been updated. If it has it will show the button, if not it won't. I will still proceed to test 11.6 and 12.0 in order to try and reproduce the problems. As I might have mentioned before the error thrown by Initialize-F5.iControl is a bit devious. It says that the authentication has failed but I believe this is a hard coded error message as it says so even when a connection can't be established at all. I have had issues in the past with certain platforms (I think it was Windows 7). We're running the script on a Windows 2012 server.
- Hi! I just ran the latest version of the snapin using powershell 4.0 on a Windows 8.1 client. Tried to connect to the v12 and then the 11.6. Then I reversed the order. Both worked fine. Could you capture some pcaps and see if iControl manage to negogiate a cipher and send some authentication? Could you also try to change the order of the device list to use v12 first and then v11.6 (and then reverse)? /Patrik
- mike_89584Hi Patrik, Not sure what I'm doing / not doing but try as I might, I cannot get the "update indicator" to appear - have the script running every 10 mins using task scheduler on the webserver, and webpage is displayed on there and also on a remote machine - I make changes to nodes etc. but no indicator appears even after considerable time to indicate that a change has been made? thanks!
