Export Requests or Security Analytics from F5 Distributed Cloud

Wrote this code and thought I would share. You will need Python3 installed, and may need to use "pip" to install the "requests" package.

Parameters can be displayed using the "-h" argument.

A valid API Token is required for access to your tenant.

One required filter is the Load Balancer name, and additional filters can be added to further confine the output.

Times are in UTC, just like the API requires, and is displayed in the JSON event view in the GUI

Log entries are written to the specified file in JSON format, as it comes from the API.

Example execution:

python3 xc-log-api-extract.py test-api.json security my-tenant-name my-namespace my-api-token my-load-balancer-name 2025-01-13T17:15:00.000Z 2025-01-14T17:15:00.000Z

Here is the help page:

python3 xc-log-api-extract.py -h
usage: xc-log-api-extract.py [-h] [-srcip SRCIP] [-action ACTION] [-asorg ASORG] [-asnumber ASNUMBER] [-policy POLICY] outputfilename {access,security} tenant namespace apitoken loadbalancername starttime endtime

Python program to extract XC logs

positional arguments:
  outputfilename      File to write JSON log messages to
  {access,security}   logtype to query
  tenant              Tenant name
  namespace           Namespace in tenant
  apitoken            API Token to use for accessing log data, created in Administration/IAM/Service Credentials, type "API Token"
  loadbalancername    Load Balancer name to filter on (required)
  starttime           yyyy-mm-mmThh:mm:ss.sssZ
  endtime             yyyy-mm-mmThh:mm:ss.sssZ

options:
  -h, --help          show this help message and exit
  -srcip SRCIP        Optional filter by Source IP
  -action ACTION      Optional filter by action (allow, block)
  -asorg ASORG        Optional filter by as_org
  -asnumber ASNUMBER  Optional filter by as_number
  -policy POLICY      Optional filter by policy_hits.policy_hits.policy

DeVon Jarvis, v1.2 2025/01/21

Enjoy!

DeVon Jarvis