Ps Global Ssl Statistics

Problem this snippet solves:

This application will explore the system level ssl statistics available in the System.Statistics interface.

Continuing on with my series of applications on system level statistics, this application will look into the insides of the SSL subsystem and dump out the available statistics for client and server based SSL processing.

Code :

# The contents of this file are subject to the "END USER LICENSE AGREEMENT FOR F5
# Software Development Kit for iControl"; you may not use this file except in
# compliance with the License. The License is included in the iControl
# Software Development Kit.
#
# Software distributed under the License is distributed on an "AS IS"
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
# the License for the specific language governing rights and limitations
# under the License.
#
# The Original Code is iControl Code and related documentation
# distributed by F5.
#
# The Initial Developer of the Original Code is F5 Networks,
# Inc. Seattle, WA, USA. Portions created by F5 are Copyright (C) 1996-2007 F5 Networks,
# Inc. All Rights Reserved.  iControl (TM) is a registered trademark of F5 Networks, Inc.
#
# Alternatively, the contents of this file may be used under the terms
# of the GNU General Public License (the "GPL"), in which case the
# provisions of GPL are applicable instead of those above.  If you wish
# to allow use of your version of this file only under the terms of the
# GPL and not to allow others to use your version of this file under the
# License, indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by the GPL.
# If you do not delete the provisions above, a recipient may use your
# version of this file under either the License or the GPL.
#----------------------------------------------------------------------------
param (
  $g_bigip = $null,
  $g_uid = $null,
  $g_pwd = $null
);

Set-PSDebug -strict;

#-------------------------------------------------------------------------
# function Write-Usage
#-------------------------------------------------------------------------
function Write-Usage()
{
  Write-Host "Usage: GlobalSSLStats.ps1 host uid pwd";
  exit;
}

#-------------------------------------------------------------------------
# function Get-TimeFromTimeStamp
#-------------------------------------------------------------------------
function Get-TimeFromTimeStamp()
{
  param ($TimeStamp);
  $dt = new-object -typename System.DateTime
  $dt = $dt.AddYears($TimeStamp.year-1).AddMonths($TimeStamp.month-1).AddDays($TimeStamp.day-1);
  $dt = $dt.AddHours($TimeStamp.hour).AddMinutes($TimeStamp.minute).AddSeconds($TimeStamp.second);
  return $dt;
}

#-------------------------------------------------------------------------
# function Convert-To64Bit
#-------------------------------------------------------------------------
function Convert-To64Bit()
{
  param($high, $low);
  return ($high*[Math]::Pow(2,32))+$low;
}

#-------------------------------------------------------------------------
# function Get-StatisticLabel
#-------------------------------------------------------------------------
function Get-StatisticLabel()
{
  param($type);
  $label = "";
  
  switch($type)
  {
    "STATISTIC_SSL_COMMON_CURRENT_CONNECTIONS" {
      $label = "Connections - currently Opened";
    }
    "STATISTIC_SSL_COMMON_MAXIMUM_CONNECTIONS" {
      $label = "Connections - maximum simultaneous";
    }
    "STATISTIC_SSL_COMMON_CURRENT_NATIVE_CONNECTIONS" {
      $label = "Connections - currently opened native";
    }
    "STATISTIC_SSL_COMMON_MAXIMUM_NATIVE_CONNECTIONS" {
      $label = "Connections - maximum simultaneous native";
    }
    "STATISTIC_SSL_COMMON_TOTAL_NATIVE_CONNECTIONS" {
      $label = "Connections - total native";
    }
    "STATISTIC_SSL_COMMON_CURRENT_COMPATIBLE_MODE_CONNECTIONS" {
      $label = "Connections - currently opened compatible mode";
    }
    "STATISTIC_SSL_COMMON_MAXIMUM_COMPATIBLE_MODE_CONNECTIONS" {
      $label = "Connections - maximum compatible mode";
    }
    "STATISTIC_SSL_COMMON_TOTAL_COMPATIBLE_MODE_CONNECTIONS" {
      $label = "Connections - total compatible mode";
    }
    "STATISTIC_SSL_COMMON_ENCRYPTED_BYTES_IN" {
      $label = "Bytes - total encrypted received";
    }
    "STATISTIC_SSL_COMMON_ENCRYPTED_BYTES_OUT" {
      $label = "Bytes - total encrypted sent";
    }
    "STATISTIC_SSL_COMMON_DECRYPTED_BYTES_IN" {
      $label = "Bytes - total decrypted received";
    }
    "STATISTIC_SSL_COMMON_DECRYPTED_BYTES_OUT" {
      $label = "Bytes - Total decrypted sent";
    }
    "STATISTIC_SSL_COMMON_RECORDS_IN" {
      $label = "Records - total received";
    }
    "STATISTIC_SSL_COMMON_RECORDS_OUT" {
      $label = "Records - total sent";
    }
    "STATISTIC_SSL_COMMON_FULLY_HW_ACCELERATED_CONNECTIONS" {
      $label = "Connections - total offloaded";
    }
    "STATISTIC_SSL_COMMON_PARTIALLY_HW_ACCELERATED_CONNECTIONS" {
      $label = "Connections - total assisted";
    }
    "STATISTIC_SSL_COMMON_NON_HW_ACCELERATED_CONNECTIONS" {
      $label = "Connections - total software";
    }
    "STATISTIC_SSL_COMMON_PREMATURE_DISCONNECTS" {
      $label = "Shutdowns - total unclean";
    }
    "STATISTIC_SSL_COMMON_MIDSTREAM_RENEGOTIATIONS" {
      $label = "Hanshakes - total mid-connection";
    }
    "STATISTIC_SSL_COMMON_SESSION_CACHE_CURRENT_ENTRIES" {
      $label = "Cache - current session entries";
    }
    "STATISTIC_SSL_COMMON_SESSION_CACHE_HITS" {
      $label = "Cache - total hits";
    }
    "STATISTIC_SSL_COMMON_SESSION_CACHE_LOOKUPS" {
      $label = "Cache - total lookups";
    }
    "STATISTIC_SSL_COMMON_SESSION_CACHE_OVERFLOWS" {
      $label = "Cache - total overflows";
    }
    "STATISTIC_SSL_COMMON_SESSION_CACHE_INVALIDATIONS" {
      $label = "Cache - total session invalidations";
    }
    "STATISTIC_SSL_COMMON_VALID_PEER_CERTIFICATES" {
      $label = "Certificates - total valid";
    }
    "STATISTIC_SSL_COMMON_INVALID_PEER_CERTIFICATES" {
      $label = "Certificates - total invalid";
    }
    "STATISTIC_SSL_COMMON_NO_PEER_CERTIFICATES" {
      $label = "Certificates - connections without";
    }
    "STATISTIC_SSL_COMMON_HANDSHAKE_FAILURES" {
      $label = "Handshake - total failures";
    }
    "STATISTIC_SSL_COMMON_NOT_SSL_HANDSHAKE_FAILURES" {
      $label = "Handshake - total bad client greetings";
    }
    "STATISTIC_SSL_COMMON_BAD_RECORDS" {
      $label = "Records - total bad";
    }
    "STATISTIC_SSL_COMMON_FATAL_ALERTS" {
      $label = "Alerts - total fatal";
    }
    "STATISTIC_SSL_PROTOCOL_SSLV2" {
      $label = "Protocol - total SSLv2";
    }
    "STATISTIC_SSL_PROTOCOL_SSLV3" {
      $label = "Protocol - total SSLv3";
    }
    "STATISTIC_SSL_PROTOCOL_TLSV1" {
      $label = "Protocol - total TLSv1";
    }
    "STATISTIC_SSL_CIPHER_ADH_KEY_EXCHANGE" {
      $label = "Key Exchange - total anonymous Diffie-Hellman";
    }
    "STATISTIC_SSL_CIPHER_DH_RSA_KEY_EXCHANGE" {
      $label = "Key Exchange - total Diffie-Hellman w/RSA certificate";
    }
    "STATISTIC_SSL_CIPHER_EDH_RSA_KEY_EXCHANGE" {
      $label = "Key Exchange - ephemeral Diffie-Hellman w/RSA certificate";
    }
    "STATISTIC_SSL_CIPHER_RSA_KEY_EXCHANGE" {
      $label = "Key Exchange - RSA cerficate";
    }
    "STATISTIC_SSL_CIPHER_NULL_BULK" {
      $label = "Cipher - No encryption";
    }
    "STATISTIC_SSL_CIPHER_AES_BULK" {
      $label = "Cipher - Advanced Encryption Standard (AES)";
    }
    "STATISTIC_SSL_CIPHER_DES_BULK" {
      $label = "Cipher - Digital Encryption Standard (DES)";
    }
    "STATISTIC_SSL_CIPHER_IDEA_BULK" {
      $label = "Cipher - IDEA (old SSLv2)";
    }
    "STATISTIC_SSL_CIPHER_RC2_BULK" {
      $label = "Cipher - Rivest Cipher 2";
    }
    "STATISTIC_SSL_CIPHER_RC4_BULK" {
      $label = "Cipher - Rivest Cipher 4";
    }
    "STATISTIC_SSL_CIPHER_NULL_DIGEST" {
      $label = "Cipher - No message authentication";
    }
    "STATISTIC_SSL_CIPHER_MD5_DIGEST" {
      $label = "Cipher - Message Digest 5 (MD5)";
    }
    "STATISTIC_SSL_CIPHER_SHA_DIGEST" {
      $label = "Cipher - Secure Hash Algorithm (SHA)";
    }
    default {
      $label = "***UNKNOWN***";
    }
  }
  return $label;
}

#-------------------------------------------------------------------------
# Get-GlobalSSLStatistics
#-------------------------------------------------------------------------
function Get-GlobalSSLStatistics()
{
  $SystemStatisticsClient = (Get-F5.iControl).SystemStatistics.get_client_ssl_statistics();
  $SystemStatisticsServer = (Get-F5.iControl).SystemStatistics.get_server_ssl_statistics();
  $t = Get-TimeFromTimeStamp $SystemStatisticsClient.time_stamp;
  
  $hash = @{};
  
  $hash.Add("* Time Stamp", $t);
  $hash.Add("* Type", "(Client, Server)");
  
  $Statistics = $SystemStatisticsClient.statistics;
  foreach($Statistic in $Statistics)
  {
    $val = Convert-To64Bit $Statistic.value.high $Statistic.value.low;
    $label = Get-StatisticLabel $Statistic.type;
    $hash.Add($label, $val);
  }

  $Statistics = $SystemStatisticsServer.statistics;
  foreach($Statistic in $Statistics)
  {
    $val = Convert-To64Bit $Statistic.value.high $Statistic.value.low;
    $label = Get-StatisticLabel $Statistic.type;
    
    $v1 = $hash[$label];
    $hash[$label] = "($v1, $val)";
  }
  $hash.GetEnumerator() | Sort-Object -Property Name | Format-Table -autosize
}

#-------------------------------------------------------------------------
# Do-Initialize
#-------------------------------------------------------------------------
function Do-Initialize()
{
  if ( (Get-PSSnapin | Where-Object { $_.Name -eq "iControlSnapIn"}) -eq $null )
  {
    Add-PSSnapIn iControlSnapIn
  }
  $success = Initialize-F5.iControl -HostName $g_bigip -Username $g_uid -Password $g_pwd;
  
  return $success;
}

#-------------------------------------------------------------------------
# Main Application Logic
#-------------------------------------------------------------------------
if ( ($g_bigip -eq $null) -or ($g_uid -eq $null) -or ($g_pwd -eq $null) )
{
  Write-Usage;
}

if ( Do-Initialize )
{
  Get-GlobalSSLStatistics;
}
else
{
  Write-Error "ERROR: iControl subsystem not initialized"
}
Published Mar 09, 2015
Version 1.0
  • I get invalid argument exception when i call with below, (this is specific only with 11.6 of F5) final SystemStatisticsSystemStatistics getClientSslStatistics = systemStatistics .get_client_ssl_statistics(); final SystemStatisticsSystemStatistics getServerSslStatistics = systemStatistics .get_server_ssl_statistics();

     

    Please help with this.

     

  • Hello, What version is this for? I am using 11.4 & 11.5 ___ERROR___>>>>>Exception calling "get_client_ssl_statistics" with "0" argument(s): "There is an error in XML document (616, 91)." At C:\Desktop\BIGIP\SSLStats.ps1:229 char:3 + $SystemStatisticsClient = (Get-F5.iControl).SystemStatistics.get_client_ssl_st ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : InvalidOperationException Exception calling "get_server_ssl_statistics" with "0" argument(s): "There is an error in XML document (616, 91)." At C:\Users\dawsonPA\Desktop\BIGIP\SSLStats.ps1:230 char:3 + $SystemStatisticsServer = (Get-F5.iControl).SystemStatistics.get_server_ssl_st ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : InvalidOperationException Exception calling "AddYears" with "1" argument(s): "The added or subtracted value results in an un-representable DateTime. Parameter name: months" At C:Desktop\BIGIP\SSLStats.ps1:52 char:3 + $dt = $dt.AddYears($TimeStamp.year-1).AddMonths($TimeStamp.month-1).AddDays($T ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : ArgumentOutOfRangeException