Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Finding all virtual servers with "log all traffic" policy applied via API

kyle_martin_evop
Nimbostratus
Nimbostratus

‎26-Jul-2023 08:17

Hello,

I am trying to locate virtual server configs in my F5 environment that are configured to log all traffic requests. Obviously, this has a detrimental impact to F5 logging performance. Is there a way to use the TMSH shell or REST API to interrogate the F5 appliance via a script and get a listing of all virtuals that use a "log all traffic" policy so I can change the policy and give our logging servers a bit of respite?

 

Thank you,

Kyle

Labels:
3 REPLIES 3

AubreyKingF5
Community Manager
Community Manager

‎26-Jul-2023 08:54 

tmsh list ltm virtual one-line | egrep 'og.all.traffic'

Give that a shot? 

JRahm
Community Manager
Community Manager

‎27-Jul-2023 16:29

Hi @kyle_martin_evop,

@AubreyKingF5's solution will work with a slight modification:

tmsh list ltm virtual one-line | egrep -i 'log.all.requests' | awk '{ print $3 }'

You could run bash via iControl rest against all your BIG-IPs to get this output.

but you can also do this natively via iControl REST against the virtual endpoint:

####
# GET request to -> https://ltm15/mgmt/tm/ltm/virtual?$select=name,securityLogProfiles,
####
# RESULT:
{
  "kind": "tm:ltm:virtual:virtualcollectionstate",
  "selfLink": "https://localhost/mgmt/tm/ltm/virtual?$select=name%2CsecurityLogProfiles%2C&ver=15.1.8.1",
  "items": [
    {
      "name": "nginx-vip-tls",
      "securityLogProfiles": [
        "\"/Common/Log all requests\""
      ],
      "securityLogProfilesReference": [
        {
          "link": "https://localhost/mgmt/tm/security/log/profile/~Common~Log%20all%20requests?ver=15.1.8.1"
        }
      ]
    },
    {
      "name": "testapp-vip"
    },
    {
      "name": "testappssl-vip"
    }
  ]
}

You can then parse this on the client side to cut down to match only the virtual servers with the matching condition.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

JRahm
Community Manager
Community Manager
In response to JRahm

‎27-Jul-2023 22:12 - edited ‎27-Jul-2023 22:13

Whipped up a sample python script using the bigrest module to iterate through multiple hosts and virtuals...only tested against my one host and virtual, but should be a start as an idea of what you can do:

 

from bigrest.bigip import BIGIP

with open('hosts.txt', 'r') as hostfile:
    hosts = [line.strip() for line in hostfile]

for host in hosts:
    b = BIGIP(host, 'admin', 'admin', session_verify=False)
    try:
        vips = b.load('/mgmt/tm/ltm/virtual')
        for vip in vips:
            if 'securityLogProfiles' in vip.properties.keys():
                if '"/Common/Log all requests"' in vip.properties.get('securityLogProfiles'):
                    print(f'Host: {host}, Virtual: {vip.properties.get("name")}')
    except Exception as e:
            print(e)

 

When run:

 

python logallrequests.py 

Host: 172.16.2.115, Virtual: nginx-vip-tls

 

hosts file is just a text file with a single host per line...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
Copyright © 2023 Khoros, LLC