TMSH
2078 TopicsNeed help on CLI command to fetch < VIP Name + current connections >
Hello Experts , I need help in modifying below command which should also give me information of VIP name along with current connection . show ltm virtual recursive all | grep 'Availability\|Current Connections' As you can see this command only gives info of current connection but it will not tell which VIP has the current connection value ... blue.whale@(F5-BIGIP-ACT)(cfg-sync In Sync)(Active)(/Common)(tmos)# show ltm virtual recursive all | grep 'Availability\|Current Connections' Display all 1942 items? (y/n) y Availability : available Current Connections 0 0 - Availability : available Current Connections 38 0 - Availability : available Current Connections 0 0 - Availability : available Current Connections 73 0 - Availability : available Current Connections 0 0 - Availability : available Current Connections 0 0 -Solved56Views0likes1CommentHow to modify client-ssl on multiple VS using TMSH
Hi, I was able to get the list of virtual servers using cert1 for example by list and grep. Now, I want to use TMSH to use the CLI in replacing client-ssl cert1 to cert2. If I have like 50 VS, how to do that using modify on TMSH? If I do modify /ltm virtual VSname profile add SSLname context clientside, im getting this error: "vs has more than one clientssl/serverssl profile with same server name" If I do delete, im getting this error: "Syntax Error: "context" is a read-only property" If I do replace-all-with, cert2 is configured but wipes all other profiles and i don't want to put alot of config to reconfigure all profiles in a VS. Is there a 1 line command I can do? TIA1.3KViews2likes3Commentsnetwork failover/serial cable for HA
for HA configurations, there are 3 options network failover in network failover the heartbeat is the network packet serial failover serial cable failover is just checking a voltage heartbeat between the two systems. network and Serial failover I not sure does it mean failover only take place when network and serial both are failed or ? if use both, how to test if it is working?Solved1.3KViews0likes14CommentsSupported way to use MFA to BIG-IP GUI and shell
I have read on DevCentral various mechanisms to implement 2FA (MFA) using APM and even some packages to change the PAM and implement this on the SSH shell. Are there any supported mechanisms to protect the BIG-IP Web interface via multi-factor? Even if one had the APM, can it be turned around to control the BIG-IP GUI itself? Also, what about SSH access? I am curious if others have solved this issue. It is surprising to me that at least the GUI does not have a native MFA solution to basic administration. Thanks, Tom1.2KViews1like5CommentsModifying multiple entries in a datagroup via api?
We have a datagroup with entries like this: domain1.com := virtual /Common/www.domain1.com_vs_443 domain2.com := virtual /Common/www.domain2.com_vs_443 domain3.com := virtual /Common/www.domain3.com_vs_443 And so forth. This datagroup gets used by an iRule for re-routing traffic based on SNI. I need to be able to make an HTTP call to the F5 to remap these to put up a mainteance page. So in other words I want to modify the above to: domain1.com := virtual /Common/maintenance.domain1.com_vs_443 domain2.com := virtual /Common/maintenance.domain2.com_vs_443 domain3.com := virtual /Common/maintenance.domain3.com_vs_443 I figured out that I can make a curl request as such to delete entries from the datagroup: curl -ku "admin:superS3cret" -X PATCH -H 'Content-type: application/json' -d '{ "name":"dummy" }' https://lb1.internal.local/mgmt/tm/ltm/data-group/internal/dummy?options=records%20delete%20%7B%20www.domain1.com,www.domain2.com,www.domain3.com%20%7D |jq . And via this articlehttps://community.f5.com/t5/technical-forum/add-new-key-into-data-group-without-updating-entire-list-using/td-p/272699I was able to determine we could add a key using this: curl -ku "admin:superS3cret" -X PATCH -H 'Content-type: application/json' -d '{ "name":"dummy" }' 'https://lb1.internal.local/mgmt/tm/ltm/data-group/internal/dummy?options=records%20add%20%7b%20www.domain1.com%20%7b%20data%20%22virtual%20%2FCommon%2Fmaintenance.domain1.com_vs_443%22%20%7d%20%7d' |jq . However then I have to have one HTTP Request per domain. If I need to repoint 20 sites for example I have to make 20 different requests instead of one request with all domains. Is there a way to add multiple records at once? I tried something like this: curl -ku "admin:superS3cret" -X PATCH -H 'Content-type: application/json' -d '{ "name":"dummy" }' 'https://lb1.internal.local/mgmt/tm/ltm/data-group/internal/dummy?options%3Drecords%20add%20%7B%20www.domain1.com%20%7B%20data%20%22virtual%20%2FCommon%2Fmaintenance.domain1.com_vs_443%22%20%7D%20domain1.com%20%7B%20data%20%22virtual%20%2FCommon%2Fmaintenance.domain1.com_vs_443%22%20%7D%20www.domain2.com%20%7B%20data%20%22virtual%20%2FCommon%2Fmaintenance.domain2.com_vs_443%22%20%7D%20www.domain3.com%20%7B%20data%20%22virtual%20%2FCommon%2Fmaintenance.domain3.com_vs_443%22%20%7D%20www.domain4.com%20%7B%20data%20%22virtual%20%2FCommon%2Fmaintenance.domain4.com_vs_443%22%20%7D%7D' |jq . Here's the URL HTML decoded (so its easier to read): https://lb1.internal.local/mgmt/tm/ltm/data-group/internal/dummy?options=records add { www.domain1.com { data "virtual /Common/maintenance.domain1.com_vs_443" } domain1.com { data "virtual /Common/maintenance.domain1.com_vs_443" } www.domain2.com { data "virtual /Common/maintenance.domain2.com_vs_443" } www.domain3.com { data "virtual /Common/maintenance.domain3.com_vs_443" } www.domain4.com { data "virtual /Common/maintenance.domain4.com_vs_443" }} However I get this error: { "code": 400, "message": "one or more properties must be specified", "errorStack": [], "apiError": 26214401 } I haven't been able to figure out if adding multiple records isn't supported or if I have the syntax wrong and frankly the documentation here:https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_ltm_data-group_internal.htmland here:https://clouddocs.f5.com/cli/tmsh-reference/v14/modules/ltm/ltm_data-group_internal.htmlisn't super clear. Frankly the fact that patch doesn't just modify entries sent seems like a bug to me and using ?options record add seems like a hack. Alternatively is there some way to run a modify instead of running delete and then add? That would be even more efficient (less HTTP calls) and less opportunity for a call to fail. I know I can just get all records, modify them and then post all records back. The trouble with that approach is that then I'm touching records I really don't want to touch and having to do some sort of regex replace. This seems like it could have the potential to accidentally modify records I don't want to modify if my regex isn't very explicit. I would prefer a more targeted approach which only modifies the records that need modifying and that touches nothing else. ThanksSolved843Views0likes9CommentsDevice name under 'Device Management'
I'm looking for some information as to why there's device name shown as 'bigip1(self)' and also a hostname under 'Device Management > Devices', though the device hostname has been changed. Also, is there a way to change the device name from the CLI?737Views0likes5CommentsHow to set different Priority Groups while adding nodes to pool with TMSH?
Version 11.4.1 and 11.5.0. I want to use a single TMSH command to create a pool and add 2 nodes each with a different Priority Group. Is this even possible? I am trying this in tmsh ltm: create pool pool_psc_p1_2_443 members add { view-p1-psc3:443 } priority-group 10 add { view-p1-psc4:443 } priority-group 1 monitor vmware_psc_monitor_TCP load-balancing-mode round-robin ...but I get this error: Syntax Error: "priority-group" unknown property I think I will have to first create the pool, then go back and modify it. I find the BigIP command line and TMSH difficult enough already, so I am inclined not to keep fiddling with it to try to make this work. The TMSH guide for 11.4.1 is rather useless for me here because the examples "delete pool my_pool" and "list pool my_pool" are a slightly a bit too overly simple.958Views0likes3CommentsSend /var/log/ltm on syslog destination without AUDIT logs
Hello everyone, I'm trying to filter just /var/log/ltm logs in F5 version 13.1.1.4, but with my configuration I can't filter the AUDIT logs, is still sending it to my syslog destination. I configured this in syslog all-properties: include " filter syslog_level { facility(local0) and level(debug..crit); }; filter no_audit { not match ("AUDIT"); }; destination remote_server { udp(\"172.16.10.26\" port(4000)); }; log { source(local); filter(syslog_level); filter(no_audit); destination(remote_server); }; " But, when I tried to restart the service syslog-ng, shows the next message: WARNING: the match() filter without the use of the value() option is deprecated and hinders performance, please use a more specific filter like message() and/or program() instead.; Any ideas how can I just receive /var/log/ltm on my syslog destination? Thanks in advanced.Solved1.1KViews0likes3CommentsModifying iCall from TMSH
Hi, I've created an iCall script from TMSH, but now I have to modify it. Creating a script from TMSH is fine, no problem, but modifying is a bit more troublesome. (tmos)# modify /sys icall script myscript Syntax Error: one or more properties must be specified (tmos)# modify /sys icall script myscript definition Syntax Error: the script "definition" must be enclosed in { } I was hoping that the script would open in an editor like it does when you run "create /sys icall script". Which method is the best way to create and modify scripts? /eljaySolved630Views0likes2Comments