report
8 TopicsHi - Need to export VIP name, IP, status (offline/available/unknown), pool and Poolmembers
Hi, I went through many articles but couldn't find any script for a consolidated report that would have these details: VIP name VIP IP VIP Status (offline/available/unknown) pool poolmembers I did find separate articles though but not a consolidated one. I am new and not verse with scripting. https://my.f5.com/manage/s/article/K72255145 https://my.f5.com/manage/s/article/K000135606 If anyone can please help with this required script it would be of great help. Thanks in advance. Regards, Ravi60Views0likes1CommentHow to generate ASM report from a pre-defined filter using TMSH
Is there a way to generate a report using a pre-defined report (filter) using CLI (TMSH)? Though I should be able to generate the same report by typing down the filter for the report in TMSH but TMSH does not understand the Drilldown for Security Policy for some reason. For instanace, when I try to run the following command it is not able to identify the Policy save analytics application-security report view-by attack-type measures { occurrences } drilldown {{ entity policy values { My_Security_Policy_Name } } } format pdf file foo.pdf range now-3w The error I get for above is : Data Input Error: Invalid entity value My_Security_Policy_Name This is strange because I am able to see and set Security Policies in the filter in GUI. I am using Big-IP 12.1.0.206Views0likes0CommentsExport GTM/DNS Configuration in CSV - tmsh cli script
Problem this snippet solves: This is a simple cli script used to collect all the WideIP, LB Method, Status, State, Pool Name, Pool LB, Pool Members, Pool Fall back, Last Resort pool info in CSV format. A sample output would be like below, One can customize the code to extract other fields available too. Check out my other codeshare of LTM report. Note: The codeshare may get multiple version, use the latest version alone. The reason to keep the other versions is for end users to understand & compare, thus helping them to modify to their own requirements. Hope it helps. How to use this snippet: Login to the GTM/DNS, create your script by running the below commands and paste the code provided in snippet, tmsh create cli script gtm-config-parser Delete the proc blocks, so it looks something like below, create script gtm-config-parser { ## PASTE THE CODE HERE ## } and paste the code provided in the snippet. Note: When you paste it, the indentation may be realigned, it shouldn't cause any errors, but the list output would show improperly aligned. Feel free to delete the tab spaces in the code snippet & paste it while creating, so indentation is aligned properly. And you can run the script like below, tmsh run cli script gtm-config-parser > /var/tmp/gtm-config-parser-output.csv And get the output from the saved file, open it on excel. Format it & use it for audit & reporting. cat /var/tmp/gtm-config-parser-output.csv Feel free to add more elements as per your requirements. For version 13.x & higher, there requires a small change in the code. Refer the comments section. Thanks to @azblaster Code : proc script::run {} { puts "WIP,LB-MODE,WIP-STATUS,WIP-STATE,POOL-NAME,POOL-LB,POOL-MEMBERS,POOL-FB,LASTRESORT-POOL" foreach { obj } [tmsh::get_config gtm wideip all-properties] { set wipname [tmsh::get_name $obj] set wippools [tmsh::get_field_value $obj pools] set lbmode [tmsh::get_field_value $obj "pool-lb-mode"] set lastresort [tmsh::get_field_value $obj "last-resort-pool"] foreach { status } [tmsh::get_status gtm wideip $wipname] { set wipstatus [tmsh::get_field_value $status "status.availability-state"] set wipstate [tmsh::get_field_value $status "status.enabled-state"] } foreach wippool $wippools { set pool_name [tmsh::get_name $wippool] set pool_configs [tmsh::get_config /gtm pool $pool_name all-properties] foreach pool_config $pool_configs { set pool_lb [tmsh::get_field_value $pool_config "load-balancing-mode"] set pool_fb [tmsh::get_field_value $pool_config "fallback-mode"] if { [catch { set member_name [tmsh::get_field_value $pool_config "members" ]} err] } { set pool_member $err } else { set pool_member "" set member_name [tmsh::get_field_value $pool_config "members"] foreach member $member_name { append pool_member "[lindex $member 1] " } } puts "$wipname,$lbmode,$wipstatus,$wipstate,$pool_name,$pool_lb,$pool_member,$pool_fb,$lastresort" } } } } Tested this on version: 11.63.7KViews2likes6CommentsSSL Cert expiration Tracker
Problem this snippet solves: Script is useful for large F5 LTM infrastructure. Instead of checking certs being expired on individual LTM, just list all your LB's in single file and script will check and create a report. How to use this snippet: This is made up of 3 parts: 1- hosts file (hosts.txt) 2- The Script 3- Report (bigip.data) Make sure you have Python 3 installed on your system. Install F5 SDK - i.e "pip install f5-sdk" and other modules such as dateutil, getpass, datetime etc. Create Text file "hosts.txt" and keep it in same directory as script. List all your LB's in "hosts.txt", each on new line. That's all! Run the script. If you face any issue let me know. Please provide any suggestions. Code : 92601980Views0likes3CommentsReport: 1) All servers which are behind ASM in transparent/blocking 2) All active attack signatures in the policy
Hello! I have a requirement from management for 2 reports: 1) a report which lists all the current servers with ASM active I tried to get this info from ArcSight SIEM but the hostname field is empty and all I get is IP address. 2) second report which lists all active attack signatures for a policy I tried exporting the policy but there are only signature numbers. Any suggestion how I could accomplish the mentioned tasks?Solved508Views0likes4CommentsSSL Certificate Usage Report
Our client has an fast approaching, expiring SHA1 SSL certificate and we need to plan for importing the new cert, creating a new Profile and and updating all LTM Virtuals accross all VCMP's Before we can do this, we need to identify the SSL Cert used in each SSL client profile on each VS on each VCMP! I have tried using the command: tmsh list / ltm virtual one-line | grep $cert But this doesn't always list VS that are in different partitions other than /Common Is there an easier way to identify which VS uses the SSL Cert used in each SSL client profile? To make matters worse, the previous company that set up the implemented different names and variations of client ssl profiles that use various combinations of the same certificate or a different file of the same certificate! Note: We also have two VCMP's licenced with the APM module, which may or may not be of importance here.245Views0likes0Comments