Forum Discussion
Kai_Wilke
Mar 09, 2017MVP
Hi Samyool,
I've recycled some older code for you to get a PoC up and running within a few minutes. Here we go...
Configure a Layer4 VS:80 that points to the MGMT-ETH:443 of your F5
1.) Execute the following command on TMSH
load sys config merge from-terminal
2.) Paste the following config into TMSH
ltm pool Pool_F5-MGMT-ETH {
members {
Node_F5-MGMT-ETH:https {
address x.x.x.x%1
session monitor-enabled
state up
}
}
monitor gateway_icmp
}
ltm virtual VS_F5-MGMT-ETH {
destination 1.1.1.1%1:http
ip-protocol tcp
mask 255.255.255.255
pool Pool_F5-MGMT-ETH
profiles {
serverssl {
context serverside
}
tcp { }
}
source 0.0.0.0%1/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
}
Note: You have to change the node IP address to match the MGMT-IP of your LTM. The IP of the Virtual Server can be keept, since its just used for internal communication.
3.) Hit CRTL+D to save the config change
Write a TCL procedure to trigger a SIDEBAND connection towards your Layer4 VS:80 (aka. your REST-API) to execute [tail] and finally download X lines of logfile Y.
1.) Add the following procedure to your existing iRule
proc get_logfiles { virtual basic_creds logfile lines } {
set tcp_conn [connect -timeout 2000 -idle 2000 -status tcp_conn_status $virtual]
if { $tcp_conn_status equals "connected" } then {
set http_request_body "\{\"command\":\"run\",\"utilCmdArgs\":\"-c 'tail -n $lines $logfile'\"\}"
set http_request "POST /mgmt/tm/util/bash HTTP/1.0\r\nAuthorization: Basic $basic_creds\r\nContent-Length: [string length $http_request_body]\r\n\r\n$http_request_body"
send -timeout 2000 -status tcp_sent_status $tcp_conn $http_request
if { $tcp_sent_status equals "sent" } then {
set http_response [recv -timeout 5000 $tcp_conn]
if { $http_response starts_with "HTTP/1.1 200" } then {
return [getfield $http_response {commandResult":"} 2]
} elseif { $http_response equals "" } then {
return "Error: Receive Timeout"
} else {
return "Error: API Response = $http_response"
}
} else {
return "Error: Send Status = $tcp_sent_status"
}
} else {
return "Error: Connection Status = $tcp_conn_status"
}
}
Call the TCL procedure within your iRule
set log_lines [call YOUR_IRULE_NAME::get_logfiles "VS_F5-MGMT-ETH" [b64encode "admin:password"] "/var/log/ltm" 50]
Cheers, Kai