ASM Policy Report
Problem this snippet solves:
PowerShell script using F5 iControls that produces an email report of all ASM policies and what websites they protect. If a policy is enabled at the HTTP Class, it will be presented via a green table. Disabled policies will be presented via a red table.
Code :
# ============================================================================================== # # COMMENT: used on our 1600 running v11 to email out a weekly report of websites protected by the ASM # # Created from Ps Config Archiving @https://devcentral.f5.com/s/wiki/iControl.PsConfigArchiving.ashx # # ============================================================================================== # Customize the following six variables $g_file = "C:\Folder\File.txt" # ref: http://technet.microsoft.com/en-us/magazine/ff714574.aspx $g_uid = "F5User" $g_bigip = "F5.domain.com" $g_email_to = "recipient@domain.com" $g_email_from = "ASM Policy Report" $g_email_smtp = "smtp.domain.com" Set-PSDebug -strict; Function Get-ASMPolicyList(){ $ASMPolicyList = (Get-F5.iControl).ASMWebApplication.get_list() | Select-String "/Common/*" | %{$_.line.substring(8)} | Sort-Object Return $ASMPolicyList } # End Get-ASMPolicyList Function Function Get-LogonPwd(){ $a1 = Get-Content -Path $g_file | ConvertTo-SecureString $b1 = New-Object system.management.automation.pscredential($g_uid,$a1) $ReturnValue = $b1.GetNetworkCredential().password Return $ReturnValue } # End Get-Logon Function function Get-PolicyState($PolicyName){ $FullPolicyName = "/Common/$PolicyName" $PolicyState = ((Get-F5.iControl).ASMWebApplication).get_enabled_state($FullPolicyName) Return $PolicyState } # End Get-PolicyState Function Function Do-Initialize($pwd){ if ( (Get-PSSnapin | Where-Object { $_.Name -eq "iControlSnapIn"}) -eq $null ){ Add-PSSnapIn iControlSnapIn } $success = Initialize-F5.iControl -HostName $g_bigip -Username $g_uid -Password $PWD; return $success; } # End Do-Initialize Function Function Get-PolicyPatterns($PolicyName){ $PolicyPatterns = (Get-F5.iControl).LocalLBProfileHttpClass.get_host_match_pattern($PolicyName) | %{$_.values} | Format-Table Pattern -HideTableHeaders | Out-String Return $PolicyPatterns.trim() } # End Get-PolicyPatterns Function Function Get-EmailSendFunc($SUBJECT,$BODY){ Send-MailMessage -SmtpServer $g_email_smtp -To $g_email_to -From $g_email_from -Subject $SUBJECT -Body $BODY -BodyAsHtml } # End Get-EmailFunc Function Function Get-TableFormat($heading,$contents,$state){ $contentsHTML = "" if($contents.length -gt 1){ $contents = $contents.split(" ") | Where-Object {$_ -ne ""} | %{$_.trim()} foreach($item in $contents){ $contentsHTML += "$item" } } if($state -eq $true){ [string]$TableFormatReturn = " " } else { [string]$TableFormatReturn = "
$contentsHTML $heading " } Return $TableFormatReturn } # End Get-TableFormat Function #------------------------------------------------------------------------- # Main Application Logic #------------------------------------------------------------------------- $g_pwd = Get-LogonPwd if(Do-Initialize -pwd $g_pwd){ [string]$MainBody = "" $MainBody = "" $MainBodyFooter = "
$contentsHTML $heading Red indicates disabled policies while green indicates enabled policies.
" $MainASMPolicyList = Get-ASMPolicyList foreach($MainASMPolicy in $MainASMPolicyList){ $MainPolicyState = Get-PolicyState -PolicyName $MainASMPolicy $MainPolicyPattern = Get-PolicyPatterns -PolicyName $MainASMPolicy $MainPolicyPatternHTML = Get-TableFormat -heading $MainASMPolicy -contents $MainPolicyPattern -state $MainPolicyState $MainBody = $MainBody + $MainPolicyPatternHTML } $MainBody += $MainBodyFooter $emailDate = (get-date).tostring("MMMM dd") Get-EmailSendFunc -SUBJECT "ASM Policy Report - $emailDate" -BODY $MainBody } else { Get-EmailFunc -SUBJECT "FAILED: Do-Initialize" -BODY "ASM Policy Report" } Exit Exit
Published Mar 07, 2015
Version 1.0
