Forum Discussion

Ade_Jackson_114's avatar
Ade_Jackson_114
Icon for Nimbostratus rankNimbostratus
Jun 13, 2015

Can someone help with scripting?

I need to run a monthly report. I have no clue on how to create a script. Need to find the SSO profile protocol statistics for each virtual server on CLI. F5 engineer point me to this site for help. Here's his recommendation. The profile information is separate from the virtual server information as they are different objects and one ssl profile can be used on more than one virtual server. The best way to grab this information in a report format would be to write a script that would query for the list of virtual servers and then loop through them one by one getting the proper name of the profile you want to query. You can then use the profile name to run the query and grep for the protocol data. This can all then be output to a file for you to review.

 

application delivery
BIG-IP DNS
hp
LTM
TMSH

2 Replies

Sort By
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jun 13, 2015
    you say SSO profile first and then SSL profile, which one is it? perhaps you will get lucky and some will provide a working script, but also for yourself it might be wise to try this yourself. first find out which command you need i would assume: tmsh show ltm profile client-ssl even better might be show ltm virtual profiles which shows you the client-ssl statistics for that virtual server. no you are left with cycling through your virtual server, that is in principle basic scripting, this is a nice moment to get into it.
  • Seth_Cooper's avatar
    Seth_Cooper
    Icon for Employee rankEmployee
    Jun 13, 2015

    Hi Ade,

    Here is a quick sample script that will show all the Protocol stats for the clientssl profiles for the Virtual servers that have them enabled. This script is probably not perfect but I wrote it really quick and it seems to work in my environment. You might need to modify to meet your needs.

    [root@device:Active:Standalone] config  cat report.bash 
!/bin/bash

 List Profiles
PROFILES=`tmsh list ltm profile client-ssl | grep "^ltm" | awk -F" " '{print $4}'`

for all in ${PROFILES} 
do

  VS_NAME=`tmsh list ltm virtual one-line | grep $all | awk -F" " '{print $3}'`

  if [ "${VS_NAME}" != "" ]
   then
    echo "$VS_NAME -- $all"
    tmsh show ltm profile client-ssl $all | grep Protocol
  fi

done
[root@device:Active:Standalone] config

    Here is what the output looks like.

    [root@device:Active:Standalone] config  bash report.bash 
test_NA_vs -- clientssl
Protocol                                                    
  SSL Protocol Version 2                                            0
  SSL Protocol Version 3                                            0
  TLS Protocol Version 1.0                                          0
  TLS Protocol Version 1.1                                          0
  TLS Protocol Version 1.2                                        261
  DTLS Protocol Version 1                                           0
my_policy_vs -- website.net_client
Protocol                                                    
  SSL Protocol Version 2                                            0
  SSL Protocol Version 3                                            0
  TLS Protocol Version 1.0                                          1
  TLS Protocol Version 1.1                                          0
  TLS Protocol Version 1.2                                          6
  DTLS Protocol Version 1                                           0
[root@device:Active:Standalone] config

    You will need to save the report to the system and then run it. You can add this to cron if you want and add some mail commands around it then have it email the report when you want to see it.

    As boneyard stated this is a great opportunity for you to look into scripting and learn a bit about it. I hope this helps you get started.

    Regards,

    Seth