For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kyle_martin_evop's avatar
kyle_martin_evop
Icon for Nimbostratus rankNimbostratus
Jul 26, 2023

Finding all virtual servers with "log all traffic" policy applied via API

Hello, I am trying to locate virtual server configs in my F5 environment that are configured to log all traffic requests. Obviously, this has a detrimental impact to F5 logging performance. Is there...
LTM
rest api
security
TMSH
JRahm's avatar
JRahm
Icon for Admin rankAdmin
Jul 27, 2023

Hi kyle_martin_evop,

AubreyKingF5's solution will work with a slight modification:

tmsh list ltm virtual one-line | egrep -i 'log.all.requests' | awk '{ print $3 }'

You could run bash via iControl rest against all your BIG-IPs to get this output.

but you can also do this natively via iControl REST against the virtual endpoint:

####
# GET request to -> https://ltm15/mgmt/tm/ltm/virtual?$select=name,securityLogProfiles,
####
# RESULT:
{
  "kind": "tm:ltm:virtual:virtualcollectionstate",
  "selfLink": "https://localhost/mgmt/tm/ltm/virtual?$select=name%2CsecurityLogProfiles%2C&ver=15.1.8.1",
  "items": [
    {
      "name": "nginx-vip-tls",
      "securityLogProfiles": [
        "\"/Common/Log all requests\""
      ],
      "securityLogProfilesReference": [
        {
          "link": "https://localhost/mgmt/tm/security/log/profile/~Common~Log%20all%20requests?ver=15.1.8.1"
        }
      ]
    },
    {
      "name": "testapp-vip"
    },
    {
      "name": "testappssl-vip"
    }
  ]
}

You can then parse this on the client side to cut down to match only the virtual servers with the matching condition.