Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
code share

F5 Bash Power Tools

Problem this snippet solves:
  • Use this Bash script to automate TMSH commands and generate reports
  • It is easy to use and learn; enter a function without argument for instructions
  • Option to enable script to search all partitions at launch
  • CLI version of Network Map via f5vs, f5vsi and f5pl functions
  • Easy end-to-end (client-side and server-side) tcpdumps via f5tcp
  • Abridged realtime tcpdump that shows RST causes via f5tcp for quick analysis
  • Repeating show sys connection similar to realtime tcpdump via f5con
  • Audit failed virtual servers, pools and nodes via f5nd, f5pd, f5ol and f5old
  • Audit log lines in iRules
  • Send output of most functions to text files using "| tee file_name" or "> file_name"
  • Locate IPs from decommission lists; automate their removal from internal data-groups
  • View certificate attributes that are frequently not visible in the GUI via f5crt
  • All searches can use regex wild cards
  • Aliases and Functions to speed up and safeguard TMSH and Bash commands

Subscribe to this post for new versions, improvements and bug fixes. Please post bugs in comments.

How to use this snippet:



Enter function without argument for help and usage instructions.

  • f5tcp: abridged tcpdump with RST causes, plus complete pcap file option
  • f5con: continuous results of show sys connection (useful when tcpdumps are forbidden)
  • f5vs: search virtual server attributes; display details including pools in iRules
  • f5vsi: same as f5vs plus iRule content
  • f5crt: search certificates and display critical x509 attributes
  • f5pl: search pool attributes and iRules; display pool details and related iRules
  • f5nd: search attributes of pools containing one or more nodes that are down
  • f5pd: search attributes of pools containing nodes that are all down
  • f5ol: search offline virtual servers
  • f5old: search offline virtual servers; display virtual server details
  • f5ip: search LTM for IP or a list of space-separated IPs
  • f5dg: remove IPs from internal data-groups using a list of space-separated IPs

FUNCTIONS THAT DO NOT ACCEPT ARGUMENTS (just hit return after function)

  • f5ss: commit all changes and sync THIS F5 to failover group
  • f5sa: commit all changes made to config
  • f5sy: sync THIS F5 to failover group
  • f5grp: internal data-group allowed-ip audit
  • f5log: list of iRules containing active log lines as well as the log lines themselves


  • ls: ls -alhF
  • tll: tmsh list ltm
  • f5mg: tmsh load /sys config merge file
  • f5mgv: tmsh load /sys config merge verify file
  • trml: tmsh delete ltm (Why not tdl? Too many Freudian slips!)
  • ns: nslookup
  • one: tmsh list ltm one-line | grep -i (in current partition)


4.6-6.4: Various bug fixes. New f5dg function for cleanup of IPs from internal data-groups, saving hours of labor on large IP decommission efforts. The f5pl function now searches iRules as well as pools. You can use the f5pl function to find the iRules a pool belongs to, then use f5vs or f5vsi to find the virtual server based on that iRule. The process is similar to checking the box for "Search iRule Definition" in Network Map of the GUI. Removed the option in f5tcp to view abridged output while creating a .pcap file (Both mode), because it used a buffer that would frequently get overrun, causing the tcpdump to quit prematurely.

4.5: Important bug fixes related to pool output in f5vs, f5vsi, and f5old functions. Unnecessary pool details suppressed (only down and disabled statuses are listed).

4.4: f5log function improvements: checks all partitions; cleaner display; omits system rules

4.3: f5log function bug fix.

4.2: New function: f5log - list iRule names containing active log lines and those log lines

4.1: New function: f5grp INTERNAL DATA-GROUP ALLOWED-IP AUDIT: Useful to analyze lists that are growing out of control or auditing expired IPs. Creates a list of data-groups and their IP count (not including subnets). Then creates another file with lists of the individual IPs and their reverse DNS. File output: /var/tmp/data-group-ip-count... and /var/tmp/data-group-ip-lists... Files have tab-separated values and can be imported into a spreadsheet.

4.0: New function: f5con, which is gives realtime show sys connection information based on an argument like "cs-server-addr". It's a little like the f5tcp abridged tcpdump output, except that it uses tmsh show sys connection instead of tcpdump. This is really useful if you are trying to troubleshoot an environment but don't have permission to run a tcpdump command on the box. You can still get end-to-end traffic information in realtime. This update of the script also includes some minor bug fixes and improvements in documentation.

3.5: Made the p interface modifier optional in f5tcp (tcpdump).

3.4: Added cert file location to cert search results.

3.3: Added start/expiration dates to cert search results.

3.2: New function: f5crt - search certificates and list essential x509 attributes. Documentation fixes. Documentation of merge functions added.

3.1: Bug fixes, added functions, improved tcpdump, and detailed help and instructions for each function when using interactive mode.

2.1: You can now provide in-line arguments (in quotes) that are saved in bash history. Old argument method is still supported. Virtual Server details now include snat/automap info. Massively improved tcpdump functionality. New function, f5ip, allows you to search for a space-separated list of IPs throughout LTM, which is useful for node decommissions.

Comments on this Snippet
Comment made 1 month ago by T-Heron 0

Appreciate this. Thanks!