Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
code share

F5 Bash Power Tools (CLI TMSH tools akin to Network Map that Search All partitions, powerful Reporting Tools, & more)

Problem this snippet solves:

I wrote this bash script primarily for TMSH LTM in order to speed up searches and reporting. It now does much more.

  • Searches check all partitions yielding something like Site Map on steroids for TMSH.
  • Searches can use regex variables like ".*" (no quotes).

Subscribe to this post for new versions, improvements and bug fixes. Please post bugs in comments.

How to use this snippet:



Enter function without argument for help and usage instructions.

f5tcp - abridged tcpdump with RST causes, plus complete pcap file option

f5con - continuous results of show sys connection

f5vs - search virtual server attributes; display details including pools in iRules

f5vsi - same as f5vs plus iRule content

f5crt - search certificates and display critical x509 attributes

f5pl - search pool attributes; display pool details

f5nd - search attributes of pools containing one or more nodes that are down

f5pd - search attributes of pools containing nodes that are all down

f5ol - search offline virtual servers

f5old - search offline virtual servers; display virtual server details

f5ip - search LTM for IP or a list of space-separated IPs

FUNCTIONS THAT DO NOT ACCEPT ARGUMENTS (just hit return after function)

f5ss - commit all changes and sync THIS F5 to failover group

f5sa - commit all changes made to config

f5sy - sync THIS F5 to failover group

f5grp - internal data-group allowed-ip audit

f5log - list of rules containing active log lines and those log lines


tll - short for: tmsh list ltm

f5mg - short for: tmsh load /sys config merge file

f5mgv - short for: tmsh load /sys config merge verify file

trml - short for: tmsh delete ltm (Why not tdl? Too many Freudian slips!)

ns - short for: nslookup

one - short for: tmsh list ltm one-line recursive | grep (in current partition)


4.5: Important bug fixes related to pool output in f5vs, f5vsi, and f5old functions. Unnecessary pool details suppressed (only down and disabled statuses are listed).

4.4: f5log function improvements: checks all partitions; cleaner display; omits system rules

4.3: f5log function bug fix.

4.2: New function: f5log - list iRule names containing active log lines and those log lines

4.1: New function: f5grp INTERNAL DATA-GROUP ALLOWED-IP AUDIT: Useful to analyze lists that are growing out of control or auditing expired IPs. Creates a list of data-groups and their IP count (not including subnets). Then creates another file with lists of the individual IPs and their reverse DNS. File output: /var/tmp/data-group-ip-count... and /var/tmp/data-group-ip-lists... Files have tab-separated values and can be imported into a spreadsheet.

4.0: New function: f5con, which is gives realtime show sys connection information based on an argument like "cs-server-addr". It's a little like the f5tcp abridged tcpdump output, except that it uses tmsh show sys connection instead of tcpdump. This is really useful if you are trying to troubleshoot an environment but don't have permission to run a tcpdump command on the box. You can still get end-to-end traffic information in realtime. This update of the script also includes some minor bug fixes and improvements in documentation.

3.5: Made the p interface modifier optional in f5tcp (tcpdump).

3.4: Added cert file location to cert search results.

3.3: Added start/expiration dates to cert search results.

3.2: New function: f5crt - search certificates and list essential x509 attributes. Documentation fixes. Documentation of merge functions added.

3.1: Bug fixes, added functions, improved tcpdump, and detailed help and instructions for each function when using interactive mode.

2.1: You can now provide in-line arguments (in quotes) that are saved in bash history. Old argument method is still supported. Virtual Server details now include snat/automap info. Massively improved tcpdump functionality. New function, f5ip, allows you to search for a space-separated list of IPs throughout LTM, which is useful for node decommissions.

Comments on this Snippet
Comment made 20-Apr-2018 by Leonardo Souza 3091

Looks very helpful stuff, especially if you are working with support. I will play with that.

Some suggestion to you:

1 - There is no need to create the file first for tee

f5vs | tee /var/tmp/file.txt

2 - Save to the file, no need to create before

f5vs > /var/tmp/file.txt

3 - Execute permission

You are sourcing the file, and not running, so that is not needed.

4 - ~/.bash_profile

As you are sourcing the file, bash_profile for the user is the correct place to put that. I am sure people will try to put that in the device startup script, and it will not work. The alias and functions you are loading will only exist in the shell that load it.

Comment made 22-Apr-2018 by Jer O. 226

Hello Leonardo. While I agree I shouldn't have to create the file first, I got an error saying the file did not exist (in both scenarios). That's why that line is there, in case less experienced people encounter the same problem. Editing bash_profile had no effect when users are forced into TMSH prompt at login. It does not get invoked when entering bash using the "run util bash" command. I also mentioned in the code comments that you can put it anywhere you wish in your startup scripts. If you have a workaround for those forced to use "run util bash" to reach Bash, I'd love to know about it. Also, I've had experiences on various machines where even source files needed execute permission. I'll check whether that's true in this case.

Comment made 22-Apr-2018 by jaikumar_f5 1577

Great playing around with bash, have bookmarked and saved the file too. Cheers !!!

Comment made 23-Apr-2018 by Netsanet Tirfea 0

Works like a charm!

Comment made 23-Apr-2018 by Leonardo Souza 3091

"If you have a workaround for those forced to use "run util bash" to reach Bash, I'd love to know about it"

.bash_profile is for interactive login shells, in the case of tmsh it starts a new shell but interactive non-login, so .bash_profile is not loaded.

I did not think about that use case when I suggested the .bash_profile. To cover both direct access to bash, and via tmsh, use .bashrc instead.

If you want just to one user ~/.bashrc. If you want all users, /etc/bashrc.

Comment made 24-Apr-2018 by Jer O. 226

Thanks, Leonardo. I'm hesitant to add this script to bash for fear of freaking out admins that are not familiar with it. But I may give /root/.bashrc a try at some point, since that is the user that is invoked when any login is forced into TMSH shell and does "run util bash". I would caution anyone doing it for that reason.

Comment made 24-Apr-2018 by Jer O. 226

All, I will be updating this script to version 2.x very soon. The main change will be the ability to supply an argument with most functions, to save time and make repeating commands with Up arrow much easier. You'll have the option of the old method or the new method. Please subscribe to get notifications.

Comment made 4 months ago by Kevin Davies 3013

Where can we provide bug reports and feedback? Alternatively look for me at F5 Experts in https://t.me/f5announce and we can chat there

Comment made 4 months ago by Jer O. 226

@Kevin, report it here, please. Tried your link, but the page is unresponsive for me. I'd prefer you post concerns here though.

Comment made 4 months ago by Kevin Davies 3013

Tried your link, but the page is unresponsive for me. I'd prefer you post concerns here though.

I've heard that before. Work blocking maybe? Works fine on safari and chrome. Anyway i'll put together a gist and post a link. To large to post here.

Comment made 4 months ago by pr@teeku1988 122

Hi Jer.O

This works like a charm but my query is that how can I run this script from any remote linux machine where i can deploy this script and based on devices IP address information I will run those handy commands ? How can we achieve this as I don't want to install this script locally on each and every f5 appliance in my network ??

Comment made 4 months ago by Jer O. 226

pr@teeku1988, it has to be installed locally, because the commands apply to bash on that F5 and invoke TMSH on that device.

Comment made 4 months ago by Kevin Davies 3013

Afraid I cant really show you here, only privately due to the data. The link takes you to a secure comms application called Telegram. I can show you the issue there.

Comment made 4 months ago by Jer O. 226

@Kevin, I see what happened. I need to install telegram, then the link protocol will be recognized. Working on it. Ahh, never mind. I don't want to use a chat app that requires my phone number.

Comment made 4 months ago by Kevin Davies 3013

@Jer O. its how they uniquely identify users. It doesn't give your number to anyone and it is used for 2FA, just so you know.

Comment made 4 months ago by Jer O. 226

Thanks, but I don't want to join for this sole purpose, and I don't want to share my number with them. The dev(s) could just as easily give people a token random number.

Can you give a short description of the bug you are encountering? I'm using this every day, but we don't have a ton of ASM, APM and other policies that might disrupt my script.

Comment made 4 months ago by Kevin Davies 3013

let me sanitize the data and show you where its failing, i'll post a gist link when i'm done. it will be a few days since ive picked up the flu and im off work at the moment.

Comment made 4 months ago by Jer O. 226

No problem. Thank you. I hope you feel better soon!