Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Calling a TMSH Command in iCall

Hi,

I'm new to iApps/iCall and was wondering if anyone could help please? I make use of a very specific ASM report which I can get via TMSH with the following command:

send-mail analytics application-security report view-by attack-type  measures {  } drilldown { { entity policy values { /my_partition/vs-mysite } } { entity severity values { Critical } } { entity violation values { "Attack signature detected" } } } range now-1w format pdf email-addresses { me@company.com }

What I want to do is schedule it so that this report gets sent to me every week. I thought a nice way of doing this would be with a simple iApp that in the future I could build upon for scheduling other custom reports too. I've got the basis of the app setup but I don't know how to run the code above from within an iCall script. In the implementation part of my template I thought this would work:

#Create the iCall script
    set script {
      tmsh::send-mail analytics application-security report view-by attack-type  measures {  } drilldown { { entity policy values { /my_partition/vs-mysite } } { entity severity values { Critical } } { entity violation values { "Attack signature detected" } } } range now-1w format pdf email-addresses { me@company.com }
    }

Unfortunately, when I try to create an iApp from this template it just errors with:

error: [undefined procedure: tmsh::send-mail]

Appreciate any help/advice you can give!

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Just looking at a few examples I don't think the iCall script should exist within the iApp. In fact, I've no idea why you are using an iApp at all. Granted its not a subject I've too much experience with.

Couldn't you just put this is a bash script and setup a cron job?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi thanks, I can see your point,

I based it on the f5.archiving.v1.0.0 iApp out there for performing backups which uses the same methods. A bash script and a cron job would be nice and easy (and may be where I end up) but I like the idea that I can set this up and have a nice interface in the GUI from which to setup reports in the future.

This will be especially useful and flexible for allowing colleagues who don't necessarily have shell access/experience to schedule the custom reports.

0
Comments on this Answer
Comment made 16-Jan-2015 by What Lies Beneath 6709
Understood. It's too complex for my skill set I'm afraid. Hope someone else can help.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

It looks like tmsh::send-mail isn't part of the API, so you can't call it from an iCall script: https://devcentral.f5.com/wiki/TMSH.Commands.ashx

However, it looks like you can create a scheduled ASM report using tmsh::create, so you should be able to write an iApp that creates this object and update the schedule on reconfiguration. Does that help?

analytics application-security scheduled-report test_charts_scheduler {
    email-addresses { me@example.com }
    first-time 2015-01-16:14:00:00
    frequency every-24-hours
    include-total enabled
    multi-leveled-report {
        chart-path { attack-type application }
        limit 5
        time-diff last-day
        view-by violation
    }
    next-time 2015-01-16:14:00:00
    smtp-config my_smtp
}
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Thanks mikeshimkus, I think that might help - I'll try to work out if I can get the specific report I need using the create API syntax.

I had another idea of using the tcl "exec" command to call my TMSH command:

exec tmsh send-mail analytics application-security report view-by attack-type  measures {  } drilldown { { entity policy values { /my_partition/vs-mysite } } { entity severity values { Critical } } { entity violation values { "Attack signature detected" } } } range now-1w format pdf email-addresses { me@company.com }

It's a little messy but does the job. The problem is that tcl doesn't like to execute it - I think I need to work out a way of escaping all the characters etc. that it doesn't like. No luck so far though!

Any ideas?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Good news everyone....

I've worked out how to do it now using the "exec tmsh" method above and the correct escape characters. The iApp is based on f5.archiving.v1.0.0 and the template fits together like this:

Implementation:

package require iapp 1.0.0
    iapp::template start

    tmsh::cd ..

    #Create the iCall script
    set script {
  exec tmsh send-mail analytics application-security report view-by attack-type  measures \{  \} drilldown \{ \{ entity policy values \{ /my_partition/VIRTSERV \} \} \{ entity severity values \{ Critical \} \} \{ entity violation values \{ \"Attack signature detected\" \} \} \} range now-1w format pdf file \"VIRTSERV.pdf\" email-addresses \{ MAILRCPT \}
    }            

    set script [string map [list VIRTSERV $::time_select__vs_select MAILRCPT $::time_select__email] $script]

    iapp::conf create sys icall script f5.asmreports definition \{ $script \} app-service none

    ## Get time info for setting first-occurrence on daily handler from iApp input
    set hr $::time_select__hr_select
    set min $::time_select__min_select
    set freq $::time_select__day_select

    #Create the handlers
    if { $freq eq "Daily" } {
      set cdate [clock format [clock seconds] -format "%Y-%m-%d"]
      iapp::conf create sys icall handler periodic f5.asmreports-handler_$::time_select__vs_select \{ \
        interval 86400 \
        first-occurrence $cdate:$hr:$min:00 \
        script f5.asmreports \}
    } elseif { $freq eq "Weekly" } {
      ## Get day of week info for setting first-occurrence on weekly handler from iApp input
      array set dowmap {
        Sunday 0
        Monday 1
        Tuesday 2
        Wednesday 3
        Thursday 4
        Friday 5
        Saturday 6
      }
      set sday_name $::time_select__dow_select
      set sday_num $dowmap($sday_name)
      set cday_name [clock format [clock seconds] -format "%A"]
      set cday_num $dowmap($cday_name)
      set date_offset [expr 86400*($sday_num - $cday_num)]
      set date_final [clock format [expr [clock seconds] + $date_offset] -format "%Y-%m-%d"]
      iapp::conf create sys icall handler periodic f5.asmreports-handler_$::time_select__vs_select \{ \
        interval 604800 \
        first-occurrence $date_final:$hr:$min:00 \
        script f5.asmreports \}
    }
    iapp::template end

Presentation:

section time_select {
      choice day_select display "large" { "Daily", "Weekly" }
      optional ( day_select == "Weekly" ) {
        choice dow_select display "medium" { "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday" }
      }
      choice hr_select display "medium" tcl {
        for { set x 0 } { $x < 24 } { incr x} {
          append hrs "$x\n"
        }
        return $hrs
      }
      choice min_select display "medium" tcl {
        for { set x 0 } { $x < 60 } { incr x } {
          append mins "$x\n"
        }
        return $mins
      }
      choice vs_select display "large" {"vs-myvs1","vs-myvs2"}
      string email display "medium"
    }

    text {
      time_select "Reporting Schedule"
      time_select.day_select "Choose the frequency the report should run:"
      time_select.dow_select "Choose the day of the week the report should run:"
      time_select.hr_select "Choose the hour the report should run:"
      time_select.min_select "Choose the minute the report should run:"
 time_select.vs_select "Choose the virtual server to report upon:"
 time_select.email "Where should the report be e-mailed to?:"
    }

The only downside at the moment is that you have to manually populate the template with the virtual server names you want to report on. Not sure I have the appetite at the moment to develop it further and make that a dynamically populated list!

The template creates a handler per instantiation of the template which allows you to keep the "Script updates" box ticked and amend the template with new virtual servers in the future.

The specific report in question is what I'm looking for but that section can be amended to suit your own needs.

0