NimbostratusUsing iControl how can I read the current log files of a F5 load balancer. What I'm after is seeing when a user makes a change to the status of a node in a pool. This is so I can create a view-able audit log trail.
Is this possible using iControl?
CirrocumulusNot sure about iControl SOAP, but with iControl REST should be possible. iControl REST is just a layer on top of tmsh available commands. So, the same way you can check the log with the following tmsh commands, you should be able to get that via iControl REST.
[root@LABBIGIP1:Active:Changes Pending] config tmsh show sys log ltm | tail -n 2
ltm 03-01 13:01:03 notice LABBIGIP1 tmm2[17566]: Clock advanced by 312 ticks
ltm 03-01 13:01:04 notice LABBIGIP1 tmm[17566]: Clock advanced by 402 ticks
[root@LABBIGIP1:Active:Changes Pending] config
EmployeeAudit log shows what you are after. In tmsh, you can get logs by executing:
tmsh show sys log auditAccording to the iControl REST API document below, looks like we should be able to get the log contents.
https://devcentral.f5.com/wiki/iControlREST.APIRef_tm_sys_log.ashxUnfortunately, a request like below does not work (don't know why):
curl -sku admin:pass https://localhost/mgmt/tm/sys/log/auditA workaround is to call the tmsh command via /mgmt/tm/util/bash:
curl -sku admin:pass -X POST -H "Content-Type: application/json"
https://localhost/mgmt/tm/util/bash
-d "{\"command\":\"run\", \"utilCmdArgs\": \"-c 'tmsh show sys log audit'\"}" |
sed 's/\\n/\n/g'