Search This Blog

F5

 Product * BIG-IP-LTM or BIG-IP-VE 

Virtual server =vip on f5

Pool = node+servise port

Node= phycial server

Capature the log share to F5

Waring Waring always gets Log before rebooting all failover anything. 

option 1 
qkview -s0 -f /var/tmp/"$HOSTNAME"_"$(date +%m-%d-%y)".qkview
tar zcvf /var/tmp/"$HOSTNAME"_"$(date +%m-%d-%y)"_logs.tar.gz /var/log/*

option 2
qkview -s0 -f /var/tmp/Manuallyputinhostnameanddate.qkview
tar -czvf /var/tmp/logfiles.tar.gz /var/log/* run under bash


tmsh!!!!!!!!c

To verify file

bash
cd /shared/tmp/
ls

We can use FTP or SCP.

scp root@[192.168.1.1]:/var/tmp/filename.qkview /home/duong

scp root@[192.168.1.1]:/var/tmp/logfiles.tar.gz /home/duong

=================================================================
                                                                    Reboot and make switchover f5 loadbalancer
tmsh show sys alert - ( show all alarm )
bash cd var/log: grep -i sod ltm -( show all logs for the fail overtime )
tmsh show cm failover-status - (verify failover state and config-sync is up )
tmsh show cm sync-status - (verify failover state and config-sync is up)

tmsh run sys failover offline ( don't allow the device to become active )
tmsh run sys failover online ( allow switch over )

tmsh run sys failover standby ( force the active device to become standby)
=====================================================================================

                                                                                         F5 Health checks command. 

Ltm and type help will show you all the cli 

Tmsh ( show all commands like show run configure, verify hardware alarm

run util bash ( get log capture log) or type bash
show sys alert
list ltm virtual virtual-address - (Check for virtual servers (useful when tracing to find IPs living on F5 LBs)
show ltm virtual-address -( you can also ping your vr sever ping -6 for IPv6)
show sys hardware - show hardware components and information (serial numbers, etc.)
show sys ha-group - (show HA scores (lower HA score on one FW than the other leads to FW active)
show sys ha-group detail - (show HA scores in detail and the truck port connect to active and backup)
show net trunk - show trunk status -( show trunk connect to both FW)
=======================================================================================
run util bash - ( get log capture log ) or just type bash 
cd /var/log - ( to go to log file)
ls -l - ( list all file logs in var/log) 
run ls -l | grep ltm ( to get file log in ltm )
cat ltm or cat ltm.1 and on and on - ( check log in LTM) or run cat | grep the IP of pool member.
zcat ltm.2.gz ( us for file gz) - (check log in LTM ) or run zcat | grep the IP of pool member.
zcat ltm.*.gz | grep ip of pool member ( this will get all log ltm.1-10 and grep ip pool )
less /var/log/audit - check logs
more /var/log/audit - check logs
cat /var/log/ltm.1 | grep hypervisor 4046

===========================================================================


Show /sys ip-address all-properties - (To view the Entry, Component, Object-ID, and Property columns in 
the output table.)
Show /sys ip-address all-properties |  grep -i pool or node. 

====================================================================

                                                                       Capture packet using TCPdump 

1. login to GUI and go to network and interfaces to verify interface.
Or use CLI to verify 
2. verify all virtual servers 
3. tmsh tcpdump -i 1.1 or 1.2, 1.3 those are interface and vlan use 0.0 for all interface
4. Ask the customer to try to connect to the virtual servers to capture TCP 
5. or capture as pcap do tcpdump -i 1.1 -w /var/tmp/namefile.pcap and ask the customer to connect to the virtual server
via web browser control +c to stop capture. 
6. then send file to your jumphost  scp root@[ipaddressyourf5]:/var/tmp/logfiles.tar.gz /home/duong
7. use winscp to grab your file
tcpdump src host IP and dest host IP
tcpdump -i 0.0 host IP and host Ip -w /var/tmp/filename.pcap
tcpdump -s0  -ni 0.0 host IP or host IP or host IP -w/var/tmp/file.pacp (  command capture everything )

Ni = stands for DNS lookup
-s0 data unlimited
fist IP away means VIP IP  
0.0 any interface






No comments: