Jump to content

BIG-IP commonly used commands

Cowboy Denny

Recommended Posts

I utilize an SSH terminal called ZOC and its pretty great and I love the User Command Bar that has all your favorites you can assign to different Session Profiles.  So here are my session profiles in ZOC that I use

  • F5_user_BIG-IP (white background/black lettering)
  • F5_root_BIG-IP (transluecent-black background/white lettering)

Only difference is how they look.. this helps remind me of what type account I'm logged in as.


On both Session Profiles shown above I have 13 Folders of commands I utilize which are labeled

  1. Folder: Linux Common
  2. Folder: Changes
  3. Folder: F5 Common
  4. Folder: LTM
  5. Folder: GTM
  6. Folder: Virtual
  7. Folder: BIG-IQ
  8. Folder: tcpdump
  9. Folder: NET
  10. Folder: SSL
  11. Folder: user
  12. Folder: AUDIT
  13. Folder: Logging

Below is a list of the commands I use for each folder

Folder: Linux Common

List files (by size)

ls -lShr

HDD space (pvs)



Folder: Changes

GTM: WIPs avail

tmsh show /gtm wideip | egrep 'Gtm::WideIp|Availability|Reason' | grep -c 'Availability : available'

GTM: WIPs 2 txt

tmsh show /gtm wideip | egrep 'Gtm::WideIp|Availability|Reason' > /var/tmp/$(echo $HOSTNAME | cut -d'.' -f1)-$(date +%Y%m%d_%H-%M)wideip.txt

GTM: compare files

diff -c /var/tmp/*wideipB4.txt /var/tmp/*wideipAFTER.txt

GTM: POOLs avail

tmsh show /gtm pool | egrep 'Gtm::Pool|Availability|Reason'

GTM: POOLs 2 txt

tmsh show /gtm pool | egrep 'Gtm::Pool|Availability|Reason' > /var/tmp/$(echo $HOSTNAME | cut -d'.' -f1)-$(date +%Y%m%d_%H-%M)pools.txt

GTM: SERVERs avail

tmsh show /gtm server all | egrep 'Gtm::Server|Availability|Reason' | grep -c 'Availability : available'

GTM: SERVERs 2 txt

tmsh show /gtm server all | egrep 'Gtm::Server|Availability|Reason' | grep -c 'Availability : available' > /var/tmp/$(echo $HOSTNAME | cut -d'.' -f1)-$(date +%Y%m%d_%H-%M)servers.txt

GTM: iQuery

tmsh show /gtm iquery | egrep 'Gtm::IQuery|Server|State'

GTM: iQuery 2 txt

tmsh show /gtm iquery | egrep 'Gtm::IQuery|Server|State' > /var/tmp/$(echo $HOSTNAME | cut -d'.' -f1)-$(date +%Y%m%d_%H-%M)iQuery.txt

GTM: DataCenter

tmsh show gtm datacenter all | egrep 'Gtm::|Datacenter|Availability|State|Reason|Connections'






Folder: F5 Common

Create Backup (UCS)

tmsh save sys ucs /var/tmp/$(echo $HOSTNAME | cut -d'.' -f1)-$(date +%Y%m%d_%H-%M)


Folder: LTM



Folder: GTM



Folder: Virtual



Folder: BIG-IQ

chk status of CM&DCDs

curl -s -u admin:admin --insecure https://localhost:9200/_cat/nodes?v 

cluster health

curl -s -u admin:admin --insecure https://localhost:9200/_cluster/health?pretty

remove unassigned shards

curl -s -k https://localhost:9200/_cat/shards | grep UNAS | awk '{print $1}' | sort | uniq | sed 's/+/%2B/g' | while read line ; do curl -s -k -X DELETE "https://localhost:9200/$line" ; done

cluster settings

curl -s -u admin:admin --insecure https://localhost:9200/_cluster/settings | jq .

cluster nodes health

curl -s -u admin:admin --insecure https://localhost:9200/_cat/nodes?v

stop big3d service

bigstart status big3d; bigstart stop big3d

restjavad log

tail -f /var/log/restjavad.0.log


tail -f /var/log/elasticsearch/eslognode.log







Folder: capture (tcpdump)

step1_enable tcpdump db

tmsh modify sys db tcpdump.sslprovider value enable

tcpdump with clientIP

tcpdump -ni 0.0:nnnp -s0 --f5 ssl host [client ip address] -w /var/tmp/api-qa_tcpdump_client_$(date +%d_%b_%H_%M_%S)_$HOSTNAME.pcap

tcpdump with VS and POOL ips

tcpdump -ni 0.0:nnn -s0 --f5 ssl host [virtual server ip] or host [pool member ip] or host [pool member ip] -w /var/tmp/api-qa_tcpdump_VS_$(date +%d_%b_%H_%M_%S)_$HOSTNAME.pcap

tcpdump logs 2 splunk

tcpdump -nni 0.0 host or host or host or host and port 514

tcpdump list interfaces

tcpdump -D

Folder: NET

net performance (show)

tmsh show sys performance; uptime

net traffic (show)

tmsh show sys traffic

vlans (list)

tmsh list net vlan | grep "net vlan "

routes (show)

tmsh show /net route

static routes (list)

tmsh list /net route

get route to IP

ip route get

traceroute using port

traceroute -T -p 514

netcat port open

nc -v 514

mgmt-ip (list)

tmsh list /sys management-ip

mgmt-route (list)

tmsh list /sys management-route

self-ip (list)

tmsh list net self

sys ip-address (show)

tmsh show sys ip-address

sys ip stats (show)

tmsh show sys ip-stat

reset sys ip stats

tmsh reset-stats sys ip-stat

icmp stats (show)

tmsh show sys icmp-stat

pva-traffic (show)

tmsh show sys pva-traffic

tmm-traffic (show)

tmsh show sys tmm-traffic

reset tmm-traffic stats

tmsh reset-stats sys tmm-traffic

arp (show)

tmsh show net arp

del arp entries

tmsh delete net arp all

interfaces (show)

tmsh show net interface all-properties

disabled interfaces

tmsh modify net interface 5.0 6.0 disabled

reset interfaces

tmsh reset-stats net interface


netstat -nputw

snatpool (list)

tmsh list /ltm snatpool






1Folder: SSL



Folder: user



Folder: AUDIT



Folder: Logging










Link to comment
Share on other sites

  • Create New...