Manual Chapter : Monitoring ASM System Resources

Applies To:

Show Versions Show Versions

BIG-IP ASM

  • 15.0.1, 15.0.0, 14.1.2, 14.1.0
Manual Chapter

Monitoring ASM System Resources

Collecting ASM resource and health statistics

This implementation describes how to set up the BIG-IP system to collect Application Security Manager (ASM) resource usage and send alerts when the system has surpassed threshold usage. These alerts allow you to troubleshoot any system resource limitations that can impact ASM performance. You can specify the resources monitored and the thresholds that you want the system to use, or let the system send alerts about your selected resources based on default settings. You can also specify whether these alerts are sent over the local system log, SNMP or SMTP (email) when a threshold is surpassed and when the threshold is then below the set value.

Configuring ASM health and resource alerts

To set up email alerts you must specify an SMTP configuration. If you have not already done so, you can click
Create
in the SMTP Configuration field.
Monitoring aspects of system resource usage can assist in system troubleshooting and prevent long-term ASM performance issues. You can configure which system resources and corresponding thresholds trigger your alert notifications, and where these notifications can be logged or sent.
  1. On the main tab, click
    Security
    Reporting
    Settings
    ASM Alerts
    .
    The ASM Alerts screen opens.
  2. Select the
    Enabled
    checkbox to receive alerts when that system resource exceeds its threshold.
    In the
    Threshold
    field of each resource, adjust the threshold according to your system monitoring needs.
  3. If you want the system to send email notifications, review the
    SMTP Configuration
    field to ensure that a configuration is specified and not the value
    None
    .
    You can configure SMTP only in the default Analytics profile. If it is not configured, you can save the profile and edit the default profile where you can select an existing SMTP configuration or create a new one. (If you click the
    analytics
    link without saving the new profile you are working on, you will lose the unsaved changes.)
  4. For the
    Notification Type
    setting, select how you want the system to send alerts and notifications.
    Syslog
    Select
    Syslog
    if you want the system to send notification and alert messages to the local log system. You can view the messages on the
    System
    Logs
    Local Traffic
    screen.
    SNMP
    Select
    SNMP
    if you want the system to send notification and alert messages as SNMP traps. You can create the trap by clicking
    Configuration can be found here
    (
    System
    SNMP
    Traps
    Destination
    ). Enabling SNMP automatically sets up Syslog notifications, too.
    E-mail
    Select
    E-mail
    if you want the system to send notification and alert messages to email addresses. Type each email address in the
    Notification E-Mails
    field, and click
    Add
    to create the list. This option requires that the default analytics profile includes an SMTP configuration.
    When you select a notification type, the screen displays the Alerts and Notifications Configuration area, where you can indicate the criteria for alerts and notifications.
  5. Click
    Update
    save your alert settings.
Enabling alerts has a minimal performance impact when all alerts are enabled.
Immediately following configuration, you may receive an alert notification that the system had surpassed a low value threshold. You may disregard this initial notification.

ASM System Resources

You can receive alerts for Application Security Manager (ASM) system resources when system these resources pass a defined usage thresholds. This table provides an overview of the system resources used directly, or indirectly, by ASM. Alert notifications reflect the average system values, per blade, collected over the past minute. These alerts allow you to mitigate resource usage that impacts ASM performance. For sustained alerts, you may need to adjust your memory configuration, virtual server configuration, or add a new device. For assistance, contact F5 Support.
System Resource
Resource Description and Impact
Default Threshold
TMM CPU Usage
The average CPU usage for TMM processes over all system cores. The TMM processes all load-balanced traffic on the BIG-IP system. Reaching maximum usage impacts system performance for all TMM-based processes, which results in a loss of network information.
85%
Total CPU Usage
The average CPU usage for the entire system over all system cores. Reaching maximum usage impacts system performance as a whole, and results in a loss of network information.
90%
ASM CPU Usage
The average CPU usage for the BD processes over all system cores. Reaching maximum usage impacts ASM performance, by preventing ASM policy enforcement.
85%
ASM CPU Usage per VS
The average CPU usage for the ASM enforcer per virtual server. This can indicate that an application requires higher resource usage. Reaching maximum usage impacts the ASM performance for virtual server's corresponding the application/s.
35%
TMM Memory Utilization
The average TMM memory usage out of the total memory provisioned for the system TMM. Reaching maximum usage impacts system performance for all TMM-based processes, which results in a loss of network information.
95%
UMU Memory Utilization
The average UMU memory usage out of the total memory provisioned for ASM enforcer. UMU memory is the internal memory used to process all of ASM traffic, excluding XML traffic. High memory usage can result from unusually large requests. Reaching maximum usage impacts ASM performance.
90%
XML Memory Utilization
The average XML memory usage out of the total memory provisioned for the ASM enforcer. XML memory is the internal memory provisioned for an application that uses web services or XML. Reaching maximum memory usage impacts ASM performance for traffic associated with an XML profile.
90%
Total Swap Memory Utilization
The average swap memory usage for all system processes out of the total swap area. High swap usage can indicate that UMU or TMM memory has reached maximum usage. High system swap usage can impact system performance.
10%
ASM Swap Memory in MB
The average amount of swap (MB) usage for ASM enforcer. ASM swap memory provides swap memory for ASM enforcer until more system memory becomes available. Relying on swap memory for an extended period of time will affect the overall ASM performance.
5MB
Event Message Queue Utilization
The percent memory used for events waiting for ASM enforcer processing in the message queue out to the total memory for all queues. Reaching high usage can indicate that ASM enforcer is not processing incoming traffic. This can also indicate a change in the total CPU availability.
90%
Backlog Message Queue Utilization
The percent memory usage for messages removed from the message queues and transferred to the backlog queue out of the total memory for all queues. This can indicate that messages are redirected from the event message queue. Reaching high usage can eventually result in bypassed or dropped messages.
5%
Bypassed Transaction Rate
The number of HTTP transactions per second (TPS) that bypassed ASM processing due to the unavailability of the ASM enforcer. Bypassed translations indicate that some traffic is not evaluated by your ASM policy.
0.1 Million TPS