Manual Chapter : Monitoring ASM System Resources
Applies To:Show Versions
- 14.1.3, 14.1.2, 14.1.0
Monitoring ASM System Resources
Collecting ASM resource and health
This implementation describes how to set up the BIG-IP system to collect Application Security Manager™ (ASM) resource usage and send alerts when the system has surpassed threshold usage. These alerts allow you to troubleshoot any system resource limitations that can impact ASM performance. You can specify the resources monitored and the thresholds that you want the system to use, or let the system send alerts about your selected resources based on default settings. You can also specify whether these alerts are sent over the local system log, SNMP or SMTP (email) when a threshold is surpassed and when the threshold is then below the set value.
Configuring ASM health and resource alerts
To set up email alerts you must specify an SMTP configuration. If you have not already done so, you can click
Createin the SMTP Configuration field.
Monitoring aspects of system resource usage can assist in system troubleshooting and prevent long-term ASM performance issues. You can configure which system resources and corresponding thresholds trigger your alert notifications, and where these notifications can be logged or sent.
- On the main tab, click.The ASM Alerts screen opens.
- Select theEnabledcheckbox to receive alerts when that system resource exceeds its threshold.In theThresholdfield of each resource, adjust the threshold according to your system monitoring needs.
- If you want the system to send email notifications, review theSMTP Configurationfield to ensure that a configuration is specified and not the valueNone.You can configure SMTP only in the default Analytics profile. If it is not configured, you can save the profile and edit the default profile where you can select an existing SMTP configuration or create a new one. (If you click theanalyticslink without saving the new profile you are working on, you will lose the unsaved changes.)
- For theNotification Typesetting, select how you want the system to send alerts and notifications.SyslogSelectSyslogif you want the system to send notification and alert messages to the local log system. You can view the messages on the screen.SNMPSelectSNMPif you want the system to send notification and alert messages as SNMP traps. You can create the trap by clickingConfiguration can be found here( ). Enabling SNMP automatically sets up Syslog notifications, too.SelectNotification E-Mailsfield, and clickAddto create the list. This option requires that the default analytics profile includes an SMTP configuration.When you select a notification type, the screen displays the Alerts and Notifications Configuration area, where you can indicate the criteria for alerts and notifications.
- ClickUpdatesave your alert settings.
Enabling alerts has a minimal performance impact when all alerts are enabled.
Immediately following configuration, you may receive an alert notification that the system had surpassed a low value threshold. You may disregard this initial notification.
ASM System Resources
You can receive alerts for Application Security Manager (ASM) system resources when system these resources pass a defined usage thresholds. This table provides an overview of the system resources used directly, or indirectly, by ASM. Alert notifications reflect the average system values, per blade, collected over the past minute. These alerts allow you to mitigate resource usage that impacts ASM performance. For sustained alerts, you may need to adjust your memory configuration, virtual server configuration, or add a new device. For assistance, contact F5 Support.
Resource Description and Impact
TMM CPU Usage
The average CPU usage for TMM processes over all system cores. The TMM processes all load-balanced traffic on the BIG-IP system. Reaching maximum usage impacts system performance for all TMM-based processes, which results in a loss of network information.
Total CPU Usage
The average CPU usage for the entire system over all system cores. Reaching maximum usage impacts system performance as a whole, and results in a loss of network information.
ASM CPU Usage
The average CPU usage for the BD processes over all system cores. Reaching maximum usage impacts ASM performance, by preventing ASM policy enforcement.
ASM CPU Usage per VS
The average CPU usage for the ASM enforcer per virtual server. This can indicate that an application requires higher resource usage. Reaching maximum usage impacts the ASM performance for virtual server's corresponding the application/s.
TMM Memory Utilization
The average TMM memory usage out of the total memory provisioned for the system TMM. Reaching maximum usage impacts system performance for all TMM-based processes, which results in a loss of network information.
UMU Memory Utilization
The average UMU memory usage out of the total memory provisioned for ASM enforcer. UMU memory is the internal memory used to process all of ASM traffic, excluding XML traffic. High memory usage can result from unusually large requests. Reaching maximum usage impacts ASM performance.
XML Memory Utilization
The average XML memory usage out of the total memory provisioned for the ASM enforcer. XML memory is the internal memory provisioned for an application that uses web services or XML. Reaching maximum memory usage impacts ASM performance for traffic associated with an XML profile.
Total Swap Memory Utilization
The average swap memory usage for all system processes out of the total swap area. High swap usage can indicate that UMU or TMM memory has reached maximum usage. High system swap usage can impact system performance.
ASM Swap Memory in MB
The average amount of swap (MB) usage for ASM enforcer. ASM swap memory provides swap memory for ASM enforcer until more system memory becomes available. Relying on swap memory for an extended period of time will affect the overall ASM performance.
Event Message Queue Utilization
The percent memory used for events waiting for ASM enforcer processing in the message queue out to the total memory for all queues. Reaching high usage can indicate that ASM enforcer is not processing incoming traffic. This can also indicate a change in the total CPU availability.
Backlog Message Queue Utilization
The percent memory usage for messages removed from the message queues and transferred to the backlog queue out of the total memory for all queues. This can indicate that messages are redirected from the event message queue. Reaching high usage can eventually result in bypassed or dropped messages.
Bypassed Transaction Rate
The number of HTTP transactions per second (TPS) that bypassed ASM processing due to the unavailability of the ASM enforcer. Bypassed translations indicate that some traffic is not evaluated by your ASM policy.
0.1 Million TPS