Manual Chapter : Common elements for AVR

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.0
Manual Chapter

Common elements for AVR

Before you can investigate DoS attacks, you need to have configured DoS protection so that the system is capturing the analytics on the system.
  1. On the Main tab, click
    Local Traffic
    Profiles
    Analytics
    HTTP Analytics
    .
    To have the
    Analytics
    listed, you need to provision Application Visibility and Reporting (AVR) first.
    The
    Profiles: Analytics
    screen opens.
  2. On the Main tab, click
    Statistics
    Analytics
    HTTP
    .
    The Overview screen opens and displays current HTTP statistics averaged over the last hour. On the screen, you can see time controls on the top, charts on the left, and a list of dimensions on the right.
  3. Use the time settings at the top of the screen to set a time range or refresh the information on screen.
    To immediately update the statistics on screen, adjust the time range or refresh settings.
    Time range settings are persistent when navigating between the DoS Dashboard and Analysis screens.
    Time Focus
    Select the time range of the displayed data.
    Additional time options become available as your system gathers more data.
    Currently Selected Time Range
    Displays the current time range of the displayed data.
    Auto-Refresh Interval Selector
    Select how frequently the data on this screen is refreshed.
    Real Time
    Activates the real time option to reflect the most current traffic status in the Charts area
    Manual Refresh
    Click
    Refresh
    to trigger an immediate refresh of the displayed data.
    Manual Time Adjustment Handles
    Set the data to a specific window of time within the currently selected time range. Use the handles at either end of the time line to define the specific time you want to examine. Use the handle above the time line to display data that is outside the selected time range.
    Adjusting the time range to display previous data stops the auto-refresh so you can focus on a specific data point.
    You can zoom into a specific time range within a chart. Select an area within the chart and then click the magnifying glass icon.
    Selecting a time range within the chart stops the screen's auto-refresh settings.
  4. On the
    Monitoring
    tab, go to
    DASHBOARDS
    and select an overview page in
    Device
    ,
    DNS
    , or
    Local Traffic
    .
    On the
    Monitoring
    tab, select an overview page in
    HTTP
    ,
    Device
    ,
    Local Traffic
    , or
    Events
    .
    On the Main tab, click
    Statistics
    Analytics
    HTTP
    .
    On the Main tab, click
    Security
    Reporting
    DoS
    Analysis
    .
  5. On the Main tab, click
    Statistics
    Analytics
    TCP
    .
    The RTT statistics screen opens.
  6. On the Main tab, click
    Statistics
    Analytics
    DNS
    .
    The DNS Analytics screen opens.
  7. From the
    Override time range to
    list, select a new time frame to apply to all of the widgets in the overview.
    Within each widget you can override the default time range, as needed.
  8. For each widget, select the data format and the time range to display, as needed.
  9. Optionally, from the Time Period list (Last Hour, Last Day, Last Week, Last Month, or Last Year) or the configuration gear settings for a widget, adjust the time range, data measurements, and format of data to display.
  10. From the
    View By
    list, select the specific network object type for which you want to display statistics.
    You can also click
    Expand Advanced Filters
    to filter the information that displays.
  11. From the
    Time Period
    list, select the amount of time for which you want to view statistics.
    To display reports for a specific time period, select
    Custom
    and specify beginning and end dates.
  12. Click
    Create
    .
    The New HTTP Analytics Profile screen opens.
  13. Click
    Export
    to create a report of this information.
    The timestamp on the report reflects a publishing interval of five minutes; therefore, a time period request of 12:40-13:40 actually displays data between 12:35-13:35. By default, the BIG-IP system displays one hour of data.
  14. On the upper right of the charts screen, click
    Export
    .
    To send the report to others by email, go to
    Statistics
    Analytics
    Scheduled Reports
    .
  15. Click
    Export
    .
  16. Click the name of a previously created Analytics profile, or create a new one.
  17. Click
    Update
    .
  18. If you need to configure SMTP (if sending alerts by email), click the default
    analytics
    profile on the Profiles: Analytics screen.
    1. For
      SMTP Configuration
      , select an existing configuration.
    2. If no SMTP configurations are listed, click the
      here
      link to create one. When you are done, you need to select the configuration you created in the default
      analytics
      profile.
  19. Rearrange the screen to display more columns of data in the tables:
    • To switch to a table-only view, click the icon.
    • To change the widths of the tables and the charts across the display, drag and drop the icon.
  20. On the far right, click
    Create
    .
    The New Reporting Schedule screen opens.
  21. In the
    Name
    field, type a name for the report schedule.
  22. In the
    Send To (E-Mails)
    setting, type an email address where you want to send the report, and click
    Add
    .
    Add as many email addresses as you need to.
  23. From the
    SMTP Configuration
    list, select the configuration that you want to use.
    If no configurations are available, click
    Create
    to add one.
  24. For
    Mail Frequency
    , select how often, the date to start, and the time to send the reports.
  25. Click
    Finished
    .
  26. You can clear all filter selections or those for a dimension.
    • To clear a single selection, click the selected object.
    • To clear all selections, click the gear icon at the top of the column and select
      Clear All
      .
    • To clear selections for a dimension, click the options icon (three horizontal lines to the left of the title), and select
      Clear Selection
      .
      You can click the numbered icon at the top right-hand corner of the dimension to clear all selections for a dimension.
  27. A metric that is selected as
    Sort by
    is marked with this icon in
    Columns
    and cannot be removed until a different sorting metric is selected.
  28. Go to the Dashboard where changes were made in the Dimensions pane.
  29. Select the gear icon at the top of the Dimension pane.
  30. Expand the dimension to view the dimension table.
  31. Select the menu icon located to the left of the dimension title.
  32. Use this control to hide or display a chart. When you hide a chart, the chart title remains. If you create a comparison chart, an additional control appears that you can use to delete that chart.
  33. Use the Transaction Outcomes (Average TPS) chart to analyze the outcome assigned by the BIG-IP system to the application request and response exchange.
  34. Use the Server Latency (ms) chart to determine the time required for a server response once the BIG-IP system sends a request.
  35. Use the Throughput (bps) chart to determine the average number of bytes per second processed by the BIG-IP system during application requests and responses.
  36. Use the Client Types chart to analyze the means by which HTTP requests are initiated.
  37. If you want the system to send email notifications, review the
    SMTP Configuration
    field to ensure that a configuration is specified and not the value
    None
    .
    You can configure SMTP only in the default Analytics profile. If it is not configured, you can save the profile and edit the default profile where you can select an existing SMTP configuration or create a new one. (If you click the
    analytics
    link without saving the new profile you are working on, you will lose the unsaved changes.)
  38. For the
    Notification Type
    setting, select how you want the system to send alerts and notifications.
    Syslog
    Select
    Syslog
    if you want the system to send notification and alert messages to the local log system. You can view the messages on the
    System
    Logs
    Local Traffic
    screen.
    SNMP
    Select
    SNMP
    if you want the system to send notification and alert messages as SNMP traps. You can create the trap by clicking
    Configuration can be found here
    (
    System
    SNMP
    Traps
    Destination
    ). Enabling SNMP automatically sets up Syslog notifications, too.
    E-mail
    Select
    E-mail
    if you want the system to send notification and alert messages to email addresses. Type each email address in the
    Notification E-Mails
    field, and click
    Add
    to create the list. This option requires that the default analytics profile includes an SMTP configuration.
    When you select a notification type, the screen displays the Alerts and Notifications Configuration area, where you can indicate the criteria for alerts and notifications.
  39. General Entry slots
    Contact F5 Support for assistance.