Manual Chapter :
Collecting Security Statistics
Applies To:
Show VersionsBIG-IP AAM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP APM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP Analytics
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP Link Controller
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP LTM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP PEM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP AFM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP DNS
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
BIG-IP ASM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Collecting Security Statistics
Overview: Collecting DoS statistics
This implementation describes how to edit the reporting settings for the
denial of service (DoS) attack statistics collected from your virtual
servers with DoS profile protection. The system can be configured to
collect statistics locally or remotely. You use these statistics for
troubleshooting and improving DoS protection to your applications or over
your network. These statistics include information about the traffic
volume, transaction outcomes, packet errors, and IP address information
(when available).
When enabling or disabling reporting settings, consider your protection
configuration over BIG-IP, and whether your system is currently
provisioned with AFM DoS protection coverage (optionally ASM for specific
configuration settings).
Customizing security statistics collection and reporting
settings
To collect and report statistics from your DoS
protected virtual servers, you must ensure that you have licensed and provisioned the
AFM module.
If you would like to store data remotely, ensure that
your remote server is configured.
The default reporting settings allows AVR to
collect and locally store certain security statistics. You can customize the default
reporting and collection settings to your system needs, or to ensure that security
reporting is available for storage on a remote publisher. Ensure that the enabled
settings meets your custom needs, as increased statistics collection requires additional
system resources.
- On the Main tab, click.
- Verify that theLocal Storagesetting isEnabled.This setting prompts the system to store statistics locally, and you can view the charts on the system by starting at the Main tab, and clicking.
- To export statistics, selectEnabledfor theRemote Storagesetting.When enabled, you can select the remote storage server from thePublishersetting.
- Enable or disable the default data collection settings.For more information about the specific statistics collected, see Reporting settings statistics.
- To email reports, specify an SMTP Configuration. If no configuration is available, clickCreateto create one.
- ClickSave.
Statistics are collected from the virtual servers
with corresponding security settings.
Reporting settings statistics
The reporting settings allow you to configure security
statistics collection from virtual servers with network-level (AFM) DoS protection services
(unless stated otherwise). The following describes the specific statistics collected per
field provided in the Reporting Settings screen (
). Depending on your reporting settings, stored statistics either available
locally on your BIG-IP, or on an external server. All data collected is marked with the reported time stamp,
system collection interval, and number of data points collected.
Reporting Setting | Data Collected |
---|---|
Collect ACL
stats | Detected ACL violations are reported as
Enforced
or Staged ,
based on the configuration of the corresponding ACL rule list.
|
Remote Storage Only
| |
Collect Network DoS
stats |
|
Remote Storage Only
| |
Collect Firewall Events
Stats |
|
Remote Storage Only
| |
Collect IP Reputation
stats |
|
Remote Storage Only
| |
Collect DNS
stats |
|
Remote Storage Only
| |
Collect SIP
stats |
|
Remote Storage Only
| |
DoS Network | Destination IP address sent over the network
|
Network Firewall Rules |
|
DoS HTTP* | All HTTP analytics data for virtual servers
with ASM DoS protection. For more information about the collected
information, go to and select the analytics profile.
|