Manual Chapter :
Monitoring ASM System Resources
Applies To:
Show VersionsBIG-IP APM
- 16.1.5
BIG-IP ASM
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
Monitoring ASM System Resources
Collecting ASM resource and health
statistics
This implementation describes how to set up the BIG-IP system to collect
Application Security Manager™ (ASM) resource usage and send alerts when the
system has surpassed threshold usage. These alerts allow you to troubleshoot any system resource
limitations that can impact ASM performance. You can specify the resources monitored and the
thresholds that you want the system to use, or let the system send alerts about your selected
resources based on default settings. You can also specify whether these alerts are sent over the
local system log, SNMP or SMTP (email) when a threshold is surpassed and when the threshold is
then below the set value.
Configuring ASM health and resource
alerts
To set up email alerts you must specify an SMTP
configuration. If you have not already done so, you can click
Create
in the SMTP Configuration field.Monitoring aspects of system
resource usage can assist in system troubleshooting and prevent long-term ASM
performance issues. You can configure which system resources and corresponding
thresholds trigger your alert notifications, and where these notifications can be logged
or sent.
- On the main tab, click.The ASM Alerts screen opens.
- Select theEnabledcheckbox to receive alerts when that system resource exceeds its threshold.In theThresholdfield of each resource, adjust the threshold according to your system monitoring needs.
- If you want the system to send email notifications, review theSMTP Configurationfield to ensure that a configuration is specified and not the valueNone.You can configure SMTP only in the default Analytics profile. If it is not configured, you can save the profile and edit the default profile where you can select an existing SMTP configuration or create a new one. (If you click theanalyticslink without saving the new profile you are working on, you will lose the unsaved changes.)
- For theNotification Typesetting, select how you want the system to send alerts and notifications.SyslogSelectSyslogif you want the system to send notification and alert messages to the local log system. You can view the messages on the screen.SNMPSelectSNMPif you want the system to send notification and alert messages as SNMP traps. You can create the trap by clickingConfiguration can be found here( ). Enabling SNMP automatically sets up Syslog notifications, too.E-mailSelectE-mailif you want the system to send notification and alert messages to email addresses. Type each email address in theNotification E-Mailsfield, and clickAddto create the list. This option requires that the default analytics profile includes an SMTP configuration.When you select a notification type, the screen displays the Alerts and Notifications Configuration area, where you can indicate the criteria for alerts and notifications.
- ClickUpdatesave your alert settings.
Enabling alerts has a minimal
performance impact when all alerts are enabled.
Immediately following
configuration, you may receive an alert notification that the system had surpassed a
low value threshold. You may disregard this initial notification.
ASM System Resources
You can receive alerts for Application Security Manager
(ASM) system resources when system these resources pass a defined usage thresholds. This table
provides an overview of the system resources used directly, or indirectly, by ASM. Alert
notifications reflect the average system values, per blade, collected over the past minute.
These alerts allow you to mitigate resource usage that impacts ASM performance. For sustained
alerts, you may need to adjust your memory configuration, virtual server configuration, or add a
new device. For assistance, contact F5 Support.
System Resource | Resource Description and Impact | Default Threshold |
---|---|---|
TMM CPU Usage | The average CPU usage for TMM processes over all system
cores. The TMM processes all load-balanced traffic on the BIG-IP system. Reaching
maximum usage impacts system performance for all TMM-based processes, which results in
a loss of network information. | 85% |
Total CPU Usage | The average CPU usage for the entire system over all
system cores. Reaching maximum usage impacts system performance as a whole, and
results in a loss of network information. | 90% |
ASM CPU Usage | The average CPU usage for the BD processes over all system
cores. Reaching maximum usage impacts ASM performance, by preventing ASM policy
enforcement. | 85% |
ASM CPU Usage per VS | The average CPU usage for the ASM enforcer per virtual server.
This can indicate that an application requires higher resource usage. Reaching
maximum usage impacts the ASM performance for virtual server's corresponding the
application/s. | 35% |
TMM Memory Utilization | The average TMM memory usage out of the total memory
provisioned for the system TMM. Reaching maximum usage impacts system performance for
all TMM-based processes, which results in a loss of network information. | 95% |
UMU Memory Utilization | The average UMU memory usage out of the total memory
provisioned for ASM enforcer. UMU memory is the internal memory used to process all of
ASM traffic, excluding XML traffic. High memory usage can result from unusually large
requests. Reaching maximum usage impacts ASM performance. | 90% |
XML Memory Utilization | The average XML memory usage out of the total memory
provisioned for the ASM enforcer. XML memory is the internal memory provisioned for an
application that uses web services or XML. Reaching maximum memory usage impacts ASM
performance for traffic associated with an XML profile. | 90% |
Total Swap Memory Utilization | The average swap memory usage for all system processes out
of the total swap area. High swap usage can indicate that UMU or TMM memory has
reached maximum usage. High system swap usage can impact system performance. | 10% |
ASM Swap Memory in MB | The average amount of swap (MB) usage for ASM enforcer.
ASM swap memory provides swap memory for ASM enforcer until more system memory becomes
available. Relying on swap memory for an extended period of time will affect the
overall ASM performance. | 5MB |
Event Message Queue Utilization | The percent memory used for events waiting for ASM
enforcer processing in the message queue out to the total memory for all queues.
Reaching high usage can indicate that ASM enforcer is not processing incoming traffic.
This can also indicate a change in the total CPU availability. | 90% |
Backlog Message Queue Utilization | The percent memory usage for messages removed from the
message queues and transferred to the backlog queue out of the total memory for all
queues. This can indicate that messages are redirected from the event message queue.
Reaching high usage can eventually result in bypassed or dropped messages. | 5% |
Bypassed Transaction Rate | The number of HTTP transactions per second (TPS) that
bypassed ASM processing due to the unavailability of the ASM enforcer. Bypassed
translations indicate that some traffic is not evaluated by your ASM policy. | 0.1 Million TPS |