F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IQ: Monitoring and Reports
  3. Access Reporting and Statistics
Manual Chapter : Access Reporting and Statistics

Applies To:

Show Versions Show Versions
Manual Chapter

Access Reporting and Statistics

About Access and SWG reports

Access reports focus on session and logging data from Access devices (managed devices with APM licensed and provisioned). F5 Secure Web Gateway Services reports focus on user requests (for URLs or applications, for example) from Access devices with Secure Web Gateway Services provisioned. BIG-IQ Centralized Management Access also supports high availability. Thus, users can view both Access and SWG reports on a secondary BIG-IQ system.
Access reports and SWG reports provide the following features.
  • Reports on any combination of discovered devices, Access groups, and clusters
  • Graphs for typical areas of concern and interest, such as cross-geographical comparisons or top 10 issues
  • Tabular data to support the graphs
  • Ability in some screens to drill down from summarized data to details
  • Ability to save data to CSV files

Setup requirements for Access and SWG reports

Before you can produce Access reports and SWG reports, you must ensure that these tasks are already complete:
  • A BIG-IQ data collection device is configured in the BIG-IQ system.
  • Add the BIG-IP devices to the BIG-IQ inventory.
  • Discover the BIG-IP devices with the Access service configuration.
  • Run the data collection device configuration setup on the devices from the Access Reporting screen.

What data goes into Access reports for the All Devices option?

The
All Devices
 option for Access reports includes data from the devices that are currently managed (discovered) in the BIG-IQ system. This is in addition to data from devices that were managed at some point during the report timeframe, but that are not currently managed. With
All Devices
 selected, if data from unmanaged devices exists, it displays in reports.
An unmanaged device might be unmanaged temporarily or permanently. Any time a configuration management change causes APM® to be undiscovered, the device and its data are moved to
All Devices
 until APM is re-discovered on the device.
You cannot generate a report for an unmanaged device. However, you can generate a report for the timeframe when the device was managed, and then search the report for the unmanaged device name. In the Summary report, All Active Sessions includes the number of sessions that were active on the device when it became unmanaged. Those sessions stay in the Summary and in the Active sessions reports until the next session status update, which occurs every 15 minutes.

About upgrades affecting reports

When you upgrade a BIG-IQ® Centralized Management system without taking a snapshot, it deletes all reporting data, including both Access and SWG reports. After upgrading, users cannot obtain these reports from the BIG-IP® devices. To prevent the loss of reports, users should take an Elasticsearch snapshot before upgrading, and restore the snapshot after upgrading. For more information on elasticsnapshots, refer to
F5 BIG-IQ Centralized Management: Upgrading Logging Nodes to Version
 x.x.

View SWG statistics for all managed devices

Before you can display statistcs in the SWG analytics screen, you must have the following configured:
  • A BIG-IQ data collection device configured for the BIG-IQ device
  • The BIG-IP device located in your network and running a compatible software version
  • To view the SWG Dashboard, statistics collection on the BIG-IP device should be enabled.
    For BIG-IP devices running versions 13.1.0.5 or later, enabling the BIG-IP device's statistics collection may affect the information that appears in the Secure Web Gateway Summary screen (
    Monitoring
    DASHBOARDS
    Access
    Secure Web Gateway
    Secure Web Gateway Summary
    ).
  • For BIG-IP devices running versions 13.1.0.5, or later, you must have AVR provisioned on your BIG-IP device.
View statistics for all traffic managed with Secure Web Gateway (SWG) to ensure that your configured access profile properly secures the users within your network.
  1. At the top of the screen, click
    Monitoring
    .
  2. Click
    DASHBOARDS
    SWG
    .
    The screen displays the SWG analytics screen. By default, the screen displays statistics from the past hour. You can adjust the time settings using the controls found at the top of the screen.
  3. To display events that correspond with the chart timeline, click
    Events
    .
    Events that occurred within the selected time period are displayed in the chart. You can select the event icons within the chart to display event details.
  4. Expand the dimensions found at the far right of the screen to view additional data.
  5. Filter displayed data by dimension objects:
    1. To filter data by one or more BIG-IP devices, expand
      BIG-IP Host Names
       or
      BIG-IP Blade Numbers
       and select one or more dimension objects.
    2. To filter data by traffic or security settings (e.g. a URL category and a corresponding action) expand the remaining dimensions and select one or more dimension objects.
      You can select objects from multiple dimensions. Once you select an object, only dimensions with corresponding data are displayed in the charts and dimensions
To edit your SWG settings go to
Configuration
ACCESS
Access Groups
 and select the Access group name. For more information about Access group configuration, refer to the
BIG-IQ Centralized Management: Access
 on
support.f5.com
 for configuration information.

About the application dashboard

The Application Summary dashboard is your starting point to view and download general reports for BIG-IQ Access.

View the Application Summary dashboard

The BIG-IQ Centralized Management Application Summary dashboard displays information regarding the applications linked to the system.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, click
    Monitoring
    .
  3. On the left, select
    DASHBOARDS
    Access
    Application Summary
    .
The Application Summary screen opens, showing detailed information and charts for specific applications.

About user visibility

You can monitor your user base by viewing the BIG-IQ Centralized Management Access user dashboard for data on specific users. The system displays which users created the most sessions, were denied the most sessions, and had the longest total session duration. The administrator can enter a specific user name to get the following details for the user:
  • The user login locations on a world map
  • The total sessions, denied sessions, and session duration
  • The Access denied sessions.
  • The top authentication failures, including AD Auth and LDAP only
  • The device type users used to log into the system
  • The reason the system terminated the session
  • The login history showing the success and failures over time
  • The most accessed applications
  • The most accessed URLs
  • The login failure attempts over time, sorted by the reason
  • The client session duration over time
  • The Access denied reason over time

About application visibility

You can monitor your applications by viewing the BIG-IQ Centralized Management Access user dashboard for data on which applications are linked to the BIG-IQ Access component. The system displays the top applications used and the application usage time. Administrators can expand the GUI for a specific application and view the following information:
  • The application access history
  • The users who use the application the most
  • The access history
  • The world map, showing where the user is access the application

About denied sessions

You can monitor the sessions that BIG-IQ® Centralized Management denies. By using the Access Monitoring option, you can view the following information:
  • The history of denied sessions
  • The reasons why sessions were denied
  • The top denied users, sorted by session count
  • The top authentication failures
  • The top denied policies
  • The top denied sessions by country of origin
  • The top denied session by the virtual server
  • The denied sessions, sorted by the client platform

Viewing denied sessions

You can use the BIG-IQ Centralized Management Access reporting features to see which sessions were denied by the system, as well to create a report.
  1. Log in to the BIG-IQ system with your user name and password.
  2. Click
    Monitoring
    DASHBOARDS
    Access
    Sessions
    Denied
    .
  3. From the
    ACCESS GROUP/DEVICE
     list at upper left, select
    Managed Devices
     or select one or more of these options:
    • <
      Access group name
      >
       - Select to include all devices in the Access group.
    • <
      Cluster display name
      >
       - Select to include the devices in the cluster.
    • <
      Device name
      >
       - Select to include the device. You can select any device from
      Managed Devices
      ,
      <
      Access group name
      >
      , or
      <
      Cluster display name
      >
      .
  4. From the
    TIMEFRAME
     list, specify a time frame:
    • Select a predefined time period - These range from
      Last hour
       to
      Last 3 months
      .
    • Set a custom time period - Select
      Between
      ,
      After
      , or
      Before
      , and click the additional fields that display the set dates and times that support your selection.
  5. To save report data in a comma-separated values file, click the
    CSV Report
     button.
    A CSV file downloads.
From here, you can view details regarding denied sessions and create a report.

About monitoring remote access data

BIG-IQ Centralized Management offers advanced monitoring and troubleshooting capabilities for connectivity and VPN use cases. You may use the remote access monitoring functionality to gain visbility the behavior of VPN traffic, as well as to view the log of errors associated with failed connections. With remote access monitoring, you can maintain a high-level visibility for network access requests and session data for all users accessing the network through Access policies.

About the network access summary dashboard

Navigate to
Monitoring
DASHBOARDS
Access
Remote Access
Network Access
Network Access Summary
View data for Network Access usage summary. From this report, you can:
  • Generate a report with a different scope by making a selection from the
    ACCESS GROUP/DEVICE
     or the
    TIMEFRAME
     field, or both
  • Generate reports for any devices regardless of Access group membership, cluster membership, or geographical location. Select
    All Devices
     from the
    ACCESS GROUP/DEVICE
     list and select the devices that interest you.
  • Adjust the time slider across the top of the screen to indicate the time window for which statistics are displayed. This control sets the chart pane focus to a specific window of time within the currently selected time period. Use the sliders at either end of this control to define the window you want to examine. If you adjust the right side of the control, the auto refresh stops, effectively freezing the display so you can focus on a particular data point.
  • Select
    CSV Report
     to download a CSV file of this data to your local machine.
  • Refresh this page by clicking
    Refresh
     or set up automatic refresh by selecting the arrow next to the
    Refresh
     button and selecting how often you would like to refresh the data. You can pick from 1, 5, or 10 minutes.

What is in the Network Access Dashboard pane?

User interface control
Functionality
Active Users
Displays the total number of users actively connected to a session. Click
Active Users
 to open the Active Users screen, which displays charts describing the top 1,000 users and the top 1,000 locations.
Active Connections
Displays the total active connections. Click
Active Connections
 to open the Active Connections screen, which displays charts describing the top 1,000 users and the top 1,000 locations.
Total Sessions
Displays the total number of sessions established.
Total Reconnects
Displays the number of times users tried to reestablish a session. Click
Total Reconnects
 to open the Total Reconnects screen, which displays charts describing reconnects.
Network Access Session Errors
Displays the total number of errors that occurred during network access sessions. Click
Network Access Session Errors
 to open the Connectivity Errors screen, which displays a list of connectivity errors. Click
Session ID
 to display detailed session details and session variable information.

What is in the Total Reconnects pane?

User interface control
What does this do?
NETWORK ACCESS RECONNECTS OVER TIME
Displays a chart of the network access reconnects over time.
TOP 10 USERS BY RECONNECTS
Displays the top ten users with the most reconnects. Select a user from the bar chart to display detailed information about the user.
RECONNECTS GEO DISTRIBUTION
Displays the geographical locations from which the reconnects originate. Click the locations on the map to display detailed information about the country from which the reconnect originated.
CLIENTS IPS BY RECONNECTS
Displays the IP address of the client devices from which the reconnects originate. Select a client from the bar chart to display the types of client operating systems.

What are the tabs?

User interface control
What does this do?
Sessions
Use this tab to view charts displaying the sessions over time in the network access.
Connections
Use this tab to view charts displaying the connections over time in the network access.
Bytes Transferred
Use this tab to view charts displaying the bytes transferred over time in the network access.

What charts are in the Sessions tab?

Chart
What does this do?
Chart Title
Each chart displays a title that identifies the statistic plotted on that chart.
NETWORK ACCESS SESSIONS OVER TIME
Displays the network access sessions over time.
TOP 10 USERS BY SESSIONS
Displays the users with the most sessions and the number of sessions per user. Select a user from the list to display detailed session information for that user.
TOP 10 USERS BY RECONNECTS
Displays the users with the most reconnects and the number of reconnects per user. Select a user from the list to display detailed reconnect information for that user.
SESSIONS GEO DISTRIBUTION
Displays the geographical locations from which the sessions originate. Click the locations on the map to display detailed information about the country from which the session originated.
TUNNEL TYPES BY SESSIONS
Displays the types of tunnels used by all sessions and the number of tunnels used. Click the ring chart to display detailed information about the tunnel types.
TOP 10 CLIENTS IPS BY SESSIONS
Displays the IP addresses of the top client systems from which the sessions originate and the number of sessions per client. Select a client from the bar chart to display detailed session information for that client.
CLIENT OS BY SESSIONS
Displays the top operating systems used by the client devices and the number of operating systems. Click the ring chart to display detailed information about the client device.

What charts are in the Connections tab?

Chart
What does this do?
Chart Title
Each chart displays a title that identifies the statistic plotted on that chart.
NETWORK ACCESS CONNECTIONS OVER TIME
Displays the network access connections over time.
TOP 10 USERS BY CONNECTIONS
Displays the users with the most connections and the number of connections per user. Select a user from the list to display detailed connections information for that user.
TOP 10 USERS BY RECONNECTS
Displays the users with the most reconnects and the number of reconnects per user. Select a user from the list to display detailed reconnect information for that user.
CONNECTIONS GEO DISTRIBUTION
Displays the geographical locations from which the connections originate. Click the locations on the map to display detailed information about the country from which the connection originated.
TUNNEL TYPES BY CONNECTIONS
Displays the types of tunnels used by all connections and the number of tunnels used. Click the pie chart to display detailed information about the tunnel types.
TOP 10 CLIENTS IPS BY CONNECTIONS
Displays the IP addresses of the top client systems from which the connections originate and the number of connections per client. Select a client from the bar chart to display detailed connection information for that client.
CLIENT OS BY CONNECTIONS
Displays the top operating systems used by the client devices and the number of operating systems. Click the ring chart to display detailed information about the client device.

What charts are in the Bytes Transferred tab?

Chart
Functionality
Chart Title
Each chart displays a title that identifies the statistic plotted on that chart.
NETWORK ACCESS BYTES TRANSFERRED OVER TIME
Displays the bytes transferred over time in the network access.
TOP 10 USERS BY BYTES TRANSFERRED
Displays the users with the most bytes transferred and the size of the transfers. Select a user from the list to display detailed information for that user.
BYTES TRANSFERRED GEO DISTRIBUTION
Displays the geographical locations from which the bytes originate. Click the locations on the map to display detailed information about the country from which the bytes originated.
TOP 10 CLIENTS IPS BY BYTES TRANSFERRED
Displays the IP addresses of the top client systems that transferred bytes of information and the size of the transfers. Select a client from the bar chart to display detailed bytes transferred information for that client.
CLIENT OS BY BYTES TRANSFERRED
Displays the top operating systems used by the client devices and the number of operating systems. Click the ring chart to display detailed information about the client device.

About monitoring network access performance

BIG-IQ Centralized Management allows you to monitor and troubleshoot network access requests by all clients attempting to join your network. You can use the aggregated data on the following page to understand the overall success of network access requests, and to view the amount of VPN traffic at any given moment or over a period of time.
To do so, navigate to
Monitoring
DASHBOARDS
Access
Remote Access
Network Access
Network Access Performance
.
Within BIG-IQ, you can view data for Network Access performance. From this report, you may:
  • Generate a report with a different scope by making a selection from the
    ACCESS GROUP/DEVICE
     or the
    TIMEFRAME
     field, or both.
  • Generate reports for any devices regardless of Access group membership, cluster membership, or geographic location. Select
    All Devices
     from the
    ACCESS GROUP/DEVICE
     list and select the devices that interest you.
  • Adjust the time slider across the top of the screen to indicate the time window for which statistics are displayed. This control sets the chart pane focus to a specific window of time within the currently selected time period. Use the sliders at either end of this control to define the window you want to examine. You can adjust each end of the control. If you adjust the right side of the control, the auto refresh stops, effectively freezing the display so you can focus on a particular data point.
  • Select
    CSV Report
     to download a CSV file of this data to your local machine.
  • Refresh this page by clicking
    Refresh
     or set up automatic refresh by selecting the arrow next to the
    Refresh
     button and selecting how often you would like to refresh the data. You can pick from 1, 5, or 10 minutes.

What charts are in the dashboard?

Term
Definition
THROUGHPUT OVER TIME
Displays the throughput to and from the client over time.
ACTIVE CONNECTIONS OVER TIME
Displays the number of active network access sessions over time by all users.
NEW CONNECTIONS OVER TIME
Displays the new network connections over time from all users.

View network access reconnect details

From BIQ-IQ, you may view a report of all of the reconnections to your network through your VPN. You may use this page to troubleshoot connectivity issues with your VPN or to determine if a connectivity issue lies on the client-side.
To do this, view a report for Network Access reconnections. Access this page at
Monitoring
DASHBOARDS
Remote Access
Network Access
Network Access Recconnect Detail
.From this page, you can:
  • Generate a report with a different scope by making a selection from the
    ACCESS GROUP/DEVICE
     or the
    TIMEFRAME
     field, or both
  • Generate reports for any devices regardless of Access group membership, cluster membership, or geographical location. Select
    All Devices
     from the
    ACCESS GROUP/DEVICE
     list and select the devices that interest you.
  • Adjust the time slider across the top of the screen to indicate the time window for which statistics are displayed. This control sets the chart pane focus to a specific window of time within the currently selected time period. Use the sliders at either end of this control to define the window you want to examine.If you adjust the right side of the control, the auto refresh stops, effectively freezing the display so you can focus on a particular data point.
  • Select
    CSV Report
     to download a CSV file of this data to your local machine.
  • Refresh this page by clicking
    Refresh
     or set up automatic refresh by selecting the arrow next to the
    Refresh
     button and selecting how often you would like to refresh the data. You can pick from 1, 5, or 10 minutes.
  • Add or remove the
    Client Application
     field by clicking the settings icon on the right and selecting or deselecting
    Client Application
     report.
View reconnect detail properties:

What charts are in the dashboard?

User interface control
Functionality
Local Time
Displays the local timestamp when the user reconnected to the network access connection.
Hostname
Displays the BIG-IP system from which the network access connection originates.
Cluster
Displays the BIG-IP APM cluster.
Session ID
Click the session ID to open the Session Details screen, displaying session details and session variables.
User Name
Displays the username of the reconnecting user.
Client IP
Displays the IP address of the client device used for the reconnect.
Client OS
Displays the operating system of the client device used for the reconnect.
Country
Displays the country where the reconnect originates.
State
Displays the geographical state where the reconnect originates.
Continent
Displays the continent where the reconnect originates.

Monitoring network access errors

You may use BIG-IQ Centralized Management to log all error messages received for every failed network access request in order to facilitate troubleshooting efforts for an end-user or to understand trends with connectivity issues and come to a resolution. To do so, navigate to
Monitoring
DASHBOARDS
Access
Remote Access
Network Access
Network Access Errors
View all details for Network Access errors. From this page, you can:
  • Generate a report with a different scope by making a selection from the
    ACCESS GROUP/DEVICE
     or the
    TIMEFRAME
     field, or both.
  • Generate reports for any devices regardless of Access group membership, cluster membership, or geographical location. Select
    All Devices
     from the
    ACCESS GROUP/DEVICE
     list and select the devices that interest you.
  • Adjust the time slider across the top of the screen to indicate the time window for which statistics are displayed. This control sets the chart pane focus to a specific window of time within the currently selected time period. Use the sliders at either end of this control to define the window you want to examine. If you adjust the right side of the control, the auto refresh stops, effectively freezing the display so you can focus on a particular data point.
  • Select
    CSV Report
     to download a CSV file of this data to your local machine.
  • Refresh this page by clicking
    Refresh
     or set up automatic refresh by selecting the arrow next to the
    Refresh
     button and selecting how often you would like to refresh the data. You can pick from 1, 5, or 10 minutes.

What charts are in the dashboard?

Chart title
Functionality
Local Time
Displays the local timestamp when error occurred.
Hostname
Displays the BIG-IP system from which the network access error occurred.
Session ID
Click the session ID to open the Session Details screen, displaying session details and session variables.
Error Message
Displays the error message associated with this network access failure.
User Name
Displays the username of the the user associated with the error.
Client IP
Displays the IP address of the client device where the error occurred.
Client OS
Displays the operating system of the client device where the error occurred.
Country
Displays the country where the error occurred.

Monitoring network access usage

BIG-IQ provides you with the ability to monitor the frequency of network access requests, as well as to drill-down on the data for all of these requests. You may request reports on traffic throughput for a specific user, and you may track the geographical location of all of the network access requests in order to prevent and spot session takeover or unauthorized network access. To do so, navigate to
Monitoring
DASHBOARDS
Access
Remote Access
Network Access
Network Access Usage
.
From this page, you can:
  • Generate a report with a different scope by making a selection from the
    ACCESS GROUP/DEVICE
     or the
    TIMEFRAME
     field, or both
  • Generate reports for any devices regardless of Access group membership, cluster membership, or geographical location. Select
    All Devices
     from the
    ACCESS GROUP/DEVICE
     list and select the devices that interest you.
  • Adjust the time slider across the top of the screen to indicate the time window for which statistics are displayed. This control sets the chart pane focus to a specific window of time within the currently selected time period. Use the sliders at either end of this control to define the window you want to examine. If you adjust the right side of the control, the auto refresh stops, effectively freezing the display so you can focus on a particular data point.
  • Select
    CSV Report
     to download a CSV file of this data to your local machine.
  • Refresh this page by clicking
    Refresh
     or set up automatic refresh by selecting the arrow next to the
    Refresh
     button and selecting how often you would like to refresh the data. You can pick from 1, 5, or 10 minutes.

View network access usage for the top 1000 users

Chart title
Functionality
User Name
Displays the usernames of the top users by usage.
Total Connections
Displays the total number of network access connections.
Total Bytes In
Displays the total number of bytes received by the network access.
Total Bytes Out
Displays the total number of bytes sent out by the network access.
Total Bytes Transferred
Displays the total number of sent and received bytes.
Total Bytes Transferred
Displays the total number of sent and received bytes.
Total Duration
Displays the total duration when the network access connections for a user were active. When the user has multiple active connections at the same time, the total duration is the sum of the duration of those two connections.
Distinct Locations
Displays the number of unique locations from where the network access usage originates.
View network access usage for the top 1000 locations:

What charts are in the dashboard?

Country
Displays the countries from where the network access usage originates.
State
Displays the states in the countries from where the network access usage originates.
Total Connections
Displays the total number of network access connections.
Total Bytes In
Displays the total number of bytes received by the network access.
Total Bytes Out
Displays the total number of bytes sent out by the network access.
Total Bytes Transferred
Displays the total number of sent and received bytes.
Total Duration
Displays the total duration when the network access connections for a user were active. When the user has multiple active connections at the same time, the total duration is the sum of the duration of those two connections.
The date filter is applied on the connection start time. If you select a date range that starts after the network access connection was established, BIG-IQ does not display the connection record because date range selected does not include connection state time.

Monitoring portal access

BIG-IQ allows you to separately monitor portal access network traffic and network access requests that stem from BIG-IP Edge Client. To monitor data on portal access requests and to receive reports on this data, navigate to
Monitoring
DASHBOARDS
Access
Remote Access
Portal Access
.
View data for Portal Access sessions. From this report, you can:
  • Generate a report with a different scope by making a selection from the
    ACCESS GROUP/DEVICE
     or the
    TIMEFRAME
     field, or both
  • Generate reports for any devices regardless of Access group membership, cluster membership, or geographical location. Select
    All Devices
     from the
    ACCESS GROUP/DEVICE
     list and select the devices that interest you.
  • View the number of client requests, cache hits, and cache misses over time in the Portal Access chart.
  • Adjust the time slider across the top of the screen to indicate the time window for which statistics are displayed. This control sets the chart pane focus to a specific window of time within the currently selected time period. Use the sliders at either end of this control to define the window you want to examine. If you adjust the right side of the control, the auto refresh stops, effectively freezing the display so you can focus on a particular data point.
  • Select
    CSV Report
     to download a CSV file of this data to your local machine.
  • Refresh this page by clicking
    Refresh
     or set up automatic refresh by selecting the arrow next to the
    Refresh
     button and selecting how often you would like to refresh the data. You can pick from 1, 5, or 10 minutes.

What information is listed in the columns?

Column Title
Functionality
Local Time
Displays the local timestamp when the system generates a report every ten minutes.
Client Requests / min
Displays the number of client requests per minute.
Cache Hits / min
Displays the number of cache hits per minute.
Cache Misses / min
Displays the number of cache misses per minute.

Monitoring VDI data

You may use BIG-IQ to collect data on virtual desktop sessions in order to troubleshoot connectivity issues and view trends over time or for a certain time period. To do so, navigate to
Monitoring
DASHBOARDS
Access
Remote Access
VDI Summary
.
From this report, you can:
  • Generate reports with a different scope by making a selection from the
    ACCESS GROUP/DEVICE
     or the
    TIMEFRAME
     field, or both
  • Generate reports for any devices regardless of Access group membership, cluster membership, or geographical location. Select
    All Devices
     from the
    ACCESS GROUP/DEVICE
     list and select the devices that interest you.
  • View the number of client requests, cache hits, and cache misses over time in the Portal Access chart.
  • Adjust the time slider across the top of the screen to indicate the time window for which statistics are displayed. This control sets the chart pane focus to a specific window of time within the currently selected time period. Use the sliders at either end of this control to define the window you want to examine. If you adjust the right side of the control, the auto refresh stops, effectively freezing the display so you can focus on a particular data point.
  • Select
    CSV Report
     to download a CSV file of this data to your local machine.
  • Refresh this page by clicking
    Refresh
     or set up automatic refresh by selecting the arrow next to the
    Refresh
     button and selecting how often you would like to refresh the data. You can pick from 1, 5, or 10 minutes.

What data does VDI Summary display?

Chart or list
Functionality
VDI SESSIONS OVERTIME
Displays a chart containing data points for VDI sessions by network users over time.
TOP 10 USED VDI APPLICATIONS
Displays the most frequently used VDI applications for remote access users.
Top 50 VDI Applications by Request count
Displays a list containing the top 50 most requested VDI applications.

Managing a specific user in Access reporting

You can use the BIG-IQ Centralized Management Access reporting tools to view the user dashboard for data on a specific user.
  1. Log in to the BIG-IQ system with your user name and password.
  2. Click
    Monitoring
    DASHBOARDS
    Access
    User Summary
    .
    The User Summary screen displays, showing detailed information for specific users.

Running Access reports

For Access to have report data for a device, the device must have been added to the BIG-IQ Centralized Management system, discovered, and had the Access remote logging configuration run for it.
You can create Access reports for any device with the APM service configuration on it that has been discovered on the BIG-IQ system, whether or not the device is a member of an Access group. To create a report, you can select any combination of Access groups, clusters, and devices.
  1. At the top of the screen, click
    Monitoring
    .
  2. On the left, select
    DASHBOARDS
    Access
    .
    A Summary report (for all devices and a default timeframe) starts to generate and display.
  3. From the left, select any report that you want to run.
  4. At the top left of the screen, from the
    ACCESS GROUP/DEVICES
     list, either select one of the first two options (
    All Devices
     and
    All Managed Devices
    ) or, select one or more of the other options (
    <
    Access group name
    >
    ,
    <
    Cluster display name
    >
    , and
    <
    Device name
    >
    ).
    • All Devices
       Includes Access devices that are currently managed, and Access devices that were managed at one time but are not managed now. (A managed device is one that has been discovered with the APM service configuration.)
    • All Managed Devices
       Includes all Access devices that are currently discovered.
    • <
      Access group name
      >
       - Select to include all devices in the Access group.
    • <
      Cluster display name
      >
       - Select to include the devices in the cluster.
    • <
      Device name
      >
       - Select to include the device. You can select any device from
      Managed Devices
      ,
      <
      Access group name
      >
      , or
      <
      Cluster display name
      >
      .
  5. From the
    TIMEFRAME
     list, specify a time frame:
    • Select a predefined time period - These range from
      Last hour
       to
      Last 3 months
      .
    • Set a custom time period - Select
      Between
      ,
      After
      , or
      Before
      , and click the additional fields that display the set dates and times that support your selection.
  6. To save report data in a comma-separated values file, click the
    CSV Report
     button.
    A CSV file downloads.

Getting the details that underlie an Access report

For Access to have report data for a device, the device must have been added to the BIG-IQ Centralized Management system, discovered, and had the Access remote logging configuration run for it.
From the Summary report, and from most session reports, the initial display includes graphs that summarize the report data. You can get successively more detailed information by clicking a bar or a point on a graph or clicking a link if one is displayed on the screen.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, click
    Monitoring
    .
  3. On the left, select
    DASHBOARDS
    Access
    .
    The Summary report is an example of the type of report that presents high-level data, and provides access to underlying data.
    A Summary report (for all devices and a default timeframe) starts to generate and display.
  4. Click anywhere in a summary to get more information.
    Top left portion of the Summary report display
    To get details from a summary, click the brightly colored number or the brightly colored bar.
    Additional graphs display, and supporting data displays in a table at the bottom of the screen.
  5. If more details are available, click the bars in the graphs to display more details.
  6. Scroll down to the table to view the supporting data.
  7. If the table includes a
    Session ID
     field, click the link in that field to open the session details.
    Session details popup screen (with addresses and host names blurred)
    Session details report displays local time, hostname, log level, message, and a Session Variables tab.
  8. To change which records display on this screen, select a log level from the
    LOG LEVEL
     list at the top of the screen.

About the maximum number records for Access and SWG reports

When you run an Access report or an SWG report, Access can get up to 10,000 records to display to you. After you scroll to the end of those 10,000 records, Access displays a message. At that point, all you can do is select fewer devices or select a shorter timeframe.

Setting the timeframe for your Access or SWG report

For Access to have report data for a device, the device must have been added to the BIG-IQ Centralized Management system, discovered, and had the Access remote logging configuration run for it.
Use the
TIMEFRAME
 list at the top of any Access or SWG report to change the report time period.
  1. Log in to BIG-IQ Centralized Management with your admin user name and password.
  2. At the top of the screen, click
    Monitoring
    .
  3. To set a predefined timeframe, select one of these from the
    TIMEFRAME
     list:
    Last hour
    ,
    Last day
    ,
    Last week
    ,
    Last 30 days
    ,
    Last 3 months
    .
  4. To set a custom timeframe, select one of these from the
    TIMEFRAME
     list:
    • Between
      : Click each of the additional fields that display to select dates and times. The report displays the records between those dates and times.
    • Before
      : Click the additional fields that display to select a date and a time. The report displays the records before that date and time.
    • After
      : Click the additional fields that display to select a date and a time. The report displays the records after that date and time.

Errors with session reports in Access: causes and resolutions

Problem
A session is over, but it continues to display in the Active sessions report.
Resolution
If a session starts when logging nodes are up and working, but terminates during a period when logging modes are unavailable, the session remains in the Active sessions report for 15 minutes. After 15 minutes, the session status is updated and the session is dropped from the report.
Problem
Active sessions are included in the Summary and Active sessions reports for a device that is no longer managed.
Resolution
Sessions were active on a device when it was removed from an Access group and became unmanaged. Sessions that were active when the device became unmanaged remain counted in All Active Sessions on the Summary screen and stay in the Active sessions report until the next session status update, which occurs every 15 minutes.
Problem
A session is over, but
Session Termination
 and
Session Duration
 are blank in a session report.
Resolution
If a session starts when logging nodes are up and working but terminates during a period when logging nodes are unavailable, the session termination is not recorded and the session duration cannot be calculated.

What can cause logging nodes to become unavailable?

Logging nodes are highly available, but it is still possible for them to become unavailable. This could occur, for example, if all logging nodes are on devices in the same rack in a lab, and the power to the lab shuts down.

Managing Sessions

Running Session reports

For Access to have report data for a device, the device must have been added to the BIG-IQ Centralized Management system, discovered, and had the Access remote logging configuration run for it.
You can create Session reports for any device with the APM service configuration on it that has been discovered on the BIG-IQ system, whether or not the device is a member of an Access group. To create a report, you can select any combination of Access groups, clusters, and devices.
  1. At the top of the screen, click
    Monitoring
    .
  2. On the left, select
    DASHBOARDS
    Access
    Sessions
    .
    A Summary report (for all devices and a default timeframe) starts to generate and display.
  3. From the left, select any report that you want to run.
  4. At the top left of the screen, from the
    ACCESS GROUP/DEVICES
     list, either select one of the first two options (
    All Devices
     and
    All Managed Devices
    ) or select one or more of the other options (
    <
    Access group name
    >
    ,
    <
    Cluster display name
    >
    , and
    <
    Device name
    >
    ).
    • All Devices
       Includes Access devices that are currently managed, and Access devices that were managed at one time but are not managed now. (A managed device is one that has been discovered with the APM service configuration.)
    • All Managed Devices
       Includes all Access devices that are currently discovered.
    • <
      Access group name
      >
       - Select to include all devices in the Access group.
    • <
      Cluster display name
      >
       - Select to include the devices in the cluster.
    • <
      Device name
      >
       - Select to include the device. You can select any device from
      Managed Devices
      ,
      <
      Access group name
      >
      , or
      <
      Cluster display name
      >
      .
  5. From the
    TIMEFRAME
     list, specify a time frame:
    • Select a predefined time period - These range from
      Last hour
       to
      Last 3 months
      .
    • Set a custom time period - Select
      Between
      ,
      After
      , or
      Before
      , and click the additional fields that display the set dates and times that support your selection.
  6. To save report data in a comma-separated values file, click the
    CSV Report
     button.
    A CSV file downloads.

Stopping sessions on BIG-IP devices from Access

For Access to have report data for a device, the device must have been added to the BIG-IQ Centralized Management system, discovered, and had the Access remote logging configuration run for it.
You can stop currently active sessions on BIG-IP devices, using the Active sessions report on the BIG-IQ system.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, click
    Monitoring
    .
  3. On the left, select
    DASHBOARDS
    Access
    .
    A Summary report (for all devices and a default timeframe) starts to generate and display.
  4. On the left, from
    Sessions
    , select
    Active
    .
    The screen displays a list of active sessions for all devices.
  5. To display sessions for particular devices, groups, or clusters only, select them from the
    ACCESS GROUP/DEVICE
     list at upper left.
    The screen displays the active sessions for the selected devices.
  6. To stop specific sessions only, select the sessions that you want to end and click
    Kill Selected Sessions
    .
  7. To stop all sessions, click
    Kill All Sessions
    .

Running Secure Web Gateway reports

For Access to have report data for a device, the device must have been added to the BIG-IQ Centralized Management system, discovered, and had the Access remote logging configuration run for it.
Only a device with SWG provisioned on it can provide data for Secure Web Gateway reports.
You can create SWG reports for Access groups, clusters (in Access groups), or devices that you select from the Access groups and clusters (in Access groups) on the BIG-IQ system.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, click
    Monitoring
    .
  3. On the left, select
    DASHBOARDS
    Access
    Secure Web Gateway
    .
    A Summary report (for all devices and a default timeframe) starts to generate and display.
  4. From the left, select any report that you want to run.
  5. From the
    ACCESS GROUP/DEVICE
     list at upper left, select
    Managed Devices
     or select one or more of these options:
    • <
      Access group name
      >
       - Select to include all devices in the Access group.
    • <
      Cluster display name
      >
       - Select to include the devices in the cluster.
    • <
      Device name
      >
       - Select to include the device. You can select any device from
      Managed Devices
      ,
      <
      Access group name
      >
      , or
      <
      Cluster display name
      >
      .
  6. From the
    TIMEFRAME
     list, specify a time frame:
    • Select a predefined time period - These range from
      Last hour
       to
      Last 3 months
      .
    • Set a custom time period - Select
      Between
      ,
      After
      , or
      Before
      , and click the additional fields that display the set dates and times that support your selection.
  7. To save report data in a comma-separated values file, click the
    CSV Report
     button.
    A CSV file downloads.

Getting the details that underlie an SWG report

For Access to have report data for a device, the device must have been added to the BIG-IQ Centralized Management system, discovered, and had the Access remote logging configuration run for it.
Only a device with SWG provisioned on it can provide data for SWG reports.
From the Summary report, the initial display includes graphs that summarize the report data. You can get more detailed information by clicking a bar or a point on a graph to see additional graphs and tables with supporting entries.
  1. Log in to BIG-IQ Centralized Management with your admin user name and password.
  2. At the top of the screen, click
    Monitoring
    .
  3. On the left, select
    DASHBOARDS
    Access
    Secure Web Gateway
    .
    The Summary starts to generate and display. A timeline and some summaries display across the top of the screen. Graphs display under the summaries. Each graph provide different views of the data.
  4. Click any bar in a graph on the display to get more information.
    Additional graphs provide different views of the data, and supporting data displays in a table at the bottom of the screen.
  5. If more details are available, click the bars in the graphs to display them.
  6. Scroll down to the table to view the supporting data.

Managing Federation reports

Running OAuth reports

For Access to have report data for a device, the device must have been added to the BIG-IQ Centralized Management system, discovered, and had the Access remote logging configuration run for it.
Only a device with OAuth provisioned on it can provide data for OAuth reports.
You can create OAuth reports for Access groups, clusters (in Access groups), or devices that you select from the Access groups and clusters (in Access groups) on the BIG-IQ Centralized Management system.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, click
    Monitoring
    .
  3. On the left, select
    DASHBOARDS
    Access
    Federation
    OAuth
    .
  4. Select
    Authorization Server
    ,
    Client
    , or
    Resource
    .
    A Summary report (for all devices and a default timeframe) starts to generate and display.
  5. From the left, select any report that you want to run.
  6. From the
    ACCESS GROUP/DEVICE
     list at upper left, select
    Managed Devices
     or select one or more of these options:
    • <
      Access group name
      >
       - Select to include all devices in the Access group.
    • <
      Cluster display name
      >
       - Select to include the devices in the cluster.
    • <
      Device name
      >
       - Select to include the device. You can select any device from
      Managed Devices
      ,
      <
      Access group name
      >
      , or
      <
      Cluster display name
      >
      .
  7. From the
    TIMEFRAME
     list, specify a time frame:
    • Select a predefined time period - These range from
      Last hour
       to
      Last 3 months
      .
    • Set a custom time period - Select
      Between
      ,
      After
      , or
      Before
      , and click the additional fields that display the set dates and times that support your selection.
  8. To save report data in a comma-separated values file, click the
    CSV Report
     button.
    A CSV file downloads.

Monitoring the OAuth server performance

The Authentication Server Summary screen shows several charts that you can use to track the health of your authorization server role. Data appears when you configure statistics collection. Controls on this screen work together so you can fine-tune the statistics display.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, click
    Monitoring
    .
  3. On the left, select
    DASHBOARDS
    Access
    Federation
    OAuth
    Authorization Server
    Server Performance
    .
    The Authorization Server Peformance screen opens.
  4. From the
    ACCESS GROUP/DEVICE
     list at upper left, select
    All Managed Devices
     or or one of the session-specific options.
  5. From the
    TIMEFRAME
     list, specify a time frame:
    • Select a predefined time period - These range from
      Last hour
       to
      Last 3 months
      .
    • Set a custom time period - Select
      Between
      ,
      After
      , or
      Before
      , and click the additional fields that display the set dates and times that support your selection.
  6. From the
    AUTHORIZATION SERVER
     list, select an OAuth authorization server.
  7. To save report data in a comma-separated values file, click the
    CSV Report
     button.
    A CSV file downloads.

Monitoring the OAuth token summary

The Token Summary screen shows several charts that you can use to track the health of your OAuth tokens. Data appears when you configure statistics collection. Controls on this screen work together so you can fine-tune the statistics display.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, click
    Monitoring
    .
  3. On the left, select
    DASHBOARDS
    Access
    Federation
    OAuth
    Authorization Server
    Tokens
    .
    The Authorization Server Peformance screen opens.
  4. From the
    ACCESS GROUP/DEVICE
     list at upper left, select
    All Managed Devices
     or or one of the session-specific options.
  5. From the
    TIMEFRAME
     list, specify a time frame:
    • Select a predefined time period - These range from
      Last hour
       to
      Last 3 months
      .
    • Set a custom time period - Select
      Between
      ,
      After
      , or
      Before
      , and click the additional fields that display the set dates and times that support your selection.
  6. From the
    AUTHORIZATION SERVER
     list, select an OAuth authorization server.
  7. From the
    GRANT TYPE
     list, select an OAuth2 grant type.
  8. To save report data in a comma-separated values file, click the
    CSV Report
     button.
    A CSV file downloads.

Running SAML reports

For Access to have report data for a device, the device must have been added to the BIG-IQ Centralized Management system, discovered, and had the Access remote logging configuration run for it.
Only a device with SAML provisioned on it can provide data for SAML reports.
You can create SAML reports for Access groups, clusters (in Access groups), or devices that you select from the Access groups and clusters (in Access groups) on the BIG-IQ Centralized Management system.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, click
    Monitoring
    .
  3. On the left, select
    DASHBOARDS
    Access
    Federation
    SAML
    .
  4. Select
    SP Summary
     or
    IdP Summary
    .
    A Summary report (for all devices and a default timeframe) opens, displaying chart data for assertions over time, the top SPs or IdPs with successful assertions, the top client IP addresses, the top subject values with successful assertions, and the top SP or IdPs with failed assertions.
  5. From the
    ACCESS GROUP/DEVICE
     list at upper left, select
    All Managed Devices
     or or one of the session-specific options.
  6. From the
    TIMEFRAME
     list, specify a time frame:
    • Select a predefined time period - These range from
      Last hour
       to
      Last 3 months
      .
    • Set a custom time period - Select
      Between
      ,
      After
      , or
      Before
      , and click the additional fields that display the set dates and times that support your selection.
  7. From the
    SP
     list, select a service provider.
  8. To save report data in a comma-separated values file, click the
    CSV Report
     button.
    A CSV file downloads.
  9. To view the successful SP assertions, click
    Assertions Success
    .
    The Successful Assertions screen opens, displaying data and statistics for the top 10 client IP's, platform distribution, geolocation distribution, subject values and SPs with successful assertions.
  10. To view the failed SP assertions, click
    Assertions Failed
    .
    The Failed Assertions screen opens, displaying data and statistics for the top 10 client IP's, platform distribution, geolocation distribution, subject values and SPs with failed assertions.

Running SP assertion reports

For Access to have report data for a device, the device must have been added to the BIG-IQ Centralized Management system, discovered, and had the Access remote logging configuration run for it.
Only a device with SAML provisioned on it can provide data for SAML reports.
The SP Assertions screen shows several charts that you can use to track the health of your SAML SP assertions. Data appears when you configure statistics collection. Controls on this screen work together so you can fine-tune the statistics display.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, click
    Monitoring
    .
  3. On the left, select
    DASHBOARDS
    Access
    Federation
    SAML
    .
  4. Select
    SP Summary
    SP Assertions Report
    .
    The SP Assertions screen opens, displaying a table with assertion information.
  5. From the
    ACCESS GROUP/DEVICE
     list at upper left, select
    All Managed Devices
     or or one of the session-specific options.
  6. From the
    TIMEFRAME
     list, specify a time frame:
    • Select a predefined time period - These range from
      Last hour
       to
      Last 3 months
      .
    • Set a custom time period - Select
      Between
      ,
      After
      , or
      Before
      , and click the additional fields that display the set dates and times that support your selection.
  7. From the
    SP
     list, select a service provider.
  8. To save report data in a comma-separated values file, click the
    CSV Report
     button.
    A CSV file downloads.

Running SP error reports

For Access to have report data for a device, the device must have been added to the BIG-IQ Centralized Management system, discovered, and had the Access remote logging configuration run for it.
Only a device with SAML provisioned on it can provide data for SAML reports.
The SP Errors screen shows several charts that you can use to track the health of your SAML SP errors. Data appears when you configure statistics collection. Controls on this screen work together so you can fine-tune the statistics display.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, click
    Monitoring
    .
  3. On the left, select
    DASHBOARDS
    Access
    Federation
    SAML
    .
  4. Select
    SP Summary
    SP Error Report
    .
    The SP Errors screen opens, displaying a table with error reports.
  5. From the
    ACCESS GROUP/DEVICE
     list at upper left, select
    All Managed Devices
     or or one of the session-specific options.
  6. From the
    TIMEFRAME
     list, specify a time frame:
    • Select a predefined time period - These range from
      Last hour
       to
      Last 3 months
      .
    • Set a custom time period - Select
      Between
      ,
      After
      , or
      Before
      , and click the additional fields that display the set dates and times that support your selection.
  7. From the
    SP
     list, select a service provider.
  8. To save report data in a comma-separated values file, click the
    CSV Report
     button.
    A CSV file downloads.

Running IdP assertion reports

For Access to have report data for a device, the device must have been added to the BIG-IQ Centralized Management system, discovered, and had the Access remote logging configuration run for it.
Only a device with SAML provisioned on it can provide data for SAML reports.
The IdP Assertions screen shows several charts that you can use to track the health of your SAML IdPs assertions. Data appears when you configure statistics collection. Controls on this screen work together so you can fine-tune the statistics display.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, click
    Monitoring
    .
  3. On the left, select
    DASHBOARDS
    Access
    Federation
    SAML
    .
  4. Select
    IdP Summary
    IdP Assertions Report
    .
    The IdP Assertions screen opens, displaying a table with assertion information.
  5. From the
    ACCESS GROUP/DEVICE
     list at upper left, select
    All Managed Devices
     or or one of the session-specific options.
  6. From the
    TIMEFRAME
     list, specify a time frame:
    • Select a predefined time period - These range from
      Last hour
       to
      Last 3 months
      .
    • Set a custom time period - Select
      Between
      ,
      After
      , or
      Before
      , and click the additional fields that display the set dates and times that support your selection.
  7. From the
    IdP
     list, select an identity provider.
  8. To save report data in a comma-separated values file, click the
    CSV Report
     button.
    A CSV file downloads.

Running IdP error reports

For Access to have report data for a device, the device must have been added to the BIG-IQ Centralized Management system, discovered, and had the Access remote logging configuration run for it.
Only a device with SAML provisioned on it can provide data for SAML reports.
The IdP Errors screen shows several charts that you can use to track the health of your SAML IdP errors. Data appears when you configure statistics collection. Controls on this screen work together so you can fine-tune the statistics display.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, click
    Monitoring
    .
  3. On the left, select
    DASHBOARDS
    Access
    Federation
    SAML
    .
  4. Select
    IdP Summary
    IdP Error Report
    .
    The IdPs Errors screen opens, displaying a table with error reports.
  5. From the
    ACCESS GROUP/DEVICE
     list at upper left, select
    All Managed Devices
     or or one of the session-specific options.
  6. From the
    TIMEFRAME
     list, specify a time frame:
    • Select a predefined time period - These range from
      Last hour
       to
      Last 3 months
      .
    • Set a custom time period - Select
      Between
      ,
      After
      , or
      Before
      , and click the additional fields that display the set dates and times that support your selection.
  7. From the
    IdP
     list, select an identity provider.
  8. To save report data in a comma-separated values file, click the
    CSV Report
     button.
    A CSV file downloads.

Configuring remote high-speed BIG-IQ and SWG event logging

You can configure the BIG-IQ system to log information about BIG-IQ and Secure Web Gateway events and send the log messages to remote high-speed log servers.
When configuring remote high-speed logging of events, it is helpful to understand the objects you need to create and why, as described here:
Object
Reason
Pool of remote log servers
Create a pool of remote log servers to which the BIG-IP system can send log messages.
Destination (unformatted)
Create a log destination of Remote High-Speed Log type that specifies a pool of remote log servers.
Destination (formatted)
If your remote log servers are the ArcSight, Splunk, or Remote Syslog type, create an additional log destination to format the logs in the required format and forward the logs to a remote high-speed log destination.
Publisher
Create a log publisher to send logs to a set of specified log destinations.
Log Setting
Add event logging for the APM system and configure log levels for it or add logging for URL filter events, or both. Settings include the specification of up to two log publishers: one for access system logging and one for URL request logging.
Access profile
Add log settings to the access profile. The log settings for the access profile control logging for the traffic that comes through the virtual server to which the access profile is assigned.

Create a pool of remote logging servers

Before creating a pool of log servers, gather the IP addresses of the servers that you want to include in the pool. Ensure that the remote log servers are configured to listen to and receive log messages from the BIG-IP system.
Create a pool of remote log servers to which the BIG-IP system can send log messages.
  1. On the Main tab, click
    Local Traffic
    Pools
    .
    The Pool List screen opens.
  2. Click
    Create
    .
    The New Pool screen opens.
  3. In the
    Name
     field, type a unique name for the pool.
  4. Using the
    New Members
     setting, add the IP address for each remote logging server that you want to include in the pool:
    1. Type an IP address in the
      Address
       field, or select a node address from the
      Node List
      .
    2. Type a service number in the
      Service Port
       field, or select a service name from the list.
      Typical remote logging servers require port
      514
      .
    3. Click
      Add
      .
  5. Click
    Finished
    .

Create a new log destination

Before you can create a new log destination, you must have configured a remote log server to send the logs to.
Use this screen to create a new log destination for a managed device.
Create a log destination to specify that log messages are sent to a remote log server.
  1. At the top of the screen, click
    Configuration
    , then, on the left, click
    LOCAL TRAFFIC
    Logs
    Log Destinations
    .
    The Log Destinations screen displays a list of the log destinations that are defined on this device.
  2. To create a new log destination, click
    Create
    .
    The New Log destination screen opens so you can define the settings you want for this destination.
  3. In the
    Name
     field, type in a name for the log destination you are creating.
  4. For
    Type
    , select the kind of destination you are creating.
    Depending on the selection you make, additional controls are displayed.
  5. Specify the additional settings needed to suit the requirements for this log destination. The fields required to create a new log destination depend on the type you choose. BIG-IQ denotes required fields using an amber box. You can also determine whether you have completed all of the required fields by noting whether the
    Save & Close
     button is enabled.
    Except for the Devices and Device Specific settings, the parameters on this screen perform the same function as they do when you configure a log destination on a BIG-IP device. For details about the purpose or function of a particular setting, refer to the BIG-IP reference information on
    support.f5.com
    . From the BIG-IP Knowledge Center, select the BIG-IP LTM module and the software version you have installed; then select the appropriate guide. For example, information about the log destination parameters for BIG-IP version 13.0 is provided in the External Monitoring of BIG-IP Systems: Implementations, Version 13.0 guide.
  6. When you create a Log Destination and select a type of
    IPFIX
     or
    Remote High-Speed Log
    , you need to specify which devices to associate this destination with. When you create a Log Destination and select a type of
    Management Port
     you can specify device specific settings or, if no device specific settings are defined, the base configuration settings are used for any device associated with this log destination.
    For additional detail on device-specific log destination types, refer to
    What is a device specific log destination?
     in the
    F5 BIG-IQ Centralized Management: Local Traffic & Network Implementations
     guide on
    support.f5.com
    .
    • If you have a lot of devices that you need to associate with this log destination and want to automate the process:
      1. Use the steps below to specify one device and then click
        Save
        .
      2. Associate this log destination with the log publishers that are pinned to your managed devices.
      3. Come back and edit this log destination. A
        Find Relevant Devices
         button displays. You can use this button to let BIG-IQ assemble a list of devices. BIG-IQ finds the BIG-IP devices that this destination can be deployed to. You can use the list to create a device-specific instance of this destination for each BIG-IP.
      4. Click
        Save
         to add the listed devices to the Device Specific list.
    • To specify the devices for this log destination manually:
      1. Select the device you want this destination to use
      2. If you are creating an
        IPFIX
         or
        Remote High-Speed Log
         destination log, select the pool that you want each device to use.
      3. Use the button to add additional devices to the list.
      4. Use the button to remove a device from the list.
      5. Click
        Save
         to add the listed devices to the Device Specific list.
    Devices you select for this log destination are added to the Device Specific list.
    Click on a device name in the Device Specific list to edit settings for that device. Bear in mind though that changes you make to one device do not change the settings for other devices, or for the base configuration for the log destination.
  7. Click
    Save & Close
    .
    The system creates the new log destination with the settings you specified.
Changes that you make are made only to the pending version. The
pending version
 serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
When you finish specifying the settings for this log destination, the next step is to evaluate and then deploy the changes to the target device. Until you deploy the changes stored in the pending version, objects on the managed device are not changed.

Create a new log publisher

Before you can create a new log publisher, configure a log destination with a pool of remote log servers so you can assign it to your publisher as you create it.
Log publishers specify log destinations that BIG-IP devices can send their log messages to.
  1. At the top of the screen, click
    Configuration
    , then, on the left, click
    LOCAL TRAFFIC
    Logs
    Log Publishers
    .
    The Log Publishers screen displays a list of the log publishers that are defined on this device.
  2. To create a new log publisher, click
    Create
    .
    The New Log Publisher screen opens so you can define the settings you want for this publisher.
  3. In the
    Name
     field, type in a name for the log publisher you are creating.
  4. Select the Log Destinations for this publisher.
    1. Select a destination type from the Available list.
      The list of destinations displays only the type you selected.
    2. Select one or more destinations from the Available list.
    3. Move the selected destinations to the Selected list.
      If you are using a formatted destination, select the destination that matches your log servers, such as Remote Syslog, Splunk, or ArcSight.
  5. Specify the additional settings needed to suit the requirements for this log publisher.
    The parameters on this screen are optional and perform the same function as they do when you configure a log publisher on a BIG-IP device.
    For details about the purpose or function of a particular setting, refer to the BIG-IP reference information on support.f5.com. From the BIG-IP Knowledge Center, select the BIG-IP LTM module and the software version you have installed; then select the appropriate guide. For example, information about the log publisher parameters for BIG-IP version 13.0 is provided in the
    External Monitoring of BIG-IP Systems: Implementations
     guide.
  6. Click
    Save & Close
    .
    The system creates the new log publisher with the settings you specified.
Changes that you make are made only to the pending version. The
pending version
 serves as a repository for changes you stage before deploying them to the managed device. Object settings for the pending version are not the same as the object settings on the actual BIG-IP device until they are deployed or discarded.
When you finish specifying the settings for this log publisher, the next step is to evaluate and then deploy the changes to the target device. Until you deploy the changes stored in the pending version, objects on the managed device are not changed.

Configure log settings for access system and URL request events

Create log settings to enable event logging for access system events or URL filtering events or both. Log settings specify how to process event logs for the traffic that passes through a virtual server with a particular access profile.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top of the screen, select
    Traffic & Network
    , then on the left side of the screen, click
    ACCESS
    Access Groups
    .
  3. Click the name of the Access group that interests you.
    A new screen displays the group's properties.
  4. Click
    EVENT LOGS SETTINGS
    Create
    .
  5. Type a name for the name for the log setting.
  6. In the
    SSO Configuration Description
     field, type a descriptive text for the configuration.
  7. For
    Access System Logs
    , click the check box to specify a publisher for Access system logs and log levels.
  8. For
    Access Logs Publisher
    , select a log publisher.
  9. For the system log types, beginning with
    Access Policy
     and ending with
    ADFS Proxy
    , from the dropdown lists, select a log level. The default is
    Notice
    .
  10. For
    URL Request Logs
    , click the check box to select a publisher for the logs and specifies the URL requests to log based on whether the request was blocked or allowed.
  11. For
    URL Request Logs Publisher
    , select a log publisher.
  12. For
    Log Allowed Events
    , click the check box to log request data when a user tries to access a URL that the URL filter allows.
  13. For
    Log Blocked Events
    , click the check box to log request data when a user tries to access a URL that the URL filter blocks.
  14. For
    Log Confirmed Events
    , click the check box to log request data when a user confirms a request for access to a URL for which the URL filter requires confirmation.
  15. Click
    Save & Close
    .

Configuring APM alerts

You can configure APM email alerts from within BIG-IQ to receive notifications when various error and license usage metrics meet either a warning or a critical threshold.
  1. From BIG-IQ, navigate to
    Applications
    ALERT MANAGEMENT
    Alert Rules
    .
  2. To create a new Alert Rule for an Access Group or a single BIG-IP device, select
    Add
    .
    You may also edit the default APM alert rules by clicking on
    default-access-health
    . Doing this will change the alerts for all devices managed by this BIG-IQ.
  3. Add a unique name and a description for this alert rule.
  4. Select
    Device access-health
     to configure this alert rule for APM.
  5. Select the checkbox by each of the metrics for which you would like to receive monitoring alerts.
    The metrics you may receive alerts for include:
    • Network Access Reconnects
    • Network Access Errors
    • Bad IP Reputations
    • Denied Sessions
    • SAML - IdP Errors
    • SAML - SP Errors
    • Access Usage
    • Connectivity Usage
    • SWG Usage
  6. For each metric you decide to receive alerts for, set a number of occurrences at which you would like to receive a warning alert and a number of occurrences at which you would like to receive a critical alert.
  7. Click
    SNMP Traps
     to enable alerts sent from remote SNMP-enabled devices.
  8. To send alerts to an email inbox, select the checkbox by
    Email
    . Enter the emails to receive the alerts in the box below separated by commas.
  9. Under
    Devices
    , select the group of devices for which you would like to configure alerts. You can select an Access Group at this point.
  10. Select the BIG-IP devices and use the arrows to move them between the boxes.
  11. When you have finished, click
    Save & Close
    .
Once you have finished, you will be able to receive alerts within BIG-IQ and to your email depending on your selections.

Monitoring APM alerts

To monitor APM alerts on BIG-IQ, you must first create alert rules to establish what will constitute a warning and a critical level alert.
You may use BIG-IQ to monitor both current APM alerts and past APM alerts to determine trends with network access and connectivity issues.
  1. To view all active alerts for APM, navigate to
    Applications
    ALERT MANAGEMENT
    Active Alerts
     from within BIG-IQ.
  2. You may sort all active alerts by alert
    Level
    ,
    Title
    ,
    Start time
    ,
    Type
    ,
    Context
    ,
    Reported Object
    , and
    Last Updated
    .
    Sorting by
    Type
     may be particularly important when you are searching for alerts associated with the health of APM configurations.
  3. Once APM alerts are inactive, they will move to the
    Alert History
     tab under
    Applications
    ALERT MANAGEMENT
    .
  4. From there, you can filter results by the last day and by the last two days from the dropdown menu in the top left in order to triage connection errors and other network issues for users of an APM connection.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information