Manual Chapter :
About Monitoring APM Data in BIG-IQ
Applies To:
Show Versions
BIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0, 8.0.0, 7.1.0
About Monitoring APM Data in BIG-IQ
About Access and SWG reports
Access reports focus on session and logging data from Access devices (managed devices with APM licensed and provisioned). F5 Secure Web Gateway Services reports focus on user requests (for URLs or applications, for example) from Access devices with Secure Web Gateway Services provisioned. BIG-IQ Centralized Management Access also supports high availability. Thus, users can view both Access and SWG reports on a secondary BIG-IQ system.
Access reports and SWG reports provide the following features.
- Reports on any combination of discovered devices, Access groups, and clusters
- Graphs for typical areas of concern and interest, such as cross-geographical comparisons or top 10 issues
- Tabular data to support the graphs
- Granular user data
- Ability in some screens to drill down from summarized data to details
- Ability to save data to CSV files
Setup requirements for Access and SWG reports
Before you can produce Access reports and SWG reports, you must ensure that these tasks are
already complete:
- A BIG-IQ data collection device is configured in the BIG-IQ system.
- Add the BIG-IP devices to the BIG-IQ inventory.
- Discover the BIG-IP devices with the Access service configuration.
- Run the data collection device configuration setup on the devices from the Access Reporting screen.
What data goes into Access reports for the All Devices option?
The
All Devices
option for Access reports includes data from the devices
that are currently managed (discovered) in the BIG-IQ system. This is in
addition to data from devices that were managed at some point during the report timeframe, but
that are not currently managed. With All Devices
selected, if data from
unmanaged devices exists, it displays in reports. An unmanaged device might be unmanaged temporarily or permanently. Any time a configuration
management change causes APM® to be undiscovered, the device and its data
are moved to
All Devices
until APM is re-discovered on the device. You cannot generate a report for an unmanaged device. However, you can generate a report for
the timeframe when the device was managed, and then search the report for the unmanaged device
name. In the Summary report, All Active Sessions includes the number of sessions that were active
on the device when it became unmanaged. Those sessions stay in the Summary and in the Active
sessions reports
until the next
session status update, which occurs every 15 minutes.
Create flexible reports using the Access summary dashboard
For Access Policy Manager (APM) to have monitoring data
for your device, you must add the BIG-IP device to the BIG-IQ Centralized Management system.
The system must then discover the device, and a user must run the Access remote logging
configuration on the device. You can use the Access Summary dashboard to view aggregated
data from APM policies managed by this BIG-IQ environment. Data you can view includes
authentication, connectivity, user, session, and license information. To do so, on the Main
tab, navigate to .
Widget Title | Description |
|---|---|
ACCESS GROUP/DEVICE | Select Managed Devices
or select one or more of these options:
|
TIMEFRAME | Adjust the time frame to reflect the period for
which you would like to view data. You can do this by either:
selecting the interval from the TIMEFRAME drop
down menu, or by dragging the date selector from the horizontal
widget below it. You can also select a
timeframe between two specific dates or before or after a
selected date by selecting Between ,Before , or
After and then selecting a date or date range
from the calendar widget.Once you have selected the time frame or date
range you are interested in, the data on this dashboard will change
to reflect the new time period. |
All Active Sessions | From this dashlet, you can view all unique
active session using this device or devices. You can drill
down on this information and obtain more data about: top 10 client IP
addresses, top 10 countries, top 10 users, top 10 Access profiles, top
10 virtual servers, top 10 client profiles, and top 10 Access policies
associated with this metric. When multiple devices are selected, you can see the active sessions over time. |
Sessions Created | From this widget, you can view all new
sessions initiated during the timeframe currently displayed at the top
of the page. Select this widget to drill down and obtain more data
about: top 10 client IP addresses, top 10 countries, top 10 users, top
10 Access profiles, top 10 virtual servers, top 10 client profiles, and
top 10 Access policies associated with this metric. |
Unique Users | View the number of unique users during the
timeframe specified at the top of the page. Select this widget to drill
down and obtain more data about: top 10 client IP addresses, top 10
countries, top 10 users, top 10 Access profiles, top 10 virtual servers,
top 10 client profiles, and top 10 Access policies associated with this
metric. |
Sign-In Denied | From this widget, you can view the number of
sessions that have been denied. Select this widget to drill down and
obtain more data about: top 10 client IP addresses, top 10 countries,
top 10 users, top 10 Access profiles, top 10 virtual servers, top 10
client profiles, and top 10 Access policies associated with this metric.
|
Active Sessions Over Time | You can track the Average
Established number of sessions in an interval of
time, the Average
Attempted number of sessions in one interval of
time, the Maximum
Established number of sessions in an interval of
time, and the Maximum
Attempted number of sessions in an interval of time.
You can remove any of these components from the graph to focus your
report by selecting the name of the component in the ledger at the
top right corner of the chart. The time intervals with the horizontal axis will
adjust depending on the length of time you select in the Timeframe widget
at the top of the page. For example, longer time frames will yield
larger intervals for data collection and shorter time frames will
yield shorter intervals for data collection. Average and
Maximum refer to the aggregated data in a single
unit of time on the horizontal axis. You can check what units of
time the graph is using in the top left corner of the chart. |
Denied Sessions / Auth Failures Over Time | This widget allows you to track denied
sessions and Authentication failures against each other. You can remove
either denies sessions or Authentication failures from the data set by
selecting either of these components in the legend at the top right
corner of the chart. |
Top 3 Devices by License Usage | You can view devices by license usage in one
of three categories: Access Sessions, Connectivity Sessions, and Secure
Web Gateway (SWG) Sessions. Click on any of these categories to view the
license usage for each, including the threshold and usage limit of each
of the top three devices. By hovering over the bar graph for a device,
you can view how many users are licensed for this device (displayed as
the Limit ) and
how many are currently using it (displayed as Usage . |
Session Count Distribution Across Countries | Use this widget to select a geographic
location to view from the map to view more information about session
logon locations in another dashboard. You can also view more data about
sessions originating from unknown location by clicking on Unknown Locations at
the bottom of the dashlet. To zoom in or out on the map widget, use the
+ and
- icons.
|
Top Users by Session Count | You can view the top 10 users with the most
sessions for this device or set of devices. To learn more about the
activity of each user, select the name to navigate to a summary
dashboard displaying usage data for this user only. |
About upgrades affecting reports
When you upgrade a BIG-IQ® Centralized Management system without taking a snapshot, it deletes all reporting data, including both Access and SWG reports. After upgrading, users cannot obtain these reports from the BIG-IP® devices. To prevent the loss of reports, users should take an Elasticsearch snapshot before upgrading, and restore the snapshot after upgrading. For more information on elastic snapshots, refer to
F5 BIG-IQ Centralized Management: Upgrading Logging Nodes to Version
x.x.Errors with session reports in Access: causes and
resolutions
- Problem
- A session is over, but it continues to display in the Active sessions report.
- Resolution
- If a session starts when logging nodes are up and working, but terminates during a period when logging modes are unavailable, the session remains in the Active sessions report for 15 minutes. After 15 minutes, the session status is updated and the session is dropped from the report.
- Problem
- Active sessions are included in the Summary and Active sessions reports for a device that is no longer managed.
- Resolution
- Sessions were active on a device when it was removed from an Access group and became unmanaged. Sessions that were active when the device became unmanaged remain counted in All Active Sessions on the Summary screen and stay in the Active sessions report until the next session status update, which occurs every 15 minutes.
- Problem
- A session is over, butSession TerminationandSession Durationare blank in a session report.
- Resolution
- If a session starts when logging nodes are up and working but terminates during a period when logging nodes are unavailable, the session termination is not recorded and the session duration cannot be calculated.
Setting the timeframe for your Access or SWG report
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
Use the
TIMEFRAME
list at the top of any Access or SWG report to change the report time period.- At the top of the screen, clickMonitoring.
- To set a predefined timeframe, select one of these from theTIMEFRAMElist:Last hour,Last day,Last week,Last 30 days,Last 3 months.
- To set a custom timeframe, select one of these from theTIMEFRAMElist:
- Between: Click each of the additional fields that display to select dates and times. The report displays the records between those dates and times.
- Before: Click the additional fields that display to select a date and a time. The report displays the records before that date and time.
- After: Click the additional fields that display to select a date and a time. The report displays the records after that date and time.
About upgrades affecting reports
When you upgrade a BIG-IQ® Centralized Management system without taking a snapshot, it deletes all reporting data, including both Access and SWG reports. After upgrading, users cannot obtain these reports from the BIG-IP® devices. To prevent the loss of reports, users should take an Elasticsearch snapshot before upgrading, and restore the snapshot after upgrading. For more information on elastic snapshots, refer to
F5 BIG-IQ Centralized Management: Upgrading Logging Nodes to Version
x.x.About the maximum number records for Access and SWG reports
When you run an Access report or an SWG report, Access can get up to 10,000 records to display
to you. After you scroll to the end of those 10,000 records, Access displays a message. At that
point, all you can do is select fewer devices or select a shorter timeframe.
