Manual Chapter :
Monitoring Session Data
Applies To:
Show VersionsBIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0, 8.0.0, 7.1.0
Monitoring Session Data
Managing Sessions
About the session summary dashboard
BIG-IQ Centralized Management allows users to monitor data for all session requests managed by Access Policy Manager (APM). Use BIG-IQ to create a summary report for all sessions, as well as to view individual session details and log messages.
View and configure session summary reports
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
You can create session reports for any managed BIG-IP device with an APM configuration that has been discovered on the BIG-IQ system, whether or not the device is a member of an Access group. To create a report, you can select any combination of Access groups, clusters, and devices.
- Navigate to
- At the top left of the screen, from theACCESS GROUP/DEVICESlist, either select one of the first two options (All DevicesandAll Managed Devices) or select one or more of the other options (<,Access group name><, andCluster display name><).Device name>
- All DevicesIncludes Access devices that are currently managed, and Access devices that were managed at one time but are not managed now. (A managed device is one that has been discovered with the APM service configuration.)
- All Managed DevicesIncludes all Access devices that are currently discovered.
- <- Select to include all devices in the Access group.Access group name>
- <- Select to include the devices in the cluster.Cluster display name>
- <- Select to include the device. You can select any device fromDevice name>Managed Devices,<, orAccess group name><.Cluster display name>
- From theTIMEFRAMEmenu, specify a time frame:
- Select a predefined time period. These range fromLast hourtoLast 3 months.
- Set a custom time period. SelectBetween,After, orBefore, and click the additional fields that display the set dates and times that support your selection.
- To save report data in a comma-separated values (CSV) file, click theCSV Reportbutton.The CSV file downloads.
- To refresh the data on this dashboard immediately, clickRefresh. To configure an automatic refresh, click the arrow next to it and then select1 minute,5 minutes, or10 minutes. You can alsoDisableautomatic refresh from this menu.
- To view details for a specific session, click the ID under theSession IDcolumn.
- Use theLog Levelsmenu to sort by message severity. SelectingEmergencywill show only the most severe warnings, and selectingDebugwill display the lowest severity messages.
- SelectClose.
What data can you monitor from the Session Summary dashboard?
BIG-IQ Access allows you to monitor APM session data from the Sessions Summary dashboard. From this page, you can generate customizable and dynamic reports to monitor top-level content for all sessions. See the notes below to learn more about each category for which you can record data.
What charts are in the dashboard?
Value | Functionality |
---|---|
Local Time | Displays the date and time that the session was created. |
Hostname | Displays the managed BIG-IP device name. |
Cluster | Displays the High Availability (HA) cluster associated with the session. |
Session ID | Click the Session ID to open the Session Details screen, displaying session details and session variables. |
Session Duration | Displays the duration of time when the session was active. |
Session Termination | Displays the local timestamp when the session was terminated. |
Active | Displays a green dot if the session is active. |
User Name | Displays the logon name used to start a session. |
Virtual IP | Displays the IP address of the virtual server where the session started. |
Client IP | Displays the IP address of the client that started the session. |
Client OS | Displays the operating system of the client that started the session. |
IP-Reputation | For a connection attempted from an IP address that exists in the IP reputation database on a device, specifies the category of IP reputation, or, Unknown when IP intelligence is not enabled on the BIG-IP device. |
Continent | Displays the continent on which the client is located. |
Country | Displays the country in which the client is located. |
State | Displays the state or province in which the client is located. |
Stopping sessions on BIG-IP devices from Access
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
You can stop currently active sessions on BIG-IP devices, using the Active sessions report
on the BIG-IQ system.
- Click.The screen displays a list of active sessions for all devices.
- To display sessions for particular devices, groups, or clusters only, select them from theACCESS GROUP/DEVICElist at upper left.The screen displays the active sessions for the selected devices.
- To stop specific sessions only, select the sessions that you want to end and clickKill Selected Sessions.
- To stop all sessions, clickKill All Sessions.
What data can you monitor for active sessions?
BIG-IQ Access allows you to monitor APM session data for all active sessions. From this page, you can generate customizable and dynamic reports to monitor top-level content for all active sessions. See the notes below to learn more about each category for which you can generate data.
What charts are in the dashboard?
Value | Functionality |
---|---|
Local Time | Displays the date and time that the session was created. |
Hostname | Displays the managed BIG-IP device name. |
Cluster | Displays the high availability cluster associated with the session. |
Session ID | Click the session ID to open the Session Details screen, displaying session details and session variables. |
User Name | Displays the logon name of the user who initiated this session. |
Virtual IP | Displays the IP address of the virtual server where the session started.. |
Client IP | Displays the IP address of the client that started the session. |
IP Reputation | For a connection attempted from an IP address that exists in the IP reputation database on a device, specifies the category of IP reputation, or, when IP intelligence is not enabled on the device, Unknown . |
Continent | Displays the country in which the client is located. |
State | Displays the state or province in which the client is located. |
Access Profile | Displays the access profile used by the BIG-IP device for this session. |
About Access profile usage
Using BIG-IQ Centralized Management, you can monitor all session activity originating from the Access profiles (also known as per-session policies) that you configured. The session count displayed in BIG-IQ includes both established and failed sessions. Use this report to determine which Access profiles are being used most frequently by your users in order to determine or troubleshoot resource allocation.
View and configure Access profile reports
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
With BIG-IQ, you can generate reports for sessions, grouped by the Access profile used, in order to gain information about which Access profiles are being used most heavily. The session counts displayed on the dashboard include both established and failed sessions.
- Navigate to.
- At the top left of the screen, from theACCESS GROUP/DEVICESlist, either select one of the first two options (All DevicesandAll Managed Devices) or select one or more of the other options (<,Access group name><, orCluster display name><).Device name>
- All Managed DevicesIncludes all Access devices that are currently discovered.
- <Select to include all devices in the Access group.Access group name>
- <Select to include the devices in the cluster.Cluster display name>
- <Select to include the device. You can select any device fromDevice name>Managed Devices,<, orAccess group name><.Cluster display name>
- From theTIMEFRAMEmenu, specify a time frame:
- Select a predefined time period. These range fromLast hourtoLast 3 months.
- Set a custom time period. SelectBetween,After, orBefore, and click the additional fields that display the set dates and times that support your selection.
- To save report data in a comma-separated values (CSV) file, click theCSV Reportbutton.The CSV file downloads.
- To refresh the data on this dashboard immediately, clickRefresh. To configure an automatic refresh, click the arrow next to it and then select1 minute,5 minutes, or10 minutes. You can alsoDisableautomatic refresh from this menu.
- UnderTop 5 Access Profiles By Session Count, select an Access profile from the top right corner of the chart to add or remove an Access profile from view.
What data can you monitor for the Access profile usage dashboard?
BIG-IQ Access allows you to monitor session data, grouped by Access profile used, from the Access Profile Usage dashboard. The session counts displayed on this dashboard include established and failed sessions. See the notes below to learn more about each category for which you can record data.
What charts are in the dashboard?
Value or Chart Title | Functionality |
---|---|
TOP 5 ACCESS PROFILES BY SESSION COUNT | View the most active Access profiles by number of sessions over time. |
Name | Displays name of the Access profile. |
Session Count | Displays the number of sessions for each Access profile over time. |
About access control list reports
Using BIG-IQ, you may generate reports on session data for both user-defined and system-generated access control lists (ACLs). ACLs restrict user access to host and port combinations that are specified in access control entries (ACEs). You can create ACLs when configuring an Access Group, and BIG-IQ will also generate them automatically whenever you create a portal access resource,
an app tunnel, or a
a remote desktop configuration.
Generate reports on ACL usage by action count. You can also use BIG-IQ to view the session details associated with a particular ACL result, and view all log messages for both allowed and denied ACL results.
View and configure ACL usage reports
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
Use BIG-IQ to generate a chart to summarize the top Access Control Lists (ACLs) and a table with data for the top ACLs by action count.
- Navigate to.
- At the top left of the screen, from theACCESS GROUP/DEVICESlist, either select one of the first two options (All DevicesandAll Managed Devices) or select one or more of the other options (<,Access group name><, orCluster display name><).Device name>
- All Managed DevicesIncludes all Access devices that are currently discovered.
- <Select to include all devices in the Access group.Access group name>
- <Select to include the devices in the cluster.Cluster display name>
- <Select to include the device. You can select any device fromDevice name>Managed Devices,<, orAccess group name><.Cluster display name>
- From theTIMEFRAMEmenu, specify a time frame:
- Select a predefined time period. These range fromLast hourtoLast 3 months.
- Set a custom time period. SelectBetween,After, orBefore, and click the additional fields that display the set dates and times that support your selection.
- Use theACL Action Typedropdown to view results for one type of action.
- Allow: Permit the traffic.
- Continue: Skip checking against the remaining access control entries in this ACL and continue evaluation at the next ACL.
- Discard: Drop the packet silently.
- Reject: Drop the packet and send a TCP RST message on TCP flows or proper ICMP messages on UDP flows. Silently drop the packet on other protocols.
- To save report data in a comma-separated values (CSV) file, click theCSV Reportbutton.The CSV file downloads.
- To refresh the data on this dashboard immediately, clickRefresh. To configure an automatic refresh, click the arrow next to it and then select1 minute,5 minutes, or10 minutes. You can alsoDisableautomatic refresh from this menu.
- For theTop 5 ACLschart, select the name of an ACL in order to remove it or add it to the chart view.
What data can you monitor for Access Control List usage?
BIG-IQ Access allows you to record and view Access Control List (ACL) usage data for an Access group or for a single managed BIG-IP device. See the notes below to learn more about the categories for which you can data.
What charts are in the dashboard?
Vale or Chart title | Functionality |
---|---|
TOP 5 ACLS | View the number of ACLs over time for each access profile. This chart will display data for a maximum of 5 ACLs. |
Name | Displays name of the ACL. |
Action Count | Displays the number of actions for each ACLs over time. |
View and configure the ACL summary dashboard
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
Use BIG-IQ to create a summary report of sessions by Access Control List (ACL) result, and see specific information for each session in the report.
- Navigate to.
- At the top left of the screen, from theACCESS GROUP/DEVICESlist, either select one of the first two options (All DevicesandAll Managed Devices) or select one or more of the other options (<,Access group name><, orCluster display name><).Device name>
- All Managed DevicesIncludes all Access devices that are currently discovered.
- <Select to include all devices in the Access group.Access group name>
- <Select to include the devices in the cluster.Cluster display name>
- <Select to include the device. You can select any device fromDevice name>Managed Devices,<, orAccess group name><.Cluster display name>
- From theTIMEFRAMEmenu, specify a time frame:
- Select a predefined time period. These range fromLast hourtoLast 3 months.
- Set a custom time period. SelectBetween,After, orBefore, and click the additional fields that display the set dates and times that support your selection.
- Select one of the options from theACL Resultsdropdown menu to display sessions with a specific ACL result. By default, sessions with all ACL results display. You can show allowed results only or denied results only by showing theACL RESULTSdropdown menu. SelectAll ACL Resultsto generate a report for sessions with all ACL results.
- To save report data in a comma-separated values (CSV) file, click theCSV Reportbutton.The CSV file downloads.
- To refresh the data on this dashboard immediately, clickRefresh. To configure an automatic refresh, click the arrow next to it and then select1 minute,5 minutes, or10 minutes. You can alsoDisableautomatic refresh from this menu.
- Click the blue session ID to open the Session Details screen, displaying session details and session variables.
- Use theLog Levelsmenu to sort by message severity. SelectingEmergencywill show only the most severe warnings, and selectingDebugwill display the lowest severity messages.
- SelectClose.
What data can you monitor for Access Control List summary dashboard?
BIG-IQ Access allows you to record Access Control List (ACL) summary data for an Access group or for a single managed BIG-IP device. See the notes below to learn more about each category for which you can record data.
What charts are in the dashboard?
Property | Functionality |
---|---|
Local Time | Displays the date and time that the ACL was created. |
HostName | Displays the BIG-IP device name. |
Session ID | Click the session ID to open the Session Details screen, displaying session details and session variables. |
ACL Result | Displays ACL result: Allow, Continue, or Reject. |
Src IP | Displays the source IP address. |
Src Port | Displays the source port number. |
Dest IP | Displays the destination IP address. |
Dest Port | Displays the destination port number. |
Virtual IP | Displays the IP address of the virtual server where the ACL originated. |
Scheme | Displays the authorization scheme that corresponds to the ACL. |
Host | Displays the host network that corresponds to the ACL. |
Path | Displays the path to which the ACL belongs. |
Partition | Displays the partition to which the ACL belongs. Only roles that are granted access to a partition can view the objects (such as the ACL) that the partition contains. If the ACL resides in the Common partition, all roles can access it. |
View and configure an ACL log messages report
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
Use BIG-IQ to generate a report for all ACL log messages. You can configure the report by ACL result and view session details.
- Navigate to.
- At the top left of the screen, from theACCESS GROUP/DEVICESlist, either select one of the first two options (All DevicesandAll Managed Devices) or select one or more of the other options (<,Access group name><, orCluster display name><).Device name>
- All Managed DevicesIncludes all Access devices that are currently discovered.
- <Select to include all devices in the Access group.Access group name>
- <Select to include the devices in the cluster.Cluster display name>
- <Select to include the device. You can select any device fromDevice name>Managed Devices,<, orAccess group name><.Cluster display name>
- From theTIMEFRAMEmenu, specify a time frame:
- Select a predefined time period. These range fromLast hourtoLast 3 months.
- Set a custom time period. SelectBetween,After, orBefore, and click the additional fields that display the set dates and times that support your selection.
- Select one of the options from theACL Resultsdropdown menu to display sessions with a specific ACL result. By default, sessions with all ACL results display. You can show allowed results only or denied results only by showing theACL RESULTSdropdown menu. SelectAll ACL Resultsto generate a report for sessions with all ACL results.
- To save report data in a comma-separated values (CSV) file, click theCSV Reportbutton.The CSV file downloads.
- To refresh the data on this dashboard immediately, clickRefresh. To configure an automatic refresh, click the arrow next to it and then select1 minute,5 minutes, or10 minutes. You can alsoDisableautomatic refresh from this menu.
- Click the blue session ID to open theSession Detailsscreen, displaying session details and session variables.
- Use theLog Levelsmenu to sort by message severity. SelectingEmergencywill show only the most severe warnings, and selectingDebugwill display the lowest severity messages.
- SelectClose.
What data is available for the ACL log message report?
BIG-IQ Access allows you to record log messages for Access Control Lists (ACLs). See the notes below to learn more about each category for which you can record data.
What charts are in the dashboard?
Properties | Functionality |
---|---|
Local Time | Displays the time and date the error message occurred. |
Session ID | Click the session ID to open the Session Details screen, displaying session details and session variables. |
HostName | Displays the managed BIG-IP device name. |
ACL Result | Displays the ACL result. |
ACL Name | Displays the name of the ACL. |
Log Message | Displays the log message. |
About session data for bad IP reputation
You can monitor session data for session requests initiated by an IP address listed in the IP intelligence database. The IP intelligence database contains only IP addresses that are considered untrustworthy, as a result of having performed exploits or attacks. Learn more about the F5 IP intelligence database here: https://support.f5.com/csp/article/K41310205.
To BIG-IQ to record data for this metric, you will need to have configured an Access policy with an IP Reputation Lookup agent. This agent allows Access to search for the IP address in the IP intelligence database.
If a session is initiated from an IP with a bad reputation, this means that the IP address exists in the IP intelligence database and the session request will be blocked. For example, the IP address may be a spam source or an infected system. APM sets rules to identify IP reputation by default, based on category. If you discover any categories that are categorized as bad reputations that you find acceptable to initiate a session, you can update the iRule or create another iRule to allow the session. If the IP reputation is good, the IP address is not found in the IP intelligence database and the session request can go through.
Use Access to monitor all session requests initiated by IP addresses with a bad reputation. You can also use this workflow to determine the category of IP reputation and to view detailed session information.
View and configure reports for sessions initiated by IPs with bad reputations
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
Enable IP intelligence on you managed BIG-IP devices in order to populate the IP intelligence database.
Use BIG-IQ to view session data for IP addresses in the IP intelligence database.
- Navigate to.
- At the top left of the screen, from theACCESS GROUP/DEVICESlist, either select one of the first two options (All DevicesandAll Managed Devices) or select one or more of the other options (<,Access group name><, orCluster display name><).Device name>
- All Managed DevicesIncludes all Access devices that are currently discovered.
- <Select to include all devices in the Access group.Access group name>
- <Select to include the devices in the cluster.Cluster display name>
- <Select to include the device. You can select any device fromDevice name>Managed Devices,<, orAccess group name><.Cluster display name>
- From theTIMEFRAMEmenu, specify a time frame:
- Select a predefined time period. These range fromLast hourtoLast 3 months.
- Set a custom time period. SelectBetween,After, orBefore, and click the additional fields that display the set dates and times that support your selection.
- To save report data in a comma-separated values (CSV) file, click theCSV Reportbutton.The CSV file downloads.
- To refresh the data on this dashboard immediately, clickRefresh. To configure an automatic refresh, click the arrow next to it and then select1 minute,5 minutes, or10 minutes. You can alsoDisableautomatic refresh from this menu.
- From theIP REPUTATION RATIO (ALL SESSIONS)pie chart, selectBadto view session details for session requests originating from IP addresses in the IP intelligence database. You can view data such top client IPs, top countries which sessions are originating from, top users, top Access profiles, top virtual servers, and top Access policy results.You can continue drilling down in this dashboard to customize the view depending on what information you are interested in. For example, if you were interested in viewing details on sessions originating from IP addresses in the intelligence database and originating from the United States, you would selectBadfrom theIP REPUTATION RATIO (ALL SESSIONS)pie chart and then select the dot over the United States in the map underTOP 10 COUNTRIES.
- To exit the nested view or to move up one level, select the breadcrumbs links at the top of the dashboard you want to navigate to.
What session data can you monitor for bad IP reputation?
BIG-IQ Access allows you to monitor APM sessions that originate from IP addresses that are present in the IP intelligence database. See the notes below to learn more about each category for which you can record data for
What charts are in the dashboard?
Chart title | Functionality |
---|---|
IP REPUTATION RATIO (ALL SESSIONS) | View the IP reputation ratio as a ratio of bad to other for all sessions. |
Local Time | Displays the time and date. |
HostName | Displays the BIG-IP device name. |
Session ID | Click the session ID to open the Session Details screen, displaying session details and session variables. |
Client IP | Displays the IP address of the client device. |
IP Reputation | Displays the category of the IP reputation. |
About browser and operating system session reports
From the Access dashboards in BIG-IQ, you can view browser and operating system (OS) information, as well as detailed session information, for specific managed BIG-IP devices provisioned for Access usage or for all devices in an Access group. Use BIG-IQ to monitor data on which browsers and operating systems are being used to initiate session requests, and to view detailed session data per operating system.
View and configure session data by browser OS
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
You can use BIG-IQ to view session data organized by browser and operating system information for a particular managed BIG-IP device or for all devices in an Access group.
- Navigate to.
- At the top left of the screen, from theACCESS GROUP/DEVICESlist, either select one of the first two options (All DevicesandAll Managed Devices) or select one or more of the other options (<,Access group name><, orCluster display name><).Device name>
- All Managed DevicesIncludes all Access devices that are currently discovered.
- <Select to include all devices in the Access group.Access group name>
- <Select to include the devices in the cluster.Cluster display name>
- <Select to include the device. You can select any device fromDevice name>Managed Devices,<, orAccess group name><.Cluster display name>
- From theTIMEFRAMEmenu, specify a time frame:
- Select a predefined time period. These range fromLast hourtoLast 3 months.
- Set a custom time period. SelectBetween,After, orBefore, and click the additional fields that display the set dates and times that support your selection.
- To save report data in a comma-separated values (CSV) file, click theCSV Reportbutton.The CSV file downloads.
- To refresh the data on this dashboard immediately, clickRefresh. To configure an automatic refresh, click the arrow next to it and then select1 minute,5 minutes, or10 minutes. You can alsoDisableautomatic refresh from this menu.
- To learn which browsers are most commonly being used to initiate sessions, view the data under theBROWSER VERSIONS BY SESSION COUNTchart.
- In theOS PLATFORM VERSIONS BY SESSION COUNTchart, select one of the segments of the pie chart bars to view session details for that OS. Available session details include top client IPs using that OS, top countries initiating sessions from that OS, top users, top Access profiles, top virtual servers, top Access policy results, and detailed session information.You can continue drilling down in this dashboard to customize the view depending on what information you are interested in. For example, if you wanted to view details about sessions originating from Windows 8 and using the same virtual server, you would selectWin8from theOS PLATFORM VERSIONS BY SESSION COUNTdashboard and then select the horizontal bar by the virtual server you are interested in underTOP 10 VIRTUAL SERVERS.
- To exit the nested view or to move up one level, select the breadcrumbs links at the top of the dashboard you want to navigate to.
What browser and operating system data can you monitor for sessions?
BIG-IQ Access allows you to view session data, organized by browser and operating system details, for a particular Access device or for all devices in an Access group. See the notes below to learn more about each category for which you can record data.
What charts are in the dashboard?
Chart title or property | Functionality |
---|---|
BROWSER VERSIONS BY SESSION COUNT | View the browser versions by session count. |
OS PLATFORM VERSIONS BY SESSION COUNT | View the OS platform versions by session count. |
Browser/Application | Displays the browser or application type. |
Version | Displays the browser or application version. |
OS | Displays the operating system type. |
Count | Displays the session count. |
About session geolocation data
Use BIG-IQ Centralized Management to view the distribution of sessions organized by geographic location. From this report, you can view a map representing the geographic origin of all sessions initiated within a specified time period, and obtain detailed information for each session represented in the report.
View and configure session geolocation data
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
Use BIG-IQ to generate a report to view the distribution of sessions organized by geographic location.
- Navigate to.
- At the top left of the screen, from theACCESS GROUP/DEVICESlist, either select one of the first two options (All DevicesandAll Managed Devices) or select one or more of the other options (<,Access group name><, orCluster display name><).Device name>
- All Managed DevicesIncludes all Access devices that are currently discovered.
- <Select to include all devices in the Access group.Access group name>
- <Select to include the devices in the cluster.Cluster display name>
- <Select to include the device. You can select any device fromDevice name>Managed Devices,<, orAccess group name><.Cluster display name>
- From theTIMEFRAMEmenu, specify a time frame:
- Select a predefined time period. These range fromLast hourtoLast 3 months.
- Set a custom time period. SelectBetween,After, orBefore, and click the additional fields that display the set dates and times that support your selection.
- To save report data in a comma-separated values (CSV) file, click theCSV Reportbutton.The CSV file downloads.
- To refresh the data on this dashboard immediately, clickRefresh. To configure an automatic refresh, click the arrow next to it and then select1 minute,5 minutes, or10 minutes. You can alsoDisableautomatic refresh from this menu.
- To view session data by country, go to the map titledSESSION COUNT DISTRIBUTION ACROSS COUNTRIES. Use your cursor to move the view to the part of the map you are interested in, or use+and-to zoom in or zoom out.
- To view session data for one country, click the colored dot on the country you are interested in.A dashboard with data on the top client IP addresses, top users, top Access profiles, top virtual servers, top client platforms, and most common Access policy results will display.You can continue to drill down based on the information you are interested in. For example, if you were interested in session requests originating from the United States using theca_policyan Access profile you have created for California residents, you would select the United States from theSESSION COUNT DISTRIBUTION ACROSS COUNTRIES, and then when the next dashboard loads, you would select your Access profile named/Common/ca_policyfrom underTOP 10 ACCESS PROFILES.
- To exit the nested view or to move up one level, select the breadcrumbs links at the top of the dashboard you want to navigate to.
- To view session data originating from a particular state or province, perform the same steps as above with theSESSION COUNT DISTRIBUTION ACROSS STATESchart.
What data can you monitor in the geographic session data?
BIG-IQ Access allows you view the distribution of all APM sessions by geographic location. See the notes below to learn more about each category you can record data for.
What charts are in the dashboard?
Chart title | Functionality |
---|---|
SESSION COUNT DISTRIBUTION ACROSS COUNTRIES | View the session count distribution across countries. |
SESSION COUNT DISTRIBUTION ACROSS STATES | View the session count distribution across states or provinces. |
State/Province | Displays the state or province where the sessions originated. |
Country | Displays the country where the sessions originated. |
Continent | Displays the continent where the sessions originated. |
Count | Displays the session count. |
About denied sessions
You can monitor the sessions that
BIG-IQ® Centralized Management denies. By using the Access Monitoring option,
you can view the following information:
- The history of denied sessions
- The reasons why sessions were denied
- The top denied users, sorted by session count
- The top authentication failures
- The top denied policies
- The top denied sessions by country of origin
- The top denied session by the virtual server
- The denied sessions, sorted by the client platform
Viewing and configuring denied sessions reports
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
Use BIG-IQ to generate a report on which sessions were denied by your Access policies, as well to create a report.
- Click.
- From theACCESS GROUP/DEVICElist at upper left, selectManaged Devices, or one or more of these options:
- <Select to include all devices in the Access group.Access group name>
- <Select to include the devices in the cluster.Cluster display name>
- <Select to include the device. You can select any device fromDevice name>Managed Devices,<, orAccess group name><.Cluster display name>
- From theTIMEFRAMEmenu, specify a time frame:
- Select a predefined time period. These range fromLast hourtoLast 3 months.
- Set a custom time period. SelectBetween,After, orBefore, and click the additional fields that display the set dates and times that support your selection.
- To save report data in a comma-separated values (CSV) file, click theCSV Reportbutton.The CSV file downloads.
- From theDENIED SESSIONS/AUTH FAILURES OVER TIMEchart, select or deselectAuth FailuresorDenied Sessionsfrom the top right corner of the chart to add or remove them from view.
- From any of the bar charts, select one of the horizontal bars to view details such as the authentication failure categories, top 10 reasons for denied sessions, top 10 denied users, top 10 denied Access policies, top 10 virtual servers by denied sessions, and top 10 client platforms by denied sessions.You can continue drilling down in this dashboard to customize the view depending on what information you are interested in. For example, if you wanted to view details about LDAP failures associated with a particular Access policy, click the bar by the Access policy you are interested in under the chartTOP 10 DENIED POLICIES, then on the next screen, select the bar by LDAP Failure under theTOP 10 DENIED REASONSchart. The customized dashboard will display all LDAP failures that resulted in denied sessions and originated from a single Access policy.
- To exit out of the nested view or to move up one level, select the blue links at the top with the dashboard you would like to navigate to.
From here, you can view details regarding denied sessions and create a report.
What data can you monitor for denied session reports?
BIG-IQ Access allows you to monitor denied Access Control List (ACL) sessions data. See the notes below to learn more about each category for which you can record data.
What charts are in the dashboard?
Chart title or property | Functionality |
---|---|
Denied Sessions/Auth Failures Over Time | View denied sessions and authentication failures over time. |
Top 10 Auth Failures Categories | Displays the 10 most common session authentication failures during the specified time period. |
Top 10 Denied Reasons | Displays the 10 most common reasons the session request was denied for the specified time period. |
Top 10 Denied Users | Displays the top 10 users who most frequently experienced a denied session request. |
Top 10 Denied Policies | Displays the top 10 Access policies involved in denied session requests over the specified time period. |
Top 10 Virtual Servers by Denied Sessions | Displays the top 10 virtual servers involved in denied session requests over the specified time period. |
Top 10 Client Platform by Denied Sessions | Displays the top 10 client platforms used to initiate a denied session request. |
Local Time | Displays the date and time that the ACL was created. |
HostName | Displays the BIG-IP device name. |
Session ID | Click the session ID to open the Session Details screen, displaying session details and session variables. |
User Name | Displays the user name for the BIG-IP device. |
Denied Reason | Displays the reason the session was denied. |
Auth Failure | Displays authentication failure category. |
Virtual IP | Displays the IP address of the virtual server. |
Client IP | Displays the IP address of the client. |
Client OS | Displays the operating system of the client. |
Access Profile | Displays the Access profile associated with the ACL session. |
Country | Displays country where the session originated. |
About monitoring endpoint software
Endpoint (client-side) security is a strategy for ensuring that a client device does not present a security risk before it is granted a remote-access connection to the network. Endpoint software verifies that desktop antivirus and firewall software is in place, systems are patched, keyloggers or other dangerous processes are not running, and sensitive data is not left behind in web caches and other vulnerable locations.
Use BIG-IQ Centralized Management to record and view data for the various endpoint security products used by APM users who initiate session requests. You can also view session details for each session where endpoint checks were performed.
View and configure endpoint software summary dashboard
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
Use BIG-IQ to record data for sessions involving endpoint security check software.
- Navigate to.
- At the top left of the screen, from theACCESS GROUP/DEVICESlist, either select one of the first two options (All DevicesandAll Managed Devices) or select one or more of the other options (<,Access group name><, orCluster display name><).Device name>
- All Managed DevicesIncludes all Access devices that are currently discovered.
- <Select to include all devices in the Access group.Access group name>
- <Select to include the devices in the cluster.Cluster display name>
- <Select to include the device. You can select any device fromDevice name>Managed Devices,<, orAccess group name><.Cluster display name>
- From theTIMEFRAMEmenu, specify a time frame:
- Select a predefined time period. These range fromLast hourtoLast 3 months.
- Set a custom time period. SelectBetween,After, orBefore, and click the additional fields that display the set dates and times that support your selection.
- To save report data in a comma-separated values (CSV) file, click theCSV Reportbutton.The CSV file downloads.
- To refresh the data on this dashboard immediately, clickRefresh. To configure an automatic refresh, click the arrow next to it and then select1 minute,5 minutes, or10 minutes. You can alsoDisableautomatic refresh from this menu.
- In theSOFTWARE CHECKS TYPEchart, select one of the horizontal bars to view details such as the users, endpoint check products, geolocation distribution, and client OS involved in this endpoint check.You can continue drilling down in this dashboard to customize the view depending on what information you are interested in. For example, if you wanted to view details about antivirus checks initiated by the user Julie, you would selectAntivirusfrom theSOFTWARE CHECKS TYPEdashboard and then select the horizontal bar by Julie's name under the chartTOP 10 Users.
- To exit out of the nested view or to move up one level, select the blue links at the top with the dashboard you would like to navigate to.
- In theTOP 10 USED PRODUCTSchart, select a software check product that you would like to view details for. You may view details such as top users, vendor information, geolocation data, and client OS distribution, as well as session data.You can continue drilling down in this dashboard to customize the view depending on what information you are interested in.Exit out of the nested view when you are finished.
- In theTOP 10 VENDORS USEDchart, select a software check vendor that you would like to view details for. You may view details such as top users, software check product information, geolocation data, and client OS distribution, as well as session data.You can continue drilling down in this dashboard to customize the view depending on what information you are interested in.Exit out of the nested view when you are finished.
What data can you monitor for the endpoint software summary dashboard?
BIG-IQ Access allows you to monitor endpoint security check summary data for each established session. See the notes below to learn more about each category for which you can record data.
What charts are in the dashboard?
Chart title or property | Functionality |
---|---|
SOFTWARE CHECKS TYPES | Displays the types of software checks. |
TOP 10 USED PRODUCTS | Displays the top ten products used. |
TOP 10 USED VENDORS | Displays the top ten vendors used. |
Top 100 Products, Vendors Types by used count | Displays the top 100 products and the type of vendors used. |
Type | Displays the type of vendor used for the software check. |
Product Name | Displays the name of the product used for the endpoint software check. |
Vendor Name | Displays the name of the vendor who provides the product for the software check. |
Version | Displays the software version for the product providing the software check. |
Usage Count | Displays the number of times the product was used for an endpoint software check. |
Distinct Users | Displays the number of individual users who initiated the endpoint software check. |
View and configure an endpoint software details report
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
Use BIG-IQ to generate detailed reports for sessions involving endpoint security checks.
- Navigate to.
- At the top left of the screen, from theACCESS GROUP/DEVICESlist, either select one of the first two options (All DevicesandAll Managed Devices) or select one or more of the other options (<,Access group name><, orCluster display name><).Device name>
- All Managed DevicesIncludes all Access devices that are currently discovered.
- <Select to include all devices in the Access group.Access group name>
- <Select to include the devices in the cluster.Cluster display name>
- <Select to include the device. You can select any device fromDevice name>Managed Devices,<, orAccess group name><.Cluster display name>
- From theTIMEFRAMEmenu, specify a time frame:
- Select a predefined time period. These range fromLast hourtoLast 3 months.
- Set a custom time period. SelectBetween,After, orBefore, and click the additional fields that display the set dates and times that support your selection.
- To save report data in a comma-separated values (CSV) file, click theCSV Reportbutton.The CSV file downloads.
- To refresh the data on this dashboard immediately, clickRefresh. To configure an automatic refresh, click the arrow next to it and then select1 minute,5 minutes, or10 minutes. You can alsoDisableautomatic refresh from this menu.
- Choose to view logs of only one severity by selecting a value from theLog Leveldropdown.
- Use theLog Levelsmenu to sort by message severity. SelectingEmergencywill show only the most severe warnings, and selectingDebugwill display the lowest severity messages.
- SelectClose.
What data can you monitor for the endpoint software details dashboard?
BIG-IQ Access allows you to monitor endpoint security check details for each established session. See the notes below to learn more about each category for which you can record data.
What charts are in the dashboard?
Property | Functionality |
---|---|
Local Time | Displays the local timestamp when the endpoint check took place. |
Hostname | Displays the BIG-IQ system from which the endpoint check originates. |
Cluster | Displays the BIG-IQ cluster. |
Session ID | Click the session ID to open the Session Details screen, displaying session details and session variables. |
Product Name | Displays the name of the product with endpoint software. |
Vendor Name | Displays name of the vendor who supplies the product. |
Version | Displays the product version. |
User Name | Displays the logon name used to perform the endpoint check. |
Client OS | Displays the operating system where the endpoint check originates. |
Continent | Displays the continent where the endpoint check originates. |
Country | Displays the country where the endpoint check originates. |
State | Displays the state or province where the endpoint check originates. |
About monitoring license usage
Use BIG-IQ Centralized Management to monitor APM license usage to monitor if you are close to your license usage limits for BIG-IQ APM. You can monitor the number of users with active Access sessions, Connectivity sessions, and Secure Web Gateway (SWG) sessions.
Viewing and configuring license usage reports
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
Use BIG-IQ to monitor the number of sessions by
license usage, including Access sessions, Connectivity sessions, and SWG
sessions.
- Navigate to.
- At the top left of the screen, from theACCESS GROUP/DEVICESlist, either select one of the first two options (All DevicesandAll Managed Devices) or select one or more of the other options (<,Access group name><, orCluster display name><).Device name>
- All Managed DevicesIncludes all Access devices that are currently discovered.
- <Select to include all devices in the Access group.Access group name>
- <Select to include the devices in the cluster.Cluster display name>
- <Select to include the device. You can select any device fromDevice name>Managed Devices,<, orAccess group name><.Cluster display name>
- From theTIMEFRAMEmenu, specify a time frame:
- Select a predefined time period. These range fromLast hourtoLast 3 months.
- Set a custom time period. SelectBetween,After, orBefore, and click the additional fields that display the set dates and times that support your selection.
- To save report data in a comma-separated values (CSV) file, click theCSV Reportbutton.The CSV file downloads.
- To refresh the data on this dashboard immediately, clickRefresh. To configure an automatic refresh, click the arrow next to it and then select1 minute,5 minutes, or10 minutes. You can alsoDisableautomatic refresh from this menu.
- Select up to 5 managed BIG-IP devices from the hostname list in order to monitor the license usage originating from those devices.
- To add or remove a managed BIG-IP device from any of the license usage charts, select the hostname in the top right corner of the chart.
What data can I monitor for license usage reports?
BIG-IQ Access allows you to monitor APM session data filtered by license usage: APM usage, Connectivity usage, and Secure Web Gateway usage. From this page, you can generate customizable and dynamic reports to monitor license usage by managed BIG-IP device. See the notes below to learn more about each category for which you can generate data.
What charts are in the dashboard?
Chart Title or Property | Functionality |
---|---|
ACCESS SESSIONS | Displays the number of APM sessions per day by device. |
CONNECTIVITY SESSIONS | Displays the number of Connectivity sessions per day by device. |
SWG SESSIONS | Displays the number of Secure Web Gateway (SWG) sessions per day by device. |
About monitoring new APM sessions
From BIG-IQ, you can monitor the number of new APM sessions over a specified period of time in order to measure recent traffic or to troubleshoot recent session issues. Use the new sessions dashboard to view the total number of established sessions, timed-out session requests, and denied session requests.
View and configure new sessions report
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
You can use BIG-IQ to generate reports on new sessions.
- Navigate to.
- At the top left of the screen, from theACCESS GROUP/DEVICESlist, either select one of the first two options (All DevicesandAll Managed Devices) or select one or more of the other options (<,Access group name><, orCluster display name><).Device name>
- All Managed DevicesIncludes all Access devices that are currently discovered.
- <Select to include all devices in the Access group.Access group name>
- <Select to include the devices in the cluster.Cluster display name>
- <Select to include the device. You can select any device fromDevice name>Managed Devices,<, orAccess group name><.Cluster display name>
- From theTIMEFRAMEmenu, specify a time frame:
- Select a predefined time period. These range fromLast hourtoLast 3 months.
- Set a custom time period. SelectBetween,After, orBefore, and click the additional fields that display the set dates and times that support your selection.
- To save report data in a comma-separated values (CSV) file, click theCSV Reportbutton.The CSV file downloads.
- To refresh the data on this dashboard immediately, clickRefresh. To configure an automatic refresh, click the arrow next to it and then select1 minute,5 minutes, or10 minutes. You can alsoDisableautomatic refresh from this menu.
- Customize theNEW SESSIONS OVER TIMEchart by selecting the session result you would like to view.For example, if you would like to filter your view by new session requests that were unsuccessful, selectDeniedandTimed Outfrom the top right corner of the chart.
What data can you monitor for new sessions?
BIG-IQ Access allows you to monitor new session data filtered by result of the session request. See the notes below to learn more about each category for which you can generate data.
What charts are in the dashboard?
Chart title or properties | Functionality |
---|---|
NEW SESSIONS OVER TIME | Displays the number of new sessions per day over a specified time period, organized by total sessions, established sessions, denied sessions, and timed out session requests. |
Local Time | Displays the time and date of the new ACL session. |
Established / min | Displays the number of sessions established per minute. |
Denied / min | Displays the number of sessions denied per minute. |
Time out / min | Displays the number of session timeouts per minute. |
Total / min | Displays the total number of sessions per minute. |