Manual Chapter :
Warehouse Topic: Access Product
Applies To:
Show VersionsBIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0, 8.0.0
Warehouse Topic: Access Product
Before BIG-IQ can display Access report data
for a managed BIG-IP device, you must first complete the following tasks:
- Add the managed BIG-IP device to the BIG-IQ Centralized Management inventory
- Discover and import the managed BIG-IP device
- Have a BIG-IQ user enable Access remote logging configuration on the managed BIG-IP device
- Admin
- Access Manager
- Access Deployer
This text appears when you use the full prereq. But it can also be used independently.
- Log in to the BIG-IQ system with your user name and password.
- At the top of the screen, selectConfiguration, then on the left side of the screen, click .
- Click the name of an Access group.A new screen displays the group's properties.
- Enter aPartition. The default isCommon. You can also enter a custom path to a partition you have created. Only users with access to a partition can view the objects that the partition contains. If the object resides in theCommonpartition, all users can access it.
- ClickShared resources.The screen displays a list of resources, withACCESS POLICIESselected.
- Select the type of resource that you want to change.The screen displays a list of resources of that type on the right.
- At the top of the screen, selectAccess Reporting.A Summary report (for all devices and a default timeframe) starts to generate and display.
- From the left, select any report that you want to run.
- At the top left of the screen, from theACCESS GROUP/DEVICESlist, either select one of the first two options (All DevicesandAll Managed Devices) or select one or more of the other options (<,Access group name><, orCluster display name><).Device name>
- All Managed DevicesIncludes all Access devices that are currently discovered.
- <Select to include all devices in the Access group.Access group name>
- <Select to include the devices in the cluster.Cluster display name>
- <Select to include the device. You can select any device fromDevice name>Managed Devices,<, orAccess group name><.Cluster display name>
- From theTIMEFRAMEmenu, specify a time frame:
- Select a predefined time period. These range fromLast hourtoLast 3 months.
- Set a custom time period. SelectBetween,After, orBefore, and click the additional fields that display the set dates and times that support your selection.
- To save report data in a comma-separated values (CSV) file, click theCSV Reportbutton.The CSV file downloads.
- To refresh the data on this dashboard immediately, clickRefresh. To configure an automatic refresh, click the arrow next to it and then select1 minute,5 minutes, or10 minutes. You can alsoDisableautomatic refresh from this menu.
- To add this device to a new cluster:If a device is not a member of a Sync-Failover group that you configured to support an Active-Standby configuration for APM, do not add it to a cluster.If the device is the first member of a Sync-Failover group that you have added to the BIG-IQ system, add it to a new cluster. It does not matter whether this device is the Active or the Standby member of the group.
- From theCluster Display Namelist, selectCreate New, and then type a new name for this new cluster.A cluster name must be unique on the BIG-IQ system. It does not need to match the name of the Sync-Failover group on the BIG-IP device. However, it makes sense to chose a name that is similar, because when you add the additional members to the group, you must add it to the same cluster.
- Select an option fromDeployment Settings:
- Initiate BIG-IP DSC sync when deploying configuration changes (Recommended)Select this option to prompt BIG-IQ to start the DSC synchronization process so that any configuration change made to this device is synchronized with other members of the DSC. This option makes sure all members of the DSC have the most current configuration.
- Ignore BIG-IP DSC sync when deploying configuration changesSelect this option to have BIG-IQ deploy any configuration changes for this device to all cluster members. Use this option only if this device is not configured in a DSC Sync-Failover device group, or if any members of the cluster are disabled.
- To add this device to an existing cluster:If the device is the second member of a Sync-Failover group that you have added to the BIG-IQ system, add the device to the existing cluster for that Sync-Failover group.
- From theCluster Display Namelist, selectUse Existing, and then select the cluster from the list.
- Select an option from theDeployment Settings:
- Initiate BIG-IP DSC sync when deploying configuration changes (Recommended)Select this option to prompt BIG-IQ to push any configuration changes to this device to other members of the DSC. This option makes sure all members of the DSC have the most current configuration.
- Ignore BIG-IP DSC sync when deploying configuration changesSelect this option to have BIG-IQ deploy any configuration changes for this device to all cluster members. Use this option only if this device is not configured in a DSC Sync-Failover device group, or if any members of the cluster are disabled.
- For Access Policy Manager (APM), select theCreate a snapshot of the current configuration before importingcheck box to save a copy of the device's current configuration.You are not required to create a snapshot, but it is a good idea in case you have to revert to the previous configuration for any reason.
- For Local Traffic (LTM), select theCreate a snapshot of the current configuration before importingcheck box to save a copy of the device's current configuration.You are not required to create a snapshot, but it is a good idea in case you have to revert to the previous configuration for any reason.
- Click.The User Summary screen displays, showing detailed information for specific users.
- Click.The screen displays the SWG analytics screen. By default, the screen displays statistics from the past hour. You can adjust the time settings using the controls found at the top of the screen.
- Click.The Summary report is an example of the type of report that presents high-level data, and provides access to underlying data.BIG-IQ starts to generate and display a Summary report (for all devices and using a default timeframe).
- Click.BIG-IQ displays the list of alert rules configured on this system.
- Click.
- Click.BIG-IQ displays a list of all triggered alerts.
- Click.BIG-IQ opens the Authorization Server Performance screen.
- Click.BIG-IQ opens the Token Summary screen.
- Click.
- Click.
- Click.
- Click.
- Click.
- Click.The screen displays a list of active sessions for all devices.
- Click.A Summary report (for all devices and a default timeframe) starts to generate and display.
- Use theLog Levelsmenu to sort by message severity. SelectingEmergencywill show only the most severe warnings, and selectingDebugwill display the lowest severity messages.
- To view details for a specific session, click the ID under theSession IDcolumn.