Manual Chapter : Enable HTTP Traffic Capturing

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.0.0
Manual Chapter

Enable HTTP Traffic Capturing

Reviewing captured traffic details

Traffic capturing prompts the system to log traffic request and response headers and payload data, based on specific collection requirements. You enable traffic capturing in your Analytics profile to monitor a known application issue, such as trouble with throughput or latency, or a known factor that can impact application performance, such as HTTP method, or client IP address. You can specify these traffic aspects to later examine application statistics, and troubleshoot captured transactions.
Once enabled, you can examine the captured traffic to explore details, such as the payload of captured transactions, requested URLs and response size. When traffic capturing is enabled, you can view data about captured traffic within the charts for HTTP traffic statistics.

Configure traffic capturing for troubleshooting

Before you begin, you need to ensure that AVR is provisioned on your managed BIG-IP devices, and that Statistics Collection is enabled on your BIG-IQ per device (
Devices
BIG-IP DEVICES
<DEVICE NAME>
STATISTICS COLLECTION
). Enabling Statistics Collection ensures that traffic data from BIG-IP is logged on BIG-IQ.
To view log messages on an external server, you must configure a Remote Publisher. For more information about configuring a Remote Publisher, see the
Managing Logs
section of
BIG-IQ Centralized Management: Local Traffic and Network Implementations
on
support.f5.com
.
You can configure your HTTP analytics profile to capture traffic headers and additional transaction details. Once configured, you can review captured traffic, based upon specific transaction parameters and performance thresholds.
  1. Go to
    Configuration
    LOCAL TRAFFIC
    Profiles
    .
    This screen lists the profiles that are configured for the managed BIG-IP devices in your network.
  2. Select the HTTP Analytics profile you wish to edit.
    The
    analytics
    profile is a default profile for all HTTP Analytics management. If you are creating a new HTTP Analytics profile, make sure to select the
    Override All
    check box to change the settings inherited by the parent profile.
  3. For
    Captured Traffic Internal Logging
    , select
    Enable
    to manage the Capture Filter settings.
    AS3 Attribute
    capturedTrafficInternalLogging
    Once you enable a traffic capturing, the Capture Filter area becomes available. This allows you to further configure which traffic you would like to capture.
  4. (Optional) To send captured traffic to an external server, enable
    Captured Traffic External Logging
    .
    AS3 Attribute
    capturedTrafficExternalLogging
    To specify Remote Publisher:
    externalLoggingPublisher
    Once you enable this field, you can select a pre-configured server from the
    Remote Publisher
    field.
  5. From the
    Capture Request Details
    and
    Capture Response Details
    lists, select the options that indicate the part of the traffic to capture.
    Detail options for request and response capture:
    Entity
    Description
    None
    Specifies that the system does not capture request (or response) data.
    Headers
    Specifies that the system captures request (or response) header data only.
    Body
    Specifies that the system captures the body of requests (or responses) only.
    All
    Specifies that the system captures all request (or response) data, including header and body.
    Entity
    AS3 Attribute
    Capture Request Details
    requestCapturedParts
    Capture Response Details
    responseCapturedParts
  6. For
    DoS Activity
    , select the option that indicates which DoS traffic is captured.
    Option
    Description
    Any
    Specifies that the system captures any traffic regardless of DoS activity.
    Mitigated by Application DoS
    Specifies that the system only captures DoS traffic if it was mitigated.
    AS3 Attribute
    dosActivity
  7. For
    Protocols
    , specify whether the system captures
    All
    traffic, or traffic with
    HTTP
    , or
    HTTPS
    protocols.
    AS3 Attribute
    capturedProtocols
  8. For
    Qualified for JavaScript Injection
    , you can select
    Qualified only
    to specify that the system only captures traffic that qualifies for JavaScript injection, which includes the following conditions:
    • The HTTP content is not compressed
    • The HTTP content-type is
      text/html
      .
    • The HTTP content contains an HTML
      <head>
      tag
    AS3 Attribute
    capturedReadyForJsInjection
  9. Customize the dimension filters, according to your application needs, to capture the portion of traffic to that you need for troubleshooting.
    Dimension filters capture traffic according to defined aspects of the transaction's configuration, or header/payload contents. By focusing in on the data and limiting the type of information that is captured, you can troubleshoot particular areas of an application more efficiently. For example, capture only requests or responses, specific status codes or methods, or headers containing a specific string.
    Entity
    Description
    AS3 Attribute
    Response Status Codes
    Select
    All
    to capture traffic, regardless of the HTTP status response code.
    Select
    Only
    to capture traffic with specific response status codes. To specify, add response status codes to the
    Selected Status Codes
    list from the
    Available Status Codes
    list.
    responseCodes
    HTTP Methods
    Select
    All
    to capture traffic, regardless of the HTTP request method.
    Select
    Only
    to capture traffic with requests that contain a specific HTTP method. To specify, add methods to the
    Selected Methods
    list from the
    Available Methods
    list.
    methods
    URL
    Select
    All
    to capture traffic with requests for any URL.
    Select
    Starts With
    to only capture traffic with requests for URLs that start with a specific string.
    If you select this option, and leave the list blank, the system will not capture any traffic.
    Select
    Does not start with
    to capture traffic with requests for URLs except for those that start with a specific string.
    You can add up to 10 different strings to the list. If the list is blank, the system will capture traffic with requests for any URL.
    urlFilterType
    To add URL prefixes:
    urlPathPrefixes
    User Agent
    Select
    All
    to capture traffic sent from any browser.
    Select
    Contains
    to only capture traffic sent from a browser that contains a specific string.
    You can add up to 10 different strings to the list. If the list is blank, the system will capture traffic sent from any browser.
    userAgent
    To add User Agent substrings
    userAgentSubstrings
    Client IP Address
    Select
    All
    to capture traffic sent to, or from, any client IP address.
    Select
    Only
    to only capture traffic sent to or from a specific client IP address.
    You can add up to 10 different IP addresses to the list. If the list is blank, the system will capture traffic sent to, or from, any IP address.
    clientIps
    Request Containing String
    Select
    All
    to capture all traffic.
    Select
    Search in
    filter captured traffic that includes a specific string contained in the request.
    requestContentFilterSearchString
    Response Containing String
    Select
    All
    to capture all traffic.
    Select
    Search in
    filter captured traffic that includes a specific string contained in the response.
    responseContentFilterSearchString
  10. Click
    Save & Close
    .
Your
analytics
profile is now configured for traffic capturing.You can assign this profile to your virtual servers, if they do not yet have an Analytics profile configured.

Review captured traffic

To display captured traffic, your virtual server must be assigned an HTTP analytics profile that has captured traffic enabled, with external logging.
You can troubleshoot details of captured HTTP traffic to your applications and virtual servers. This information can provide details of request/response headers and payload sent to your managed application. Captured traffic information is found within the following dashboards that provide HTTP traffic visibility:
  • Device Traffic:
    Monitoring
    DASHBOARDS
    Device
    Traffic
    .
  • DDoS HTTP Analysis:
    Monitoring
    DASHBOARDS
    DDoS
    HTTP Analysis
    .
  • Local Traffic:
    Monitoring
    DASHBOARDS
    Local Traffic
    HTTP
    .
  1. Navigate to one of the monitoring dashboards that display HTTP traffic data.
  2. Select the
    Traffic Capturing
    button above the charts.
    Selecting this option overlays captured traffic data over the charts, and adds a traffic capturing filter in the Dimensions pane.
  3. To filter captured traffic based on a specific host object, such as a BIG-IP system (
    BIG-IP Host Names
    ), application (
    Applications Services
    ), or virtual server (
    Virtual Servers
    ), expand the dimension widgets in the Dimensions pane to the right of the charts.
    You can select multiple dimension objects from multiple dimensions. With each selection, the charts and dimensions filter displayed data according to your selections.
  4. To filter captured traffic based on server latency and payload volume metrics, expand the
    Traffic Capturing Filters
    found in the dimensions pane.
    For latency metrics, you can enter a range, or set a greater or less than filter value.
  5. To view traffic details, select a traffic capturing icon from within the chart to display an information table.
    You can click the rows within the displayed table to view additional request/response header and payload information.