Manual Chapter : Enhanced analytics for HTTP traffic and security services

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.0.0
Manual Chapter

Enhanced analytics for HTTP traffic and security services

Collect additional data to troubleshoot an application's performance

You can use the Analytics area of the Application screen to collect additional data about application traffic data. This prompts the system to collect additional metrics about your application's performance, which enhances your troubleshooting capabilities.
You can enable Enhanced Analytics on multiple applications at once to the enhanced data objects in the HTTP dashboard (click
Monitoring
DASHBOARDS
Local Traffic
HTTP
).
  1. Open the application properties screen by selecting the application's name from the Applications screen ( click
    Applications
    APPLICATIONS
    <Application Name>
    <Application Service>
    ).
  2. Click the
    Enhanced Analytics
    button to Enhanced Analytics Settings popup screen.
    By default, all HTTP metrics (check boxes) are enabled (selected). Selecting only one, or a focused number of metrics, improves the quality of the data collected.
  3. Ensure that the
    Collect HTTP metrics for <Application Name>
    check box is selected.
  4. Leave selected only the check boxes you want, to view specific data within the chart dimensions of the Analytics area.
  5. To view details about your application's security, select
    Collect Security metrics for all devices hosting <Application Name>
    .
  6. Click
    Start
    .
    The detail screen for this application displays a banner across the top of the screen, Enhanced Analytics On, with a
    Stop
    button. If you return to the Applications screen, the health icon in the applications list is highlighted to indicate which application is running Enhanced Analytics.
  7. To disable Enhanced Analytics, click the
    Stop
    button in the Enhanced Analytics On banner.
    You can also click
    Enhanced Analytics
    , and click
    Stop
    in the Enhanced Analytics Settings popup window.
    Once you have completed troubleshooting, disable Enhanced Analytics to reduce disk usage allocated for statistics data collection.
When Enhanced Analytics mode is off, dimension statistics persist in the dimension object list, when viewing a time period from when Enhanced Analytics was enabled.

HTTP: Enhanced Analytics metric settings

This table lists and describes HTTP options in the Enhanced Analytics Settings popup screen displays additional metric data for the corresponding dimensions, when enabled. The added data is displayed in the HTTP traffic charts. When disabled, these dimensions display aggregated data. When disabled, the dimensions in the table below display data as N/A.
Enhanced Metric Setting
Affected Dimension(s)
Description
Suggested Use
IP Address
Client IPs
The IP addresses from which your application receives requests.
General application performance testing
Geolocation
Countries
The countries from which your application receives requests.
General application performance testing, identifying user personas, security validation.
Operating System & Browser
OSs
Browsers
The operating systems and browsers from which your application receives requests.
General application performance testing, testing performance of URLs with high resource requirements.
HTTP Method
Methods
The HTTP request methods to your application's resources.
General application performance testing, identifying user personas.
Subnet
Subnets
The client subnets from which your application receives requests.
General application performance testing.
URL
URLs
The URLs from which your application receives requests.
General application performance testing, testing performance of URLs with high resource requirements.

Identifying additional application security and traffic parameters

When you are troubleshooting the security status of an application, additional data can help you isolate details that characterize potential, or ongoing, vulnerabilities. On the Application screen, the Enhanced Analytics option provides you with the ability to collect more information about the Web Application Security policy for your application's BIG-IP host device. When this feature is enabled, the enhanced data displays additional dimension objects and data for the security dimensions found in the Analytics area.
In addition to displaying enhanced traffic data, you can select additional HTTP traffic data to view details about the application's traffic during the time of an attack (for example, Client IPs, Geolocations, or URLs).
The Enhanced Analytics option does not impact your BIG-IQ system performance. By default,you can enable up to 20 applications simultaneously in Enhanced Analytics mode.
System administrators can adjust the maximum number of applications by modifying the
maxNumberOfApps
parameter value in the
/var/config/rest/config/restjavad.properties.json
file.

Security: Enhanced Analytics metric settings

This table lists and describes the security dimensions that can display additional metric data, when
Collect Security metrics for all devices hosting <Application Name>
is selected in the Enhanced Analytics Settings popup screen. When Enhanced Analytics is enabled, the added data is displayed in the Web Application Security charts. When disabled, these dimensions display aggregated data in the dimension object list.
Affected Dimension(s)
Description
Value displayed when disabled
Network Protocols
The network protocols of the requests to your application.
N/A
Client IPs
The client IP addresses sending requests to your application.
Aggregated
Client Device IDs
The client IDs generated for requests to your application.
Aggregated
IPs Reputation
The client IP reputation categories for requests to your application.
N/A
Countries
The countries from which your application receives requests.
N/A
Users Name
The user name input for your application.
N/A
Session IDs
The assigned session IDs for requests to your application.
N/A
URLs
The URLs from which your application receives requests.
N/A
Methods
The HTTP request methods to your application's resources.
N/A
Mobile App Types
The mobile application type from which a user sent a request.
N/A
Mobile App Versions
The mobile application version from which a user sent a request.
N/A
Violations
The types of violations from requests to your application
N/A
Virus Names
The names of viruses from requests application
N/A