This table lists the available system settings
in the system controller and chassis partition webUIs:
System controller webUI
Chassis partition webUI
Alarms and Events
Alarms and Events
Controller Management
Cluster Details
System Inventory
High Availability
Log Settings
Log Settings
File Utilities
File Utilities
Time Settings
SNMP Configuration
SNMP Configuration
Configuration Backup
Configuration Backup
General
Licensing
Software Install Status
General
System alarms and events overview
You can view active system alarms and events in the
system controller
webUI and CLI.
Display system alarms and events from the webUI
The Alarms & Events screen is
available in both the system controller and chassis partition webUIs. This
screen lists the alert information for all performance and network indicators
that have currently crossed a performance or health threshold. Use this screen
to identify the specific object that is affected.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM
SETTINGS
Alarm &
Events
.
Choose from one of these actions:
To refresh the alarms or events list,
click the
Refresh
icon on the right of the
screen.
To display events result by time preference, click the down arrow next to
Refresh
icon, select a value from the list. The
default value is one hour. For example, select five minutes to
display any event that occurred in the last five minutes.
To display events by severity, select a value from the
Severity
list.
The default value is
Informational
.
Option
Description
Emergency
Emergency system
panic messages
Alert
Serious errors that
require administrator intervention
Critical
Critical errors,
including hardware and file system failures
Error
Non-critical, but
possibly important, error messages
Warning
Warning messages that
should be logged and reviewed
Notice
Messages that contain
useful information, but might be ignored
Informational
Messages that contain
useful information, but might be ignored
Debug
Detailed messages used for
troubleshooting
View active system alarm conditions from the CLI
You can view information about
active system alarm conditions from the system controller CLI.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
View a list of active system alarm
conditions.
show system alarms |
tab
This example shows a power supply
unit (PSU) redundancy fault:
syscon-1-active# show system alarms
ID RESOURCE SEVERITY TEXT TIME CREATED
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
65796 psu-controller WARNING PSU redundancy fault detected 2021-07-01-11:11:11.992270499 UTC
65793 psu-2 ERROR PSU fault detected 2021-07-01-11:11:11.999825828 UTC
High Availability (HA) configuration overview
You can configure system controller high availability (HA)
from Controller Management screen on the system controller webUI. The system controllers work together as a
redundant pair. The default mode for system controller HA is Auto, which
automatically selects the system controller that is best suited at the time as
the active controller and fails over only as needed.
The High Availability screen on the chassis partition webUI includes options
for configuring chassis partition HA. High availability is already implemented for
chassis partitions on the
VELOS
system.
Configure high availability for the system controllers
from the webUI
You should not need to change system
controller high availability (HA) to something other than the default
configuration (Auto), but you can opt to change the configuration or initiate
a failover from the active controller to the standby from the system
controller webUI.
Log in to the VELOS system controller
webUI using an account with admin access.
On the left, click
SYSTEM
SETTINGS
Controller
Management
.
For the
Preferred Node
field, select
System
Controller 1
or
System Controller 2
to act as an active system controller, or choose
Auto
(recommended).
Changing the Preferred Node
configuration creates a failover event and ends the session if you
select the system controller that is currently acting as the
standby. Wait 30 seconds and then start a new session with either
the floating IP address or the active system controller IP address
after the change has completed.
Hardware health conditions of
the system controllers always take precedence. If one of the system
controllers is not healthy, the chassis partition will ignore the
preference and synchronize with the healthy system controller.
To force a failover to occur
immediately, click
Failover
.
The
Failover
button
is available only when
Preferred Node
field is set to
Auto
.
You would do this only if
you want the current standby system controller to become the active
system controller.
Configure high availability for the system controllers from the
CLI
You can change the preferred system controller high
availability (HA) mode from either the system controller or chassis partition
CLI.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Change system controller high
availability/redundancy to a specified mode.
system redundancy config mode [
auto
|
prefer-1
|
prefer-2
}
These redundancy modes are
available:
Option
Description
auto
System chooses preferred mode
automatically. This is the default value.
prefer-1
Prefer controller-1 to be
active.
prefer-2
Prefer controller-2 to be
active.
This example shows configuring
controller-1 as the preferred active system controller from the system
controller
CLI:
syscon-1-active(config)# system redundancy config mode prefer-1
Commit the configuration changes.
commit
System security overview
You can access settings for hardening the security of your system in the
system controller or chassis partition
webUI.
Allow list overview
An allow list enables you to specify either specific IPv4 or IPv6 addresses,
ports, or a netmask as an accepted source that can access the system.
When the IP address is configured and saved to the system allow list, only
traffic coming from that IP address and port is accepted by the system's management
interface. You can also edit or delete entries in the allow list after you have
configured them.
Configure the system allow list from the webUI
You can configure the system allow list from
either the system controller or chassis partition webUI. To edit an existing allow list
entry, select the IP address that you want to edit. You cannot change the designated
name, but you can change all other fields.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM
SETTINGS
System Security
.
In the Allowed IP Addresses area, click
Add
to add an IP address to
the allow list.
For
Name
, enter a descriptive name for the IP address.
For
IPv4/IPv6
, select
IPv4
or
IPv6
.
For
Address
, enter the IP address to be added to the allow
list.
For
Prefix Length
, enter or select the prefix length.
The prefix length values must be between
1 and 32 for IPv4 and between 1 and 128 for IPv6.
For
Port
, select a port number for the IP address.
Available options are:
443 (HTTPS): Allow only HTTP with SSL traffic on
this IP address.
80 (HTTP): Allow only HTTP traffic on this IP
address.
8888 (RESTCONF): Allow only RESTCONF traffic on this
IP address.
161 (SNMP): Allow only SNMP traffic on this IP
address.
7001 (VCONSOLE): Allow only VCONSOLE traffic on this
IP address.
22 (SSH): Allow only SSH traffic on this IP
address.
Click
Save &
Close
.
Configure the system allow list from the CLI
You can configure the system allow list from either
the system controller or chassis partition CLI.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Configure the system to allow traffic only from
specified IP addresses.
This is applicable only for ports 22, 161, 8888, 443, 80, and
7001.
system allowed-ips allowed-ip <
allowlist-profile-name
> config [ ipv4 | ipv6 ] address
<
ip-address
> port <
port-number
>
prefix-length <
subnet-prefix-length
>
This example adds a specified IPv4 address to
the system allow
list:
syscon-1-active(config)# system allowed-ips allowed-ip test config ipv4 address
192.0.2.33 port 161 prefix-length 32
This example adds a netmask to
the system allow
list:
syscon-1-active(config)# system allowed-ips allowed-ip test config ipv4 address
12.13.14.0 port 161 prefix-length 24
Commit the configuration changes.
commit
Appliance mode overview
You can run the system in
appliance mode
.
Appliance mode adds a layer of security removing user access to Root and Bash. Enabling
appliance mode disables all Root and Bash shell access for the system.
You can enable appliance mode at each of these levels:
System
Tenant
Appliance mode is disabled at all levels, by default. You can enable it from
the webUI or the CLI. The appliance mode option for the system is available to users
with admin access under
SYSTEM SETTINGS
General
in the webUI. For tenants, it is available in the webUI under
TENANT MANAGEMENT
Tenant Deployments
.
These are the effects of enabling appliance mode at each of
the different levels.
System-level appliance
mode
Root or Bash access is disabled on the system.
Console access: Root or Bash access is disabled on the system. Users can
log in to the system CLI from the console using an admin account.
Tenant
appliance mode
Root access to the tenant is disabled by all means.
Bash access is disabled for users (with a terminal shell flag enabled)
inside the tenant.
Users can access the tenant only through the webUI or
the CLI.
Tenant console access: Users can log in to the CLI
from the virtual console using an admin account (with a terminal shell
flag enabled).
Configure appliance mode from the webUI
You can enable appliance mode if you want
to disable all root and Bash shell access.
For greater security, it is highly recommended that
you configure the system controllers and chassis partitions to run in
appliance mode.
From the system controller
webUI, appliance mode disables root and Bash access to the controllers.
From the chassis partition webUI, appliance mode limits access to the
specific chassis partition to which you are connected. You can enable or
disable the appliance mode for system controllers and partitions from
their respective webUIs.
The
appliance mode option for tenants is available in the chassis
partition webUI under
TENANT
MANAGEMENT
Tenant
Deployments
.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM
SETTINGS
System Security
.
For
Appliance Mode
, in the Appliance Mode area, for
Enable/Disable
, select either
Enabled
or
Disabled
.
The default value is
Disabled
.
Click
Save
.
Configure appliance mode from the CLI
You can configure appliance mode from either the
system controller or chassis partition CLI if you want to disable all root and Bash
shell access.
For greater security, it is
highly recommended that you configure the system controllers and chassis partitions
to run in appliance mode.
From the system controller
CLI, appliance mode disables root and Bash access to the controllers. From the
chassis partition CLI, appliance mode limits access to the specific chassis
partition to which you are connected.
The
appliance mode option for tenants is available in the chassis partition CLI
using the
tenants tenant
<
tenant-name
> config appliance-mode
command
sequence.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Enable appliance mode.
system appliance-mode config [
disabled
|
enabled
]
In this example, you
enable appliance mode on the system controllers:
syscon-1-active(config)# system appliance-mode config enabled
Commit the configuration changes.
commit
Deny root SSH mode overview
With appliance mode disabled, enabling the deny root SSH option will restrict the root user
from accessing the system through SSH. However, root users can still be able to access the
system using the console. This provides a maintenance window for system administrators
without compromising on system security through SSH.
All users excluding root users can access the system through
SSH. If appliance mode is enabled, it overrides the deny root SSH option.
Configure deny root SSH mode from the webUI
You can enable or disable root SSH from the
webUI. Configuring deny root SSH to
Enabled
will disable the root SSH
access but allows console root access.
Log in to the VELOS system controller webUI or the chassis partition webUI using an
account with admin access.
On the left navigation pane, click
SYSTEM SETTINGS
System Security
.
In the Shell & LCD Access section, select either
Enabled/Disabled
from the Deny Root SSH field dropdown.
The default value is
Disabled
.
Click
Save
.
Configure deny root SSH mode from the CLI
You can configure deny root SSH mode from the CLI
to disable the root SSH access. However, it allows console root access.
Connect using SSH to the system controller floating management IP address or
chassis partition management IP address.
Log in to the command line interface (CLI) of the system controller or chassis
partition using an account with admin access.
When you log in to the system, you are in
user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Disable appliance mode.
system appliance-mode config [
disabled
|
enabled
]
In this example, you disable appliance mode on
the system controllers:
syscon-1-active(config)# system appliance-mode config disabled
Enable deny root SSH mode.
system security deny-root-ssh config [
disabled
|
enabled
]
In this example, you enable deny SSH mode on
the system controllers:
syscon-1-active(config)# system security deny-root-ssh config enabled
Commit the configuration changes.
commit
LCD mode overview
The LCD touchscreen enables you to view system status and manage the system
without attaching a console or network cable. You can configure the LCD to meet security
requirements by changing to a more restrictive operational mode.
The LCD touchscreen supports these modes:
Standard
Allows access to all options.
Secure
Allows access only to management and setup options. A
padlock icon displays next to limited options.
Disabled
Does not allow access to any options and displays only an
image to indicate that the LCD touchscreen is disabled.
Configure the LCD mode from the webUI
You can configure the operational mode of the
touchscreen LCD from
either the system controller or chassis partition webUI.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM
SETTINGS
System Security
.
In the LCD area, for
Mode
, select
one of these options:
Select
Disabled
to not allow access to any options;
displays only an image to indicate that the LCD touchscreen is disabled.
Select
Secure
to allow access only to management
and setup options; displays a padlock icon next to limited options.
Select
Standard
to allow access to all options.
Click
Save
.
Cryptographic agility overview
Cryptographic agility on
F5
VELOS
systems enables you to replace
cryptographic implementations for the httpd and sshd services. This applies to the F5OS
management interface.
Configure the SSL cipher suite for sshd from the
CLI
You can configure the sshd service from
either the system controller or chassis partition CLI.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Configure the sshd service.
system security services
service sshd config ciphers [ <
string
> ]
kexalgorithms [ <
string
> ] macs [ <
string
>
]
These are the available configuration
options:
Option
Description
ciphers
User-specified ciphers. For example,
aes128-cbc or aes128-ctr.
The cipher string can take several
additional forms. It can consist of a single cipher suite
or a list of cipher suites containing a certain algorithm,
or cipher suites of a certain type. You can combine lists
of cipher suites into a single cipher string using the +
character as a logical AND operation.
kexalgorithms
User-specified key exchange algorithms.
For example, diffie-hellman-group14-sha1 or
diffie-hellman-group14-sha256.
You
can combine lists of KEX algorithms into a single string
using the + character as a logical AND
operation.
macs
User-specified MAC algorithms. For
example, hmac-sha2-512 or AEAD_AES_128_GCM.
You can combine
lists of MAC algorithms into a single string using the +
character as a logical AND operation.
After you commit the change, you are prompted to confirm the change. The
service will then restart.
Configure the SSL cipher suite for httpd from the
CLI
You can configure the SSL cipher suites
used for the httpd service from either the system controller or chassis
partition CLI.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Configure one or more cipher suites for
the httpd service.
system security services
service httpd config ssl-ciphersuite <
string
>
In this example, you indicate that the system uses only the
specified cipher
suite:
syscon-1-active(config)# system security services service httpd config
ssl-ciphersuite ECDHE-RSA-AES256-GCM-SHA384
In this example, you specify more than one cipher suite by separating the
cipher suite names with a
colon:
syscon-1-active(config)# system security services service httpd config
ssl-ciphersuite ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA
Commit the configuration changes.
commit
After you commit the change, you are prompted to confirm the change. The
service will then restart.
Allowed SSL cipher suites for httpd service
When you configure ciphers
for httpd, you can use multiple formats. You can specify a single cipher
suite, such as RC4-SHA. You can also represent a list of cipher suites
containing a certain algorithm or cipher suites of a certain type using a
shortened name. For example, SHA1 represents all cipher suites using the
digest algorithm SHA1, and SSLv3 represents all SSLv3 algorithms. You can
combine lists of cipher suites into a single cipher string using the +
character as a logical AND operation. For example, SHA1+DES represents all
cipher suites containing the SHA1 and DES algorithms.
These are the allowed SSL cipher suites for general
appliances:
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
DHE-DSS-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-DSS-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
DHE-DSS-CAMELLIA256-SHA
ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDH-RSA-AES256-SHA384
ECDH-ECDSA-AES256-SHA384
ECDH-RSA-AES256-SHA
ECDH-ECDSA-AES256-SHA
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA
CAMELLIA256-SHA
PSK-AES256-CBC-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
DHE-DSS-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-DSS-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA
DHE-RSA-CAMELLIA128-SHA
DHE-DSS-CAMELLIA128-SHA
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256
ECDH-RSA-AES128-SHA256
ECDH-ECDSA-AES128-SHA256
ECDH-RSA-AES128-SHA
ECDH-ECDSA-AES128-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
CAMELLIA128-SHA
PSK-AES128-CBC-SHA
These are the allowed SSL cipher suites for systems that have a
FIPS software license applied. It does not apply to the F5 r5900-DF or
r10900-DF platforms that have an embedded FIPS hardware security module
(HSM).
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-ECDSA-AES128-SHA256
ECDHE-ECDSA-AES256-SHA384
Allowed SSL cipher suites for sshd service
When you configure ciphers for sshd, you enclose the cipher string
in square brackets and include more than one by separating them with a
space. These ciphers are allowed on the system.
Key algorithms
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group16-sha512
diffie-hellman-group14-sha256
diffie-hellman-group14-sha1
Encryption algorithms
aes128-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
aes128-cbc
aes256-cbc
Message Authentication Code (MAC) Algorithms
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha1-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1
CLI idle timeout overview
For security purposes, you can configure how long management sessions can remain idle
before you are logged out of the system. If you are connected using an SSH connection,
the system closes the SSH connection after this time expires.
Configure the CLI timeout from the webUI
You can configure how long management sessions can remain idle before you are logged out of the system from either the system controller or chassis partition webUI. If you are connected using an SSH connection, the system closes the SSH connection after this time expires.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM
SETTINGS
System Security
.
In the Services area, for
CLI Idle Timeout
, enter a time, in seconds, for how long management sessions can remain idle before they time out.
A value of 0 (zero) sets the time to infinity, so the user is never logged out. The timeout can be a value from 0 through 4294967 seconds. The default value is 1800 seconds (30 minutes).
Click
Save
.
Configure system idle timeout from the CLI
You can configure how long management sessions can
remain idle before you are logged out of the system from the from either the system
controller or chassis partition CLI. If you are connected using an SSH connection, the
system closes the SSH connection after this time expires. You can also configure how
long the system is inactive for a root user before the user is logged out of the
system.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Configure the CLI system idle timeout setting for
an admin user connected to the system.
system settings config idle-timeout
<
time-in-seconds
>
A value of 0 (zero) sets the time to infinity, so the user
is never logged out. The timeout can be a value from 0 through 8192 seconds.
The default value is 1800 seconds (30 minutes).
This example sets an idle timeout
of 3600 seconds (one hour):
syscon-1-active(config)# system settings config idle-timeout 3600
Configure the SSH system idle timeout setting for
a root user.
system settings config sshd-idle-timeout
<
time-in-seconds
>
A value of 0 (zero) sets the time to infinity, so the user
is never logged out. The timeout can be a value from 0 through 8192 seconds.
The default value is 0 (zero).
This example sets an SSH system
idle timeout of 3600 seconds (one
hour):
syscon-1-active(config)# system settings config sshd-idle-timeout 3600
Commit the configuration changes.
commit
System inventory overview
The System Inventory screen on the system controller webUI enables you to
see an inventory of all components on the
VELOS
system, including the system controllers, blades, power supply units (PSU), PSU
controller, fan tray, and LCD. The inventory includes the component name, status, part
number, and serial number.
View system inventory report from the webUI
You can view an inventory of all of the system
components on the
VELOS
system, including the
system controllers, blades, power supply units (PSU), PSU controller, fan tray, and LCD
from the system controller webUI. The inventory includes the component name, status,
part number, and serial number.
Log in to the VELOS system controller
webUI using an account with admin access.
On the left, click
SYSTEM
SETTINGS
System
Inventory
.
The system inventory displays, and you can review the
information about the components on the
VELOS
system. An example is shown here.
Example of system inventory
View system inventory report from the CLI
You can view an inventory of all of the
system components on the
VELOS
system, including the system controllers, blades, power supply units (PSU),
PSU controller, fan tray, and LCD from the system controller CLI. The
inventory includes the component name, status, part number, and serial number.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
View information about system
components.
Add a specific component to show information only about that
component or omit it to show information about all components.
show components component [
<
specific-component
> ]
In this example, you view
details only about the system storage:
syscon-1-active# show components component storage
components component controller-1
storage state disks disk nvme0n1
state model "SAMSUNG MZ1LB960HAJQ-00007"
state vendor Samsung
state version EDA7602Q
state serial-no S123NA0NA04567
state size 894.00GB
state type nvme
storage state disks disk sda
state model DataTraveler
state vendor Kingston
state version 3.0
state serial-no 0000000005??
state size 28.00GB
state type usb
components component controller-2
storage state disks disk nvme0n1
state model "SAMSUNG MZ1LB960HAJQ-00007"
state vendor Samsung
state version EDA7602Q
state serial-no S123NA0NA45678
state size 894.00GB
state type nvme
storage state disks disk sda
state model DataTraveler
state vendor Kingston
state version 3.0
state serial-no 000000000123
state size 28.00GB
state type usb
Log and report configuration overview
The
system controller and chassis partition webUIs include
options for configuring remote log servers and the log severity level
for individual software components and services.
From the
webUIs
you can generate a system report,
or QKView file, to collect configuration and diagnostic information from the
VELOS
system if you have any concerns about
your system operation. The QKView file contains machine-readable (JSON) diagnostic data
and combines the data into a single compressed tar.gz format file. You can upload the
QKView file to F5 iHealth where you can get help to
verify proper operation of the system and get help with troubleshooting and
understanding any issues you might be having and ensure that the system is operating at
its maximum efficiency.
You can view event logs and configure secure remote logging from the CLI.
You can also send host log files, which are in the
/var/log
directory, as well as
audit.log files to the remote server from the CLI.
Configure log settings from the system controller from the webUI
You can add and display information about configured remote log servers from either the system controller webUIs. You can also change the log severity level for individual software components and services.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
On the left, click
SYSTEM
SETTINGS
Log
Settings
.
To include hostname configured for your system in the logs, select
True
from the
Include Hostname
field dropdown.
By default, the
Include Hostname
dropdown value is set to true.
To add access to a
Remote Log Server
, click
Add
.
In the
Server
field, enter the IPv4 address, IPv6 address, or fully qualified domain name (FQDN) of the remote server. After the remote log server is saved, you cannot modify the server address.
In the
Port
field, enter the port number of the remote server.
The default port value is 514.
For
Protocol
, select
UDP
or
TCP
to choose between TCP or UDP input.
The
Authentication
field is displayed only when the TCP protocol is selected.
From the
Selectors
field,
Select
LOCAL0
or
AUTHPRIV
From the
Severity
list, select the severity level of the messages to log
Option
Description
Emergency
Emergency system panic messages
Alert
Serious errors that require administrator intervention
Critical
Critical errors, including hardware and file system failures
Error
Non-critical, but possibly important, error messages
Warning
Warning messages that should be logged and reviewed
Notice
Messages that contain useful information, but might be ignored
Informational
Messages that contain useful information, but might be ignored
Debug
Verbose messages used for troubleshooting
To add more selectors, click the
+
button. To remove the existing selectors, select it and click the
x
button.
For
Authentication
, select the enable or disable option from the list. The default value is
Disabled
. This option is visible when the TCP protocol is selected while configuring the remote log server. If the UDP protocol is selected, the authentication value is saved as
N/A
.
Click
Save & Close
To delete a remote log server, select the server and click
Delete
.
To view the
Host Log Settings
, click
Show
.
For
Host Log Forwarding
, select the enable or disable radio button for remote forwarding. The default value is
Disabled
. When host log forwarding is enabled, the Include Standby Controller field displays.
System Controller webUI: For
Include Standby Controller
, select true or false from the list to include the standby controllers and send the host log files to the active controller. The default value is
False
. This option is visible when the Host Log Forwarding option is enabled at the chassis level.
Chassis Partition webUI: For
Include Blades
, select one or more blades from the list. This option is visible when the Host Log Forwarding option is enabled at the chassis partition level.
For
Selectors
, select the required facility and severity options from the list. To add more selectors, click the add
+
icon. To remove the existing selectors, click the remove
(X)
icon.
To add the required host log files to the
Selected Files
panel, click the required host log files checkboxes. Click on directories to view the files and sub-directories and select individual files within the directory.
At the chassis partition level, you can only view the already selected and locked host files.
The Selected Files option allows the host logs files to be forwarded from the directory and subdirectories.
For
Custom Log File
, enter the log file in the text box and click
Add
to manually add host log file names to the Selected Files panel.
For
TLS Certificate & Key
, click
Show
. It displays TLS Certificate and TLS Key options. If the authentication value is set as enabled for any of the remote log servers, you cannot be able to clear the TLS configuration fields.
For
CA Bundles
, click
Add
to enter the name and TLS CA certificate. When any of the remote server authentication is enabled, you cannot delete the CA bundle.
On the Log Settings screen, review the software component log levels for individual software components and adjust them as needed. Click
Save
if you made changes.
The log levels determine at what level events (and all higher levels) are logged for each service.
Informational
is the default so all except debug-level events are logged.
Component
Description
alert-service
Software component that handles alerts and events at the system level. These components use ConfD to process updates and manage the status of the Alarm LED depending on the severity of the alert.
api-svc-gateway
Software component that manages requests and subscriptions for Tenants on the appliance.
audit-service
Software component for capturing the system configuration related logs in audit log.
authd
Software component responsible for managing the configuration settings for various AAA (Authentication, Authorization, Accounting) mechanisms supported by the F5OS system.
dagd-service
Software component that manages the distribution of Tenant traffic.
datapath-cp-proxy
Software component that manages Tenant datapath setup requests and configuration.
diag-agent
The Diagnostic Agent is responsible for running various diagnostic profiles, gathering and exporting telemetry data and providing system health information and producing the hardware alerts.
diag-data
Software component for primarily tasked with collecting important information periodically from an F5OS device and sending that data back to F5 for analysis purposes.
disk-usage-statd
-
dma-agent
Software component for Core Offload feature that functions as a buffer broker, allowing multiple tenants to share access to the FPGA while remaining isolated from one another.
fips-service
Software component for System FIPS configuration and handles system integrity check requests.
firewall-manager
One software component that enables the setting up of a whitelist for designated source IP addresses and destination ports such as HTTP, HTTPS, RESTCONF, SNMP, and vConsole.
fpgamgr
Software component, which manages the datapath FPGAs. This includes front panel interfaces, L2 functionality, and other advanced FPGA features.
ihealth-upload-service
Software component for providing secure way of transporting support package to F5 to different target destination. This service offers historical track records of support package uploads with configurable data retention policy.
ihealthd
Software component responsible for handling ihealth configuration parameters and Start a qkview upload by sending a request to ihealth.
image-agent
A software module that manages the validation of imported tenant images and displays the current status of both tenant and platform images on the user interface.
kubehelper
Software component triggered during tenant deployment and runs as an assistant task before tenant container is created.
For BIG-IP
Covert qcow2 image to raw format for BIG_IP tenant only.
Reserves huge pages for the tenant.
Creates host-net interface for host and tenant communication purposes.
Creates a tenant management interface for BIG-IP NEXT tenants and includes route integration.
l2-agent
Software component responsible for managing the setup and status of physical connections (such as interfaces and portgroups) and the configuration and status of Layer-2 components (such as VLANs, LAGs, and FDB).
lacpd
Daemon responsible for negotiation of LACP over system interfaces.
license-service
Software component responsible for system licensing installation.
line-dma-agent
Software component which is an fundamental layer of tcpdump in the VELOS/rSeries family.
lldpd
Software component for LLDP configuration.
lopd
Software component to manage communication with the LOP (AOM).
network-manager
Software component responsible for managing datapath related resources, such as MAC Addresses. It also manages datapath tables that route traffic between Tenants and Interfaces.
node-agent
Software component triggered during tenant deployment and node reboots.
Creates a tenant management interface for BIG-IP NEXT tenants and includes route integration.
Adds water-marking rules for BIG-IP NEXT tenants.
In charge of allocating large pages for chassis during tenant deployments.
optics-mgr
Software component that is responsible for storing the tuning values for supported optics. When provided with an optic, returns the proper tuning.
orchestration-agent
Software component for Tenant Orchestration which includes tenant configuration and deployments.
partition-bladesd
Software component responsible for the peer enumerator service, creates a file containing a list of IP addresses for peers in a partition. Qkviewd uses the list of IP addresses for collecting peer qkviews.
The generated peer file is located in
/var/F5/partitionX/qkviewd/peers
, where X indicates the partition number.
This container is only relevant for partition qkviews. This container is not intended to be usable by you.
partition-common
Software component responsible for incorporating standard ConfD utility functions that enhance the CLI interface.
partition-ha
Systen partition software component responsible for Partition's HA control framework.
partition-manager
System partition software component responsible for Partition's instance of ConfD.
platform-diag
Software component for providing statistics reports and measurements on top of the low-level hardware.
platform-fwu
Software component responsible for updating and reporting firmware.
platform-hal
Software component that provides other services with access to platform/hardware data and configuration.
platform-mgr
This software component displays the versions of platform components, CPUs, memory, and firmware. It also automatically initiates firmware upgrades when upgrading or installing a new ISO and rebooting.
platform-monitor
Monitoring Agent is responsible for:
Creating telemetry pipelines that query data periodically.
Applying processors to the data.
Sending the data to various destinations.
platform-stats
Software component responsible for capturing the various utilization stats of the CPU, drives and memory and storing the data in TMSTAT stat tables.
platform-stats-bridge
Software components responsible for handling the platform statistics to display on user interfaces.
qat-confd-service
Service for communicating QAT device tenant assignments to ConfD tables.
qat-plugin
Kubernetes device plugin for reporting and managing QAT device resources and resource activities related to their respective tenant assignments.
qkviewd
Software component designed to create diagnostic snapshots in containerized systems, known as QKView. A QKView file is a compressed file with diagnostic info from containers, the host, and other systems.The main qkviewd service operates within a container, while qkviewd-host service collects data on the host. A peer system is another system running the qkviewd daemon.
rsyslog-configd
Software component for remote syslog configuration handling.
snmp-service
Software component used to configure system SNMP configuration such as community, target, and user.
snmp-trapd
Software component that process the system alerts/events as traps and sends it to SNMP manager.
sshd-crypto
Software component for handling sshd crypto agility configurations.
stpd
Software component for configuring STP L2 protocol in platform.
stream-generator
Software component provides the capability to produce independent streams of traffic, which can be directed anywhere in the chassis. This service can also connect to the dma-client unix pipes to manage ePVA information. Internally, the stream-generator can asynchronously read the FSC status messages and store the last value in a cache.
Key features of the stream generator:
The stream-generator utilizes the SEP Topology feature to connect to all 3 data-movers within the dma-agent. The stream can be configured to traverse a specific data-mover.
A stream can have a flexible transmit schedule.
The stream's packet can be a generic MAC frame or it can also include IPv4 + UDP type traffic.
The stream's packets can be a variable size.
The stream can be directed to any Destination ID in the chassis.
The stream-generator uses a fixed service-id == 6.
sw-rbcast
Software component that is responsible for forwarding broadcast traffic received on a shared VLAN to the tenants which share that VLAN. A secondary responsibility is to forward DLF (destination look-up failures) requests to the fpgamgr component, so that they can be resolved.
tcam-manager
tcpdumpd
Software component responsible for the tcpdump client daemon.
tcpdumpd-manager
Software component responsible for the tcpdump server daemon.
tmstat-agent
Software component for providing the framework which can be used to store the statistics data in centralized location on each host.
tmstat-merged
Software component for providing framework to integrate and divide statistics streams.
user-manager
Software component responsible for the management and configuration of local users on the system such as user accounts, groups/roles, and passwords.
utils-agent
Software component that manages file transfer operations such as import, export, delete, and download/upload.
vconsole
Software component for providing authenticated virtual console access to F5OS tenants.
Click
Save
to save the log settings.
Configure log settings from the chassis partition the the webUI
You can add and display information about configured remote log servers from chassis partition webUIs. You can also change the log severity level for individual software components and services.
Log in to the command line interface
(CLI) of the chassis partition using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
On the left, click
SYSTEM
SETTINGS
Log
Settings
.
To include hostname configured for your system in the logs, select
True
from the
Include Hostname
field dropdown.
By default, the
Include Hostname
dropdown value is set to true.
To add access to a
Remote Log Server
, click
Add
.
In the
Server
field, enter the IPv4 address, IPv6 address, or fully qualified domain name (FQDN) of the remote server. After the remote log server is saved, you cannot modify the server address.
In the
Port
field, enter the port number of the remote server.
The default port value is 514.
For
Protocol
, select
UDP
or
TCP
to choose between TCP or UDP input. When the TCP protocol is selected, the
Authentication
field displays.
From the
Facility
list, select
LOCAL0
.
F5OS supports only the LOCAL0 logging facility. All logs are directed to this facility, and it is the only one that you can use for remote logging.
From the
Severity
list, select the severity level of the messages to log.
Option
Description
Emergency
Emergency system panic messages
Alert
Serious errors that require administrator intervention
Critical
Critical errors, including hardware and file system failures
Error
Non-critical, but possibly important, error messages
Warning
Warning messages that should be logged and reviewed
Notice
Messages that contain useful information, but might be ignored
Informational
Messages that contain useful information, but might be ignored
Debug
Detailed messages used for troubleshooting
For
Authentication
, select the enable or disable option from the list. The default value is
Disabled
. This option is visible when the TCP protocol is selected while configuring the remote log server. If the UDP protocol is selected, the authentication value is saved as
N/A
.
Click
Save &
Close
.
To delete a remote log server, select the server and click
Delete
.
To view the
Host Log Settings
, click
Show
.
For
Host Log Forwarding
, select the enable or disable radio button for remote forwarding. The default value is
Disabled
. When host log forwarding is enabled, the Include Standby Controller field displays.
System Controller webUI: For
Include Standby Controller
, select true or false from the list to include the standby controllers and send the host log files to the active controller. The default value is
False
. This option is visible when the Host Log Forwarding option is enabled at the chassis level.
Chassis Partition webUI: For
Include Blades
, select one or more blades from the list. This option is visible when the Host Log Forwarding option is enabled at the chassis partition level.
For
Selectors
, select the required facility and severity options from the list. To add more selectors, click the add
+
icon. To remove the existing selectors, click the remove
(X)
icon.
To add the required host log files to the
Selected Files
panel, at the chassis level, click the required host log files checkboxes.
At the chassis partition level, you can only view the already selected and locked host files.
The Selected Files option allows the host logs files to be forwarded from the directory and subdirectories.
For
Custom Log File
, enter the log file in the text box and click
Add
to manually add host log file names to the Selected Files panel.
For
TLS Certificate & Key
, click
Show
. It displays TLS Certificate and TLS Key options. If the authentication value is set as enabled for any of the remote log servers, you cannot be able to clear the TLS configuration fields.
For
CA Bundles
, click
Add
to enter the name and TLS CA certificate. When any of the remote server authentication is enabled, you cannot delete the CA bundle.
On the Log Settings screen, review the software component log levels for individual software components and adjust them as needed. Click
Save
if you made changes.
The log levels determine at what level events (and all higher levels) are logged for each service.
Informational
is the default so all except debug-level events are logged.
Component
Description
alert-service
Software component that handles alerts and events at the system level. These components use ConfD to process updates and manage the status of the Alarm LED depending on the severity of the alert.
api-svc-gateway
Software component that manages requests and subscriptions for Tenants on the appliance.
audit-service
Software component for capturing the system configuration related logs in audit log.
authd
Software component responsible for managing the configuration settings for various AAA (Authentication, Authorization, Accounting) mechanisms supported by the F5OS system.
dagd-service
Software component that manages the distribution of Tenant traffic.
datapath-cp-proxy
Software component that manages Tenant datapath setup requests and configuration.
diag-agent
The Diagnostic Agent is responsible for running various diagnostic profiles, gathering and exporting telemetry data and providing system health information and producing the hardware alerts.
diag-data
Software component for primarily tasked with collecting important information periodically from an F5OS device and sending that data back to F5 for analysis purposes.
disk-usage-statd
-
dma-agent
Software component for Core Offload feature that functions as a buffer broker, allowing multiple tenants to share access to the FPGA while remaining isolated from one another.
fips-service
Software component for System FIPS configuration and handles system integrity check requests.
firewall-manager
One software component that enables the setting up of a whitelist for designated source IP addresses and destination ports such as HTTP, HTTPS, RESTCONF, SNMP, and vConsole.
fpgamgr
Software component, which manages the datapath FPGAs. This includes front panel interfaces, L2 functionality, and other advanced FPGA features.
ihealth-upload-service
Software component for providing secure way of transporting support package to F5 to different target destination. This service offers historical track records of support package uploads with configurable data retention policy.
ihealthd
Software component responsible for handling ihealth configuration parameters and Start a qkview upload by sending a request to ihealth.
image-agent
A software module that manages the validation of imported tenant images and displays the current status of both tenant and platform images on the user interface.
kubehelper
Software component triggered during tenant deployment and runs as an assistant task before tenant container is created.
For BIG-IP
Covert qcow2 image to raw format for BIG_IP tenant only.
Reserves huge pages for the tenant.
Creates host-net interface for host and tenant communication purposes.
Creates a tenant management interface for BIG-IP NEXT tenants and includes route integration.
l2-agent
Software component responsible for managing the setup and status of physical connections (such as interfaces and portgroups) and the configuration and status of Layer-2 components (such as VLANs, LAGs, and FDB).
lacpd
Daemon responsible for negotiation of LACP over system interfaces.
license-service
Software component responsible for system licensing installation.
line-dma-agent
Software component which is an fundamental layer of tcpdump in the VELOS/rSeries family.
lldpd
Software component for LLDP configuration.
lopd
Software component to manage communication with the LOP (AOM).
network-manager
Software component responsible for managing datapath related resources, such as MAC Addresses. It also manages datapath tables that route traffic between Tenants and Interfaces.
node-agent
Software component triggered during tenant deployment and node reboots.
Creates a tenant management interface for BIG-IP NEXT tenants and includes route integration.
Adds water-marking rules for BIG-IP NEXT tenants.
In charge of allocating large pages for chassis during tenant deployments.
optics-mgr
Software component that is responsible for storing the tuning values for supported optics. When provided with an optic, returns the proper tuning.
orchestration-agent
Software component for Tenant Orchestration which includes tenant configuration and deployments.
partition-bladesd
Software component responsible for the peer enumerator service, creates a file containing a list of IP addresses for peers in a partition. Qkviewd uses the list of IP addresses for collecting peer qkviews.1. The generated peer file is located in /var/F5/partitionX/qkviewd/peers, where X indicates the partition number.2. This container is only relevant for partition qkviews.3. This container is not intended to be usable by customers.
partition-common
Software component responsible for incorporating standard ConfD utility functions that enhance the CLI interface.
partition-ha
Systen partition software component responsible for Partition's HA control framework.
partition-manager
System partition software component responsible for Partition's instance of ConfD.
platform-diag
Software component for providing statistics reports and measurements on top of the low-level hardware.
platform-fwu
Software component responsible for updating and reporting firmware.
platform-hal
Software component that provides other services with access to platform/hardware data and configuration.
platform-mgr
This software component displays the versions of platform components, CPUs, memory, and firmware. It also automatically initiates firmware upgrades when upgrading or installing a new ISO and rebooting.
platform-monitor
Monitoring Agent is responsible for:
Creating telemetry pipelines that query data periodically.
Applying processors to the data.
Sending the data to various destinations.
platform-stats
Software component responsible for capturing the various utilization stats of the CPU, drives and memory and storing the data in TMSTAT stat tables.
platform-stats-bridge
Software components responsible for handling the platform statistics to display on user interfaces.
qat-confd-service
Service for communicating QAT device tenant assignments to ConfD tables.
qat-plugin
Kubernetes device plugin for reporting and managing QAT device resources and resource activities related to their respective tenant assignments.
qkviewd
Software component designed to create diagnostic snapshots in containerized systems, known as QKView. A QKView file is a compressed file with diagnostic info from containers, the host, and other systems.The main qkviewd service operates within a container, while qkviewd-host service collects data on the host. A peer system is another system running the qkviewd daemon.
rsyslog-configd
Software component for remote syslog configuration handling.
snmp-service
Software component used to configure system SNMP configuration such as community, target, and user.
snmp-trapd
Software component that process the system alerts/events as traps and sends it to SNMP manager.
sshd-crypto
Software component for handling sshd crypto agility configurations.
stpd
Software component for configuring STP L2 protocol in platform.
stream-generator
Software component provides the capability to produce independent streams of traffic, which can be directed anywhere in the chassis. This service can also connect to the dma-client unix pipes to manage ePVA information. Internally, the stream-generator can asynchronously read the FSC status messages and store the last value in a cache.
Key features of the stream generator:
The stream-generator utilizes the SEP Topology feature to connect to all 3 data-movers within the dma-agent. The stream can be configured to traverse a specific data-mover.
A stream can have a flexible transmit schedule.
The stream's packet can be a generic MAC frame or it can also include IPv4 + UDP type traffic.
The stream's packets can be a variable size.
The stream can be directed to any Destination ID in the chassis.
The stream-generator uses a fixed service-id == 6.
sw-rbcast
Software component that is responsible for forwarding broadcast traffic received on a shared VLAN to the tenants which share that VLAN. A secondary responsibility is to forward DLF (destination look-up failures) requests to the fpgamgr component, so that they can be resolved.
tcam-manager
tcpdumpd
Software component responsible for the tcpdump client daemon.
tcpdumpd-manager
Software component responsible for the tcpdump server daemon.
tmstat-agent
Software component for providing the framework which can be used to store the statistics data in centralized location on each host.
tmstat-merged
Software component for providing framework to integrate and divide statistics streams.
user-manager
Software component responsible for the management and configuration of local users on the system such as user accounts, groups/roles, and passwords.
utils-agent
Software component that manages file transfer operations such as import, export, delete, and download/upload.
vconsole
Software component for providing authenticated virtual console access to F5OS tenants.
Click
Save
to save the log settings.
View event logs from the CLI
The system logs events to the
velos.log
file located in the
/var/log_controller
directory. To list files and view
the contents of log files, you use the
file
command from
either the system controller or chassis partition CLI.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
List all files in the log
directory.
file list path [ log/confd/ |
log/controller/ | log/host/ }
This example shows an excerpt of the
contents of the
log/controller/
directory:
syscon-1-active# file list path log/controller/
entries {
name afu-cookie
date Wed Jun 15 19:52:37 UTC 2022
size 33B
}
entries {
name cc-confd
date Wed Jun 15 20:25:49 UTC 2022
size 581KB
}
entries {
name cc-confd-hal
date Wed Jun 15 19:52:10 UTC 2022
size 0B
}
...
Show the contents of a log file.
file show [
log/confd/<
filename
> |
log/controller/<
filename
> |
log/host/<
filename
>
]
This example shows the contents of
the
log/controller/velos.log
file and uses the
more
option to paginate the
output:
syscon-1-active# file show log/controller/velos.log | more
2022-04-21T08:18:28-07:00 localhost.localdomain notice boot_marker: ---===[ BOOT-MARKER ]===---
2022-04-21T08:19:39-07:00 controller-1.chassis.local notice boot_marker: ---===[ BOOT-MARKER ]===---
2022-04-21T15:27:39.925830+00:00 controller-1 alert-service[8]: priority="Notice" version=1.0 msgid=0x2201000000000001 msg="Alert Service Starting..." version="3.10.2" date="Fri Apr 8 09:42:10 2022".
2022-04-21T15:27:39.926245+00:00 controller-1 alert-service[8]: priority="Info" version=1.0 msgid=0x6602000000000005 msg="DB is not ready".
2022-04-21T15:27:39.926264+00:00 controller-1 snmp-trapd[9]: priority="Notice" version=1.0 msgid=0x2101000000000007 msg="SNMP Trap Service Starting..." version="3.2.3" date="Fri Apr 8 09:43:28 2022".
2022-04-21T15:27:39.926274+00:00 controller-1 alert-service[8]: priority="Info" version=1.0 msgid=0x6602000000000005 msg="DB is not ready".
Show only the most recent entries in a log file.
file tail [ log/confd/<
filename
> |
log/controller/<
filename
> |
log/host/<
filename
> }
This example shows the last ten lines of the
velos.log
file and uses the
-f
option to append output as
the file grows:
syscon-1-active# file tail -f log/controller/velos.log
2022-06-16T23:24:36.170220+00:00 controller-1 switchd[8]: priority="Notice" version=1.0 container="VCC-SWITCHD" msgid=0x1001000000000485 msg="Linkstatus change" PORT="1/mgmt0" LINKSTAT="DOWN".
2022-06-16T23:24:36.176481+00:00 controller-1 vcc-lacpd[82]: priority="Info" version=1.0 msgid=0x330100000000004e msg="" info_str="check_if_op_modify(): new oc_if_oper_status: 2 (1:UP 2:DOWN ... )".
2022-06-16T23:24:36.176820+00:00 controller-1 vcc-lacpd[82]: priority="Info" version=1.0 msgid=0x330100000000004e msg="" info_str="check_if_op_modify(): new oc_eth_port_speed: ns: 1857063266 id: 1980508219 ".
2022-06-16T23:24:36.267589+00:00 controller-1 switchd[8]: priority="Notice" version=1.0 container="VCC-SWITCHD" msgid=0x1001000000000485 msg="Linkstatus change" PORT="1/mgmt0" LINKSTAT="DOWN".
2022-06-16T23:24:36.425971+00:00 controller-1 vcc-lacpd[82]: priority="Info" version=1.0 msgid=0x330100000000004e msg="" info_str="CCLacpdWriteHdlr::delete_member(memberName=1/mgmt0) from ConfD".
2022-06-16T23:24:36.434091+00:00 controller-1 vcc-lacpd[82]: priority="Info" version=1.0 msgid=0x330100000000004e msg="" info_str="InterfaceCmObj::modifyOp: if_name=1/mgmt0 mode=FULL DUPLEX status=DOWN speed=10000#012".
2022-06-16T23:24:36.434371+00:00 controller-1 vcc-lacpd[82]: priority="Info" version=1.0 msgid=0x330100000000004e msg="" info_str="InterfaceCmObj::modifyOp: if_name=1/mgmt0 mode=FULL DUPLEX status=DOWN speed=0#012".
2022-06-16T23:25:09.324530+00:00 controller-1 platform-hal[8]: priority="Info" msg="NEBS is assumed to be true as chassis SEEPROM NEBS option couldn't be read" interface="job-2648493" apogeeUuid="a519fa20-ece4-11ec-a487-024264410634" $parent.jobId=0 $parent.apogeeUuid="a519fa20-ece4-11ec-a487-024264410634" $parent.treeUuid="90151e75-edcb-11ec-a487-024264410634" $parent.appKey="hal" actionKey="GET:chassis/nebs-capable" jobId=2648493 jobTreeUuid="90151e75-edcb-11ec-a487-024264410634"
2022-06-16T23:25:09.399391+00:00 controller-1 platform-hal[8]: priority="Info" msg="NEBS is assumed to be true as platform SEEPROM NEBS option couldn't be read" interface="job-2648493" actionKey="GET:chassis/nebs-capable" jobId=2648493 jobTreeUuid="90151e75-edcb-11ec-a487-024264410634" apogeeUuid="a519fa20-ece4-11ec-a487-024264410634" $parent.jobId=0 $parent.apogeeUuid="a519fa20-ece4-11ec-a487-024264410634" $parent.treeUuid="90151e75-edcb-11ec-a487-024264410634" $parent.appKey="hal"
2022-06-16T23:25:09.429431+00:00 controller-1 platform-hal[8]: priority="Info" msg="NEBS is assumed to be true as platform SEEPROM NEBS option couldn't be read" interface="job-2648493" actionKey="GET:chassis/nebs-capable" jobId=2648493 jobTreeUuid="90151e75-edcb-11ec-a487-024264410634" apogeeUuid="a519fa20-ece4-11ec-a487-024264410634" $parent.jobId=0 $parent.apogeeUuid="a519fa20-ece4-11ec-a487-024264410634" $parent.treeUuid="90151e75-edcb-11ec-a487-024264410634" $parent.appKey="hal"
_
Configure secure remote logging from the CLI
The system logs events to the
velos.log
file located in the
/var/log_controller
directory. To list
files and view the contents of log files, you use the
file
command from the CLI.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Configure secure remote logging. The default value
is disabled.
system logging remote-servers
remote-server <
name
> config proto <
proto
> remote-port
<
port
>
authentication { disabled | enabled }
This example enables secure remote
logging:
syscon-1-active(config)# system logging remote-servers remote-server
test config proto test2 remote-port 80 authentication enabled
Add authentication details for secure remote
logging.
system logging remote-servers
remote-server <
server-IP
> config authentication
Add certificate or key details for secure remote
logging.
system logging tls { certificate | key }
<
string
>
Add CA bundle details for secure remote
logging.
system logging tls ca-bundles ca-bundle
<
name
>
config name <
name
> content <
ca-cert-contents
>
The certificate bundle that you specify must include
the certificate chain of the certificate authority.
Remove authentication details from secure remote
logging.
no system logging remote-servers
remote-server <
server-IP
> config authentication
Remove certificate or key details from secure
remote logging.
no system logging tls { certificate | key
} <
string
>
Remove CA bundle details from secure remote
logging.
no system logging tls ca-bundles
ca-bundle
Send log files to the remote server.
You can send host log files, which are in
the /var/log directory, or audit.log files to the remote server
system logging host-logs config
files file <
file-name
>
Commit the configuration changes.
commit
Return to user (operational) mode.
end
Show authentication, certificate, key, and CA
bundle details.
show running-config system logging tls {
certificate | key | ca-bundles } <
string
>
File utilities overview
You can use File Utilities to import, export,
download, or delete files asynchronously depending on which directory you select
to work in. All file transfers are done using the HTTPS protocol.
File import
You can import a file from an external server into the
system controller or chassis partition from either the webUI or the CLI.
HTTPS is the supported protocol. The remote host should be an HTTPS server
with PUT/POST enabled and have a valid CA-signed certificate.
If you want to import the contents of a tar file,
you need to extract the contents first before you can import them onto the
F5
system.
You can import files into these directories on a system
controller :
images/staging
configs
You can import files into these directories on a chassis
partition:
configs
images/import
images/staging
images/tenant
File export
You can
export a file from a system controller or chassis partition to an external
server from either the webUI or the CLI. HTTPS is the supported protocol.
The remote host should be an HTTPS server with PUT/POST enabled and have a
valid CA-signed certificate.
You can export files in these directories from a system
controller:
configs
log/confd
log/controller
log/host
diags/core
diags/crash
diags/shared
images/import
images/staging
You can export files in these directories from the
chassis partition:
configs
diags/core
diags/shared
images
log
File download
You can download files in these directories from a
system controller to your local workstation from the webUI:
configs
diags/core
diags/crash
diags/shared
log/confd
log/controller
mibs
You can download files in these directories from a
chassis partition to your local workstation from the webUI:
configs
diags/core
diags/shared
log
mibs
File upload
You can upload files in these directories from your
local workstation to a system controller from the webUI:
configs
images/staging
You can upload files in these directories from your
local workstation to a chassis partition from the webUI:
configs
images
File deletion
You can delete files (to which you have file permissions) on a
system controller or a chassis partition only from the
diags/shared
or
configs
directories from either the webUI or the
CLI.
Manage files from the webUI
File Utilities are available in both the
system controller and chassis partition webUIs. You can use File Utilities to
import, export, download, upload, or delete files asynchronously depending on
which directory you select to work in. All file transfers are done using the
HTTPS protocol.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM
SETTINGS
File
Utilities
.
From the
Base Directory
list, browse the directories and click subfolders to view their
contents and the commands that are available from each one.
From a subfolder, click the
left arrow next to the path to navigate back to the main
folder.
To import a file, click
Import
.
In the popup, enter the
URL
of the file to import.
Provide the
Username
and
Password
only if required by the remote
host.
Select
Ignore Certificate
Warnings
if you want to skip warnings when
importing files (such as if the remote host does not have a
valid CA-signed certificate).
Click
Import File
to begin the import.
To export a file, select the file and
click
Export
.
In the popup, enter the
Server
URL
for where to export the file.
Provide the
Username
and
Password
only if required by the remote
host.
Select
Ignore Certificate
Warnings
if you want to skip warnings when
importing files.
Click
Export File
to begin the export.
To upload a file:
Click
Upload
and select the file you want to upload.
The selected file will be uploaded.
To download a file:
Select the file and click
Download
.
The selected file will be
downloaded.
On the system controller and
chassis partition, you can delete files from
diags/shared
.
You can view the status of a file transfer operation
to view its progress and see if it was successful. If you want to cancel the in-progress
file transfer operation, click
Cancel
. If an operation fails,
hover over the warning icon to see the error that occurred.
A
runtime error displays in the File Transfer status area, if an invalid operation is
performed.
Manage MIB files from the webUI
MIB files can be managed from the File
Utilities page in both the system controller and chassis partition webUIs. You can use
File Utilities to export or download MIB files. File transfers are done using the HTTPS
protocol.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM
SETTINGS
File
Utilities
.
From the
Base Directory
list, select
mibs
.
To export a MIB file, select the file and click
Export
.
In the popup, enter the
Server URL
for where
to export the file.
Provide the
Username
and
Password
only if required by the remote host.
Select
Ignore Certificate
Warnings
if you want to skip warnings when importing
files.
Click
Export File
to begin
the export.
To download a file:
Select the file and click or
Download
.
The selected file will be
downloaded.
You can view the status of a file transfer
operation to view its progress and see if it was successful. If you want to cancel the
in-progress file transfer operation, click
Cancel
. If an
operation fails, hover over the warning icon to see the error that occurred.
A runtime error displays in the File Transfer status area, if
an invalid operation is performed.
View files from the CLI
You can view the contents of a file from either
the system controller or chassis partition CLI.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
View the contents of a file.
file show <
local-file-path
>
This example shows how to view the contents of the
Optionally, you can check the file
transfer status.
file transfer-status file-name
<
local-file-path
>
Cancel a file transfer from the CLI
You can cancel an in-progress file
import onto your system from either the system controller or chassis partition
CLI.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Get the operation identifier for the file transfer process.
show file transfer-operations
A summary similar to this example
displays:
syscon-1-active# show file transfer-operations
file transfer-operations transfer-operation images/import/iso/F5OS-C-1.6.0-1234.CONTROLLER.iso
files/F5OS-C/controller/images/F5OS-C-1.6.0-1234.CONTROLLER.iso "Import file" "HTTPS "
operation-id IMPORT-C16QYpun
status "In Progress (13.0%)"
timestamp "Fri Mar 24 23:05:54 2023"
Cancel the specified file
transfer.
file abort-transfer
operation-id <
id
>
This example shows canceling a specified in-progress file
transfer:
syscon-1-active# file abort-transfer operation-id IMPORT-C16QYpun
Aborting will stop the file transfer. Do you want to proceed? [yes/no] yes
result File transfer abort operation initiated.
Export files from the CLI
You can export files to an external
server from your system from either the system controller or chassis partition
CLI.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Export a file.
file export insecure local-file
<
local-file-path
> protocol { https | scp | sftp }
remote-file <
remote-file-path
> remote-host <
ip-address-or-fqdn
> remote-port <
port-number
> remote-url <
ip-address-or-fqdn
> username <
user
>
web-token <
remote-system-token
>
Delete files from the CLI
You can delete files from either
the system controller or chassis partition CLI.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Delete a file.
file delete file-name
<
local-file-path
>
Time settings overview
You can configure Network Time Protocol (NTP) for the
VELOS
system. An NTP server ensures that the
system clock is synchronized with Coordinated Universal Time (UTC). The system also
provides authentication support for NTP, which can enhance security by ensuring that the
system sends time-of-day requests only to trusted NTP servers. You can also configure
the time zone and set the time and date manually, if NTP is disabled. You can use either
the
system controller
CLI or webUI to configure time
settings.
Configure time settings from the webUI
After the
VELOS
system license is activated, you can configure
Network Time Protocol (NTP) servers, including authentication support for NTP,
time zone, and manual configuration of date and time, if NTP is disabled. The
NTP server ensures that the system clock is synchronized with Coordinated
Universal Time (UTC). You can specify a list of servers that you want the
system to use when updating the time on network systems. You can configure
time settings for the system from the system controller webUI.
Log in to the VELOS system controller
webUI using an account with admin access.
On the left, click
SYSTEM
SETTINGS
Time
Settings
.
To synchronize the system clock with an
NTP server, for
NTP
Service
, select
Enabled
.
The
NTP Service
is set
to
Disabled
by default.
To set the time and date manually:
For
NTP
Service
, select
Disabled
.
In the Manual Time & Date
Settings area, click the calendar to set the date and
time.
To use authentication support for
NTP:
For
NTP
Authentication
, select
Enabled
.
The
NTP
Authentication
is set to
Disabled
by
default.
For
NTP Keys
,
click
Add
.
The
Add NTP Key
screen displays.
For
Key ID
,
type an identifier used by the client and server to designate
a secret key.
The client and server
must use the same key ID.
For
Key Type
,
select the encryption type used for the NTP authentication
key.
The default value is
F5_NTP_AUTH_SHA256.
Select from these
options:
F5_NTP_AUTH_MD5
F5_NTP_AUTH_SHA1
F5_NTP_AUTH_SHA256
F5_NTP_AUTH_SHA384
F5_NTP_AUTH_SHA512
For
Key Value
,
paste the text of the NTP authentication key.
Click
Save &
Close
.
To specify an
NTP server
, from
NTP Servers
:
Click
Add
.
For
NTP Server
, type the
IPv4 address, IPv6 address, or Fully Qualified Domain Name (FQDN) of the
NTP server. This information will be displayed in the Name column of the
table on the Time Settings screen.
If specifying an FQDN, you must
configure a resolvable DNS server for the system. The resolved IP
address will display in the NTP Server column of the table on the
Time Settings screen. If the FQDN is unresolvable, this will be
indicated in the NTP Server column, although this could be a
transitional state.
If specifying an IPv4 or IPv6 address, the address will display in
both the Name and the NTP Server columns.
Set
iburst Mode
to
True
if necessary. By default, it is set to
False
.
Select a
Key ID
, if you have defined an NTP key,
select it from the list.
Click
Save &
Close
.
To set the time zone, from
Locations
, select
the time zone region.
Click
Save &
Close
.
Configure the system date/time from the CLI
You can manually configure the date
and time for your system from the CLI.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Change the system date and/or
time.
You can opt to change only the time or only the
date by including only the relevant option (either
time
or
date
).
system set-datetime date
<
YYYY-MM-DD
> time <
HH:MM-SS
>
In this example, you change the
system date to 2022-01-01 and the system time to be 12:01:00:
syscon-1-active# system set-datetime date 2022-01-01 time 12:01:00
The system date and time are now
updated.
Configure NTP from the CLI
You can configure Network Time Protocol
(NTP) for your
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Enable NTP.
system ntp config
enabled
Add an NTP server.
system ntp servers server
<
ip-address
>
In this example, you configure an NTP server at pool.ntp.org:
syscon-1-active(config)# system ntp servers server pool.ntp.org
Commit the configuration changes.
commit
Return to user (operational) mode.
end
Verify that NTP is enabled and a server is configured.
syscon-1-active# show system ntp
system ntp state enabled
system ntp state enable-ntp-auth false
system ntp servers server pool.ntp.org
state address pool.ntp.org
state port 123
state version 4
state association-type SERVER
state iburst false
state prefer false
state stratum 4
state root-delay 32
state root-dispersion 45
state offset 0
state poll-interval 8
state authenticated false
Configure NTP authentication from the CLI
You can configure Network Time
Protocol (NTP) authentication for your
VELOS
system from the system controller CLI. NTP
authentication enhances security by ensuring that the system sends time-of-day
requests only to trusted NTP servers.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Enable NTP.
system ntp config
enabled
Enable NTP authentication.
system ntp config enable-ntp-auth
true
Add the key associated with your server to the system.
Add an NTP server and associate the key ID you added with the
server.
system ntp servers server
<
ip-address
>
In this example, you configure an NTP
server at the IP address pool.ntp.org:
syscon-1-active(config)# system ntp servers server pool.ntp.org
syscon-1-active(config-server-pool.ntp.org)# config key-id 11
Commit the configuration changes.
commit
Return to user (operational) mode.
end
Verify that NTP with authentication is enabled and a server is
configured.
syscon-1-active# show system ntp servers
system ntp servers server pool.ntp.org
state address pool.ntp.org
state port 123
state version 4
state association-type SERVER
state iburst false
state prefer false
state stratum 8
state root-delay 0
state root-dispersion 0
state offset 251333
state poll-interval 6
state key-id 11
state authenticated true
SNMP configuration overview
Simple Network Management Protocol (SNMP) is an
industry-standard protocol that enables you to use a standard SNMP management
system to remotely manage network devices.
VELOS
systems support SNMPv1,
SNMPv2c, and SNMPv3. You can configure the system from both the CLI and
webUI.
You can use SNMP to monitor VELOS systems at
both the system controller and chassis partition levels. For more
comprehensive monitoring, configure your system at both levels from the CLI or
webUI. SNMP traps always send from the active system controller’s fixed
management IP address as the source IP address.
SNMP software support
SNMP support is available in different ways,
depending on which F5OS software version you are using. On VELOS
systems, SNMP is available from both the system controller and chassis
partition CLIs and webUIs.
F5 recommends using the newer
system snmp
commands, which include support for SNMP versions 1, 2c, and 3. For more
information on the older commands, see:
in the system
controller or chassis partition webUI (on the left, click
SYSTEM SETTINGS
File Utilities
, and then from
Base
Directory
, select
mibs
, select a
.tar.gz
file, and click
Download
).
Configure a DNS name server if you would like to use a
fully-qualified domain name (FQDN) instead of an IP address for the SNMP trap
destination. For more information, see Configure DNS from the webUI or Configure DNS from the CLI.
SNMP log overview
You can view SNMP information in the
/log/system/snmp.log
file.
You can download the log file to your local workstation from the File
Utilities screen in the system controller or chassis partition webUI (on the
left, click
SYSTEM SETTINGS
File Utilities
, and then from
Base Directory
, select
log/system
, select
snmp.log
, and
click
Download
).
For more information about managing files from the system
controller or chassis partition webUI or CLI, see File utilities overview.
SNMPWALK overview
SNMPWALK is an application on an SNMP management system that performs
SNMP GETNEXT requests to query a network device for information. You can provide an
object identifier (OID) to specify which portion of the object identifier space to
search using GETNEXT requests. The SNMP management system queries all variables in the
subtree below the specified OID, displays these values to the user, and stops when it
returns results that are no longer inside the range of the specified OID.
The IDs display in text format when the corresponding MIB is loaded in
your SNMP management system. If the MIB is not loaded, the walk displays in OID format.
To more accurately map these system OIDs, you must download the
F5-OS-SYSTEM-MIB.mib file and load it into your SNMP management system. To download the
F5 MIB files, use File Utilities in the
system controller or chassis partition
webUI (on the left, click
SYSTEM SETTINGS
File Utilities
, and then from
Base
Directory
, select
mibs
, select a
.tar.gz
file, and click
Download
).
SNMP configuration from the webUI
Configure SNMP
port from the webUI
You can configure the SNMP port from the rSeries
webUI.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM
SETTINGS
SNMP
Configuration
.
For
Port
, enter the
required value. The allowed values for the Port are either 161 or in the ranges
of [1024-7000, 7033-8887, 8889-65535]. To check whether a port is valid or not,
we have inline validation.
Note:
The port configured in the SNMP
Configuration area is reflected on the
Allow List Entry
screen
of the
Allowed IP
Addresses
section under System Security in the System
Settings chapter. When an allowlist is created with an SNMP port, the user
is not allowed to change the SNMP Port on the SNMP Configuration area, which
can cause an error. For more information, see Configure the system allow list from the webUI.
Click
Save &
Close
.
Configure SNMP properties from the webUI
You can configure the SNMP properties from the webUI.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM
SETTINGS
SNMP
Configuration
.
Under the
Properties
area, enter values in the required fields.
System Contact
System Location
System Name
The maximum number characters limit is 255.
Click
Save &
Close
.
Configure SNMP communities from the webUI
You can configure SNMP communities with
either version 1, version 2c, or both security models from either the system
controller or chassis partition webUI.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM
SETTINGS
SNMP
Configuration
.
In the Communities area, click
Add
.
The Add Community
screen displays.
For
Community
,
enter a descriptive name.
For
Security Model
,
select from these security models: v1, v2c, and v1 and v2c.
Click
Save &
Close
.
Configure SNMP users from the webUI
You can configure SNMP version 3, which
is a user-based security model, from either the system controller or chassis
partition webUI. This model provides support for additional authentication and
privacy protocols.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM
SETTINGS
SNMP
Configuration
.
In the Users area, click
Add
.
The Add V3 User
screen displays.
For
User
, enter
the user name.
For
Authentication Protocol
, select from these
protocols: MD5, SHA, or None.
For
Authentication Password
, enter the password
for the specified user.
For
Privacy Protocol
, select from these
protocols: AES128, DES, or None.
Click
Save &
Close
.
Configure SNMP targets from the webUI
Before you can add an SNMP target, you must
have already configured either the SNMPv1/v2c community or SNMPv3
user.
You can configure SNMP targets from
either the system controller or chassis partition webUI. These are required to
send system-generated traps to a manager. You can choose either community
(v1/v2c) or user-based (v3) security.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM
SETTINGS
SNMP
Configuration
.
In the Targets area, click
Add
.
The Add Target
screen displays.
For
Name
, enter a
descriptive name.
For
Security Model
,
select from these security models: v1, v2c, or v3.
Select one of these options, depending
on the selected security model:
If you select v1 or v2, for
Community
, select the community that you
created.
If you select v3, for
User
, select the user that you created.
For
IPv4/IPv6
, select
either
IPv4
or
IPv6
.
For
Name
, enter the IPv4
address, IPv6 address, or fully qualified domain name (FQDN) of the
target.
For
Port
, enter the port
number for the target.
The default value is 162, and
the range is from 1024 to 65535
Click
Save &
Close
.
SNMP configuration from the CLI
Configure SNMP port from the CLI
You can configure the SNMP port from the CLI.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Configure SNMP port
system snmp config port <
value
>
The following example configures SNMP port '5000':
syscon-1-active(config)# system snmp config port 5000
The allowed values for the Port are either 161 or in the
ranges of [1024-7000, 7033-8887, 8889-65535]. The port configured in the SNMP
Configuration area is reflected on the Allow List Entry screen of the Allowed IP
Addresses section under System Security in the System Settings chapter. When an
allowlist is created with an SNMP port, the user is not allowed to change the SNMP Port
in the SNMP Configuration area, which can cause an error. For more information, see
Configure the system allow
list from the webUI
Commit the configuration changes.
commit
Configure the SNMP properties from the CLI
You can configure the SNMP properties from the CLI.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Configure SNMP properties
SNMPv2-MIB system sysName <
system name
> sysLocation <
location name
> sysContact <
contact details
>
A summary of this example displays:
syscon-1-active(config)# SNMPv2-MIB system sysName f5System sysLocation boston sysContact support@f5.com
Commit the configuration changes.
commit
Configure SNMP communities from the CLI
You can configure SNMP communities with
either version 1, version 2c, or both security models from either the system
controller or chassis partition CLI.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Configure a community.
system snmp communities
community <
community-name
> | config
security-model { v1 | v2c }
This example creates a community that
uses the v2c security model:
syscon-1-active(config)# system snmp communities community v2comm config
security-model v2c
This example creates a community that
uses both v1 and v2c community models:
syscon-1-active(config)# system snmp communities community v1v2c config
security-model [ v1 v2c ]
Commit the configuration changes.
commit
Return to user (operational) mode.
end
Verify the community configuration.
show system snmp
communities
A summary similar to this example
displays:
syscon-1-active# show system snmp communities
SECURITY
NAME NAME MODEL
----------------------------------
v1v2c v1v2c [ v1 v2c ]
This example shows both security models configured. If you configure
only one security model, then only the configured model displays
in the output.
Configure SNMP users from the CLI
You can configure SNMP version 3, which
is a user-based security model, from either the system controller or chassis
partition CLI. This model provides support for additional authentication and
privacy protocols.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Configure a user, including
authentication and privacy protocols.
syscon-1-active# show system snmp users
AUTHENTICATION PRIVACY
NAME NAME PROTOCOL PROTOCOL
--------------------------------------------
jdoe jdoe md5 aes
Configure SNMP v1/SNMPv2c targets from the CLI
You can configure SNMP targets with
community-based security (SNMPv1/SNMPv2c) from either the system controller or
chassis partition CLI. These are required to send system-generated traps to a
manager.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
This example creates a
target with community-based
security:
syscon-1-active(config)# system snmp targets target v2c-target config community v2c-comm
security-model v2c ipv4 address 192.0.2.24 port 5001
Commit the configuration changes.
commit
Return to user (operational) mode.
end
Verify the target configuration.
show system snmp
users
A summary similar to this example
displays:
syscon-1-active# show system snmp targets
SECURITY
NAME NAME USER COMMUNITY MODEL ADDRESS PORT ADDRESS PORT
-----------------------------------------------------------------------------------------
v2c-target v2c-target jdoe - - 192.0.2.24 5001 - -
Configure SNMPv3 targets from the CLI
You can configure SNMP targets with
user-based security (SNMPv3) from either the system controller or chassis
partition CLI. These are required to send system-generated traps to an SNMP
management system.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Configure a target with user-based
security.
system snmp targets target
<
target-name
> config user <
user-name
>
{ ipv4 | ipv6 } address <
ip-address
>
port <
port-number
>
This example creates a target with
user-based
security:
syscon-1-active(config)# system snmp targets target v3-target
config user jdoe ipv4 address 192.0.2.24 port 5001
Commit the configuration changes.
commit
Return to user (operational) mode.
end
Verify the target configuration.
show system snmp
targets
A summary similar to
this example
displays:
syscon-1-active# show system snmp targets
SECURITY
NAME NAME USER COMMUNITY MODEL ADDRESS PORT ADDRESS PORT
-----------------------------------------------------------------------------------------
v3-target v3-target jdoe - - 192.0.2.24 5001 - -
Back up system configurations from the webUI
You can back up
the configurations of the system controller or chassis partition in which you
are working from the webUI.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM
SETTINGS
Configuration
Backup
.
Click
Create
.
The Create
Configuration Backup popup opens.
In the
Name
field, enter a
name for the backup (for example, system-controller-12-21-21 or
partition1-6-14-21).
Click
Create
.
The backup is created and
added to the list.
To delete a backup file, select the file
and click
Delete
.
System controller and chassis partition configuration
backups are stored in
configs/
.
Backups should be stored off the system.
You can restore configurations from the
CLI. For more information on saving and restoring the configuration, see the
Complete backup and restore overview
section.
System licensing overview
You can activate a license for the
VELOS
system from either the system
controller CLI or webUI. There is one license per
VELOS
system, which is used by the chassis partitions and
any tenants.
There are two ways to license the system:
Automatically
If your system is connected to the internet, use
the Automatic method to prompt the system to contact the F5 license
server and activate the license.
Manually
If your system is not connected to the internet,
use a management workstation that is connected to the internet to
retrieve an activation key from
F5
and then transfer it to the system.
Adding or
reactivating a license on an active
VELOS
system might impact traffic on tenants
running on chassis
partitions
. Traffic processing will stop briefly on the tenants,
and then restart automatically. This occurs when the tenant receives a new
or reactivated license causing a configuration reload on the tenants. For
more information, see these other references:
The system is now licensed. If a base
registration key or add-on key fails to activate, try re-activating the
license or contact support.f5.com.
View the license from the webUI
You can view information about the
software license activated on your system, including license activation and
expiration dates, service check date, and licensed modules, from either the
system controller or chassis partition webUIs.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM
SETTINGS
Licensing
.
View the license information for the
system.
System licensing from the CLI
License the system automatically from the CLI
For automatic
VELOS
system licensing,
the system needs to be able to connect to the F5 licensing server either
through the internet or another means of networking. You need to have the Base
Registration Key (five sets of characters separated by hyphens) provided by
F5, and any add-on keys (two sets of 7 characters separated by a hyphen) that
you have purchased. The Base Registration Key with associated add-on keys are
pre-installed on a new
VELOS
system.
You can activate the
VELOS
system license automatically
from the system controller CLI.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Apply a license to the chassis.
system licensing install
registration-key <
key
>
The registration key is optional. If it is not
included, the system uses the one that is already pre-installed.
If no registration key is found, you receive an
error.
This example applies a specified base
registration license to the system:
syscon-1-active(config)# system licensing install registration-key
I1234-12345-12345-12345-1234567
result License installed successfully.
Apply any add-on keys.
system licensing install
add-on-keys <
add-on-keys
>
This example enables the additional
features associated with the three specified add-on-keys, along with
the entitlements of the base registration key:
syscon-1-active(config)# system licensing install
add-on-keys [1234567-1234567 2345678-2345678 3456789-3456789]
result License installed successfully.
The
VELOS
system is licensed. The license and any add-on keys apply to all partitions and
tenants.
License the system manually from the CLI
You can activate the
VELOS
system license manually from the system controller
CLI.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Get the system dossier.
system licensing get-dossier
[registration-key XXXXX-XXXXX-XXXXX-XXXXX-XXXXXXX]
The registration key is optional. If it is not
included, the system uses the one already pre-installed. If no
registration key is found, you receive an error.
Paste the license file content in multiline mode, then press
Ctrl+D.
syscon-1-active(config)# system licensing manual-install license
Value for 'license' (<string>):
[Multiline mode, exit with ctrl-D.]
>
The
VELOS
system is licensed. The license applies to all of the chassis
partitions and tenants.
License the system automatically with a proxy server from the
CLI
For automatic VELOS system licensing, the system
needs to be able to connect to the F5 licensing server either through the Internet or another
means of networking. You need to have the Base Registration Key (five sets of characters
separated by hyphens) provided by F5, and any add-on keys (two sets of 7 characters separated
by a hyphen) that you have purchased. The Base Registration Key with associated add-on keys
are pre-installed on a new VELOS system.
You can activate the VELOS system license
automatically from the CLI.
Connect using SSH to the system controller floating management IP address.
Log in to the command line interface (CLI) of the system controller using an account
with admin access.
When you log in to the system, you are in user
(operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Apply a license to the system.
system licensing install registration-key
<
key
> proxy-server
<
protocol://domain
name:port
> proxy-username <
name
> proxy-password <
input
>
The registration key is optional. If it is not included, the system
uses the one that is already pre-installed. If no registration key is found, you receive
an error.
This example applies a specified base
registration license to the system:
syscon-1-active(config)# system licensing install registration-key Y0922-72141-80658-12653-0642460 proxy-server http://192.0.2.20:3128 proxy-username root proxy-password
Value for 'proxy-password' (<AES encrypted string>): *******
result License installed successfully.
Apply any add-on keys.
system licensing install add-on-keys <
add-on-keys
>
This example enables the additional
features associated with the three specified add-on-keys, along with the entitlements of
the base registration key:
syscon-1-active(config)# system licensing install
add-on-keys [1234567-1234567 2345678-2345678 3456789-3456789]
result License installed successfully.
The VELOS system is licensed with proxy server. The
license and any add-on keys apply to the system and all tenants.
Display the system license from the CLI
You can display the license of a
VELOS
system from the system controller
CLI.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Display the system license in a simple
form.
show system
licensing
A summary similar to this
example displays:
syscon-1-active# show system licensing
system licensing license
Licensed version 7.4.0
Registration Key Gxxxx-xxxxx-xxxxx-xxxxx-xxxxxxxx
Licensed date 2021/01/01
License start 2021/04/16
License end 2022/01/01
Service check date 2021/12/02
Platform ID F101
Appliance SN chs600144s
Active Modules
Local Traffic Manager, CX410 (Exxxxxx-xxxxxx)
Best Bundle, CX410
APM-Lite
Carrier Grade NAT (AFM ONLY)
Max Compression, CX410
Rate Shaping
Max SSL, CX410
Advanced Firewall Manager, CX410
Access Policy Manager, Base, CX410
Anti-Virus Checks
Base Endpoint Security Checks
Firewall Checks
Machine Certificate Checks
Network Access
Protected Workspace
Secure Virtual Keyboard
APM, Web Application
App Tunnel
Remote Desktop
Advanced Routing, CX410
Advanced Web Application Firewall, CX410
DNS, Max QPS, CX410
Display the raw license file content that was received from the F5 license
server.
show running-config system licensing
The
VELOS
system is licensed. The license applies to all of the chassis
partitions and tenants.
Cluster details overview
A cluster on a
VELOS
system is
group of blades or nodes working together as a logical unit. The Cluster Details screen
on the chassis partition webUI provides detailed information about clusters that might
be useful when a chassis partition is made up of more than one slot/blade.
View cluster details from the webUI
You can view detailed information about
clusters from the chassis partition webUI.
Log in to the VELOS chassis partition
webUI using an account with admin access.
On the left, click
SYSTEM
SETTINGS
Cluster
Details
.
Set the
Auto Refresh
interval for refreshing the data displayed or click the refresh icon
to update the data immediately.
View the cluster detail
information.
View cluster details from the CLI
You can view detailed information about
clusters from the chassis partition CLI.
Log in to the command line interface
(CLI) of the chassis partition using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Show all cluster details.
show
cluster
A summary similar to this excerpt
displays:
default-1# show cluster
cluster state
cluster disk-usage-threshold state warning-limit 85
cluster disk-usage-threshold state error-limit 90
cluster disk-usage-threshold state critical-limit 97
cluster disk-usage-threshold state growth-rate-limit 10
cluster disk-usage-threshold state interval 60
cluster nodes node blade-1
state enabled true
state assigned true
state node-running-state running
state present single
state platform-id B60100
state slots [ 1 ]
state platform fpga-state FPGA_RDY
state platform dma-agent-state DMA_AGENT_RDY
state slot-number 1
state node-info creation-time 2023-01-06T02:11:09Z
state node-info cpu 28
state node-info pods 250
state node-info memory 131576224Ki
state ready-info ready true
...
General system configuration overview
You can configure general system settings for the
VELOS
system, such as system hostname, login banner, and message of
the day (MOTD) banner. Depending on which setting you want to configure, you can use
either the CLI or the webUI.
Configure general system settings from the webUI
You can configure general system settings,
including hostname, login banner, message of the day (MOTD) banner, and an advisory
banner from the system controller webUI. When enabled and configured, the advisory
banner will display at the top of the webUI after authentication. The product name
displays but cannot be changed.
Log in to the VELOS system controller
webUI using an account with admin access.
On the left, click
SYSTEM
SETTINGS
General
.
For
Hostname
, enter a custom hostname for the system.
For
Login Banner
, enter any text to be displayed when users log in
to the system.
For
MOTD Banner
, enter any text to be displayed as a MOTD when users
log in to the system.
For
Advisory Banner
, select Enabled or Disabled.
For
Advisory Banner Color
, select the color for the
banner.
For
Advisory Banner Text
, enter the text for the banner.
The maximum number of characters is 80.
Click
Save
.
Configure general chassis partition settings from the webUI
You can configure general system settings,
including login banner, message of the day (MOTD) banner, advisory banner, and time
zone/location from the chassis partition webUI. When enabled and configured, the
advisory banner will display at the top of the webUI after authentication.
Log in to the command line interface
(CLI) of the chassis partition using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
On the left, click
SYSTEM
SETTINGS
General
.
For
Login Banner
, enter
any text to be displayed when users log in to the chassis
partition.
For
MOTD Banner
, enter
any text to be displayed as a MOTD when users log in to the chassis
partition.
For
Advisory Banner
, select Enabled or Disabled.
For
Advisory Banner Color
, select the color for the
banner.
For
Advisory Banner Text
, enter the text for the banner.
The maximum number of characters is 80.
From
Time Zone/Locations
, select the time zone region.
Click
Save
.
Configure the hostname from the CLI
You can manually configure the hostname for your
system from either the system controller or chassis partition CLI. F5 recommends you to
configure a Fully Qualified Domain Name (FQDN) hostname.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Change the hostname.
system config hostname <
hostname
>
The minimum length is 1 character, and
the maximum length is 253 characters.
In the examples below, you can see
the hostname for the system either set to 'test-hostname' or 'f5lab.f5net.com':
syscon-1-active(config)# system config hostname test-hostname
syscon-1-active(config)# system config hostname f5lab.f5net.com
You can set a Fully Qualified Domain Name (FQDN) or
plain text as a hostname.
Commit the configuration changes.
commit
The system hostname is now updated. By default, the
system hostname will be included in the subsequent logs.
To verify the hostname included in the logs.
show system logging state include-hostname
In this example, the hostname is included in the
logs:
syscon-1-active# show system logging state include-hostname true
The system hostname is now
updated.
Configure include hostname from the CLI
You can manually configure the log settings to
include hostname that is configured for your system in the subsequent logs from the
CLI.
Log in to the command line interface (CLI) of the system controller or chassis
partition using an account with admin access.
When you log in to the system, you are in user
(operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
To include hostname in the logs, set 'include-hostame' to true.
system logging config
include-hostname <
{ false | true }
>
The default value is set to true.
In this example, the configured system hostname is included in the logs:
syscon-1-active(config)# system logging config include-hostname true
Commit the configuration changes.
commit
Return to user (operational) mode.
end
To verify the hostname is included in the subsequent logs.
show system logging state include-hostname
In the examples below, the system hostname "test-hostname" or "f5lab.f5net.com" is included in the logs:
test-hostname# show system logging
system logging state include-hostname true
test-hostname#
f5lab.f5net.com# show system logging
system logging state include-hostname true
f5lab.f5net.com#
The system hostname is now included in the subsequent logs.
Configure the login banner from the CLI
You can configure the login banner
for your system manually from either the system controller or chassis
partition CLI. The login banner displays before users log in to each
respective system.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Change the login banner text.
system config
login-banner
In this example, you change the login
banner text to notify users that unauthorized access is prohibited:
syscon-1-active(config)# system config login-banner
(<string>):
[Multiline mode, exit with ctrl-D.]
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
Commit the configuration changes.
commit
The login banner is now
updated.
Configure the MOTD banner from the CLI
You can manually configure the
message-of-the-day (MOTD) banner for your system from either the system controller or
chassis partition CLI. The MOTD banner displays after users log in to each respective
system.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Change the MOTD banner text.
system config
motd-banner
In this example, you change the login
banner text to notify users of upcoming system maintenance:
syscon-1-active(config)# system config motd-banner
(<string>):
[Multiline mode, exit with ctrl-D.]
ATTENTION!
This system is scheduled for maintenance in two days.
Commit the configuration changes.
commit
The MOTD banner is now updated.
Verify MAC allocation from the CLI
You can verify the current MAC allocation data from
the system controller CLI.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Display the
current MAC allocation data.
show
system mac-allocation
A
summary similar to this example
displays:
syscon-1-active# show system mac-allocation
system mac-allocation state free-single-macs 144
system mac-allocation state allocated-single-macs 16
system mac-allocation state free-large-blocks 24
system mac-allocation state allocated-large-blocks 0
system mac-allocation state total-free-mac-count 912
system mac-allocation state total-allocated-mac-count 16
system mac-allocation state total-mac-count 928
Verify chassis MAC allocation from the CLI
You can verify the current runtime status of the
MAC pool from the system controller CLI.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Log in to the command line interface (CLI) of the system controller using an account
with admin access.
When you log in to the system, you are in user
(operational) mode.
Display the system uptime.
show system uptime
A summary similar to this example displays:
syscon-1-active# show system uptime
system uptime state up-time "6h, 26m, 0s"
System reboot overview
If you are having an issue with a chassis partition (such as unusually high CPU or
memory usage or lockup), it is possible that rebooting a blade in the chassis partition might help to resolve the issue.
When there is a problem, the system sends alerts that you would see on the
dashboard or on the Alarms & Events screen. A blade status of
Not ready
for a prolonged time on the
General screen can also indicate the need to reboot the blade. You should rarely have to
reboot a blade, however, because typically if the
VELOS
system needs to reboot a blade, it will do so automatically
without administrator intervention. F5 recommends working with customer support if you
think a blade reboot is necessary.
Reboot a system controller from the CLI
You can manually reboot a system controller in your
VELOS
system from the system controller
CLI.
Connect using SSH to the system
controller floating management IP address.
Log in to the command line interface
(CLI) of the system controller using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Reboot a system controller.
system reboot controllers
controller {
active
|
standby
]
In this example, you reboot the
standby system controller:
syscon-1-active# system reboot controllers controller standby
The specified system controller
reboots.
Reboot a system controller from the
webUI
You can reboot a system controller
from the system controller webUI.
Log in to the VELOS chassis partition
webUI using an account with admin access.
On the left, click
SYSTEM
SETTINGS
General
.
Review the status of the system
controllers.
The
Reboot
button will
not be available for a system controller that is currently being
rebooted.
If you decide that a reboot is
necessary, click
Reboot
to the right of the system controller that you
want to reboot.
If the system controller has the active role, a popup displays
asking you to confirm the reboot operation. This causes a failover
to the standby controller.
The It takes a few
minutes for the system controller to reboot. The status will show
Reboot in
progress
, then
Not ready
,
and when reboot is complete, it says
Ready
.
Reboot a blade in a chassis partition from the CLI
You can manually reboot a blade in
your system from the chassis partition CLI.
Connect using SSH to the chassis
partition management IP address.
Log in to the command line interface
(CLI) of the chassis partition using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Reboot a blade in a chassis partition from the
webUI
You can reboot a blade within a
chassis partition from the chassis partition webUI.
Log in to the VELOS chassis partition
webUI using an account with admin access.
On the left, click
SYSTEM
SETTINGS
General
.
Review the status of each of the blades in the chassis partition.
The
Reboot
button will not be available for slots that
do not have blades present, or for blades that are currently being
rebooted.
If you have tenants running on the chassis partition you might want to warn users that
their service might be interrupted temporarily.
If you decide that a reboot is necessary, click
Reboot
to the right of the slot containing the blade that you want to reboot.
It takes a few minutes for the blade to reboot. The status will show
Reboot in progress
, then
Not ready
, and when
reboot is complete, it says
Ready
.
OpenTelemetry overview
OpenTelemetry streamlines observability in distributed systems through standardized APIs, libraries, and tools for collecting telemetry data, including traces, metrics, and logs.
F5OS OpenTelemetry enables the efficient collection of streaming metrics and logs in a structured format from the F5OS product to display in your observability platform. All the metrics and logs will be exported through a gRPC connection. The F5OS supports gRPC endpoints and each OpenTelemetry Line Protocol (OTLP) endpoint is provided with the ability to toggle instrument based filtering.
OpenTelemetry Metrics overview
Telemetry subsystem within the F5OS platform layer generates common attributes and different metrics to display in your observability platform.
Instrument Overview
An instrument is an area of metrics, which contain multiple metrics and can be enabled selectively. F5OS Resource includes instruments.
Instument name
Description
all
All the logs and metrics produced by the F5OS platform layer
logs
All the F5OS logs file
platform-log
All the F5OS platform logs file
event-log
All the F5OS ConfD event log
metrics
All the F5OS metrics
platform
Standard platform metrics such as memory, disk, CPU, and interface
hardware
The low-level platform hardware sensors
optics
The front-panel optic DDM metrics
tenant
Tenant-initiated metrics such as memory, disk, CPU, and interface
datapath
F5OS data-path metrics such as those generated by the FPGA and DMA
tmstat
F5OS tmstat tables exported as metrics
container
Docker container metrics for F5OS services
Support for the intrument "tenant" is provided only for BIG-IP tenants.
This image provides a representation how the F5OS Resource includes instruments with multiple metrics:
Metrics
Common Attributes
The table lists the set of attributes that can be applied to all metrics produced by the platform.
The scope indicates which product the attribute applies to:
F5 - Applies to all metrics produced by F5
F5OS - Applies to all metrics produced by the F5OS product
Name
Value
Type
Scope
Description
host.name
<
name of host
>
string
F5
The host-name for F5OS, derived from ConfD system hostname.
f5.system.id
<
instance ID
>
string
F5
A unique instance ID per product.
f5.product.version
<
version string
>
string
F5
A version string, which represents the version of the product.
f5.product.name
<
product_name
>
string
F5
The high-level F5 product generating the metric/log:
F5OS
BIGIP-Next
SPK
CNF
f5.product.type
<
v6h-hi
>
string
F5OS
The platform type.
f5.platform.serial_number
<
platform_serial_no
>
string
F5OS
Serial number of an appliance, blade, or controller.
f5.platform.role
<
platform_role
>
string
F5OS
The appliance is straight-forward. However, for chassis products, the telemetry data can originate from multiple places. The role can help identify a location.
Blade - The data originated from a blade within a partition
Partition - The data originated from a partition-level service
Controller - The data originated from a system controller
f5.platform.pid
C137
string
F5OS
The platform ID
f5.platform.name
<
platform_name
>
string
F5OS
The Platform Name
rSeries - The appliance products
VELOS - The chassis products
instrument.name
<
name
>
string
F5OS
F5OS Instrument name associated with the metric.
f5.data_type
<
f5os-analytics
>
string
F5
The attribute used by BIG-IP Central Manager to help direct F5OS specific metrics
f5.tenant.name
<
f5os_tenant_name
>
string
F5OS
The deployed tenant name
Tenant Attributes
The following attributes apply for the tenant based metrics.
Name
Value
Type
Description
f5.tenant.name
<
tenant name
>
string
The name of the tenant which acts as a tenant ID
f5.tenant.image
<
image version
>
string
The tenant image version
f5.tenant.type
BIG-IP
BIG-IP Next
string
The tenant type name
Platform Metrics
Front-Panel Interface Metrics
These metrics are relevant to Platforms.
Metric Name
Metric Type
Value Type
Attributes
Unit
f5.interface.packets
Counter
int64
interface.name="1.0"
direction="receive"
{packets}
f5.interface.packets
Counter
int64
interface.name="1.0"
direction="transmit"
{packets}
f5.interface.bytes
Counter
int64
interface.name="1.0"
direction="receive"
Bytes
f5.interface.bytes
Counter
int64
interface.name="1.0"
direction="transmit"
Bytes
f5.interface.errors
Counter
int64
interface.name="1.0"
direction="receive"
{packets}
f5.interface.errors
Counter
int64
interface.name="1.0"
direction="transmit"
{packets}
f5.interface.dropped
Counter
int64
interface.name="1.0"
direction="receive"
{packets}
f5.interface.dropped
Counter
int64
interface.name="1.0"
direction="transmit"
{packets}
f5.interface.broadcast
Counter
int64
interface.name="1.0"
direction="receive"
{packets}
f5.interface.broadcast
Counter
int64
interface.name="1.0"
direction="transmit"
{packets}
f5.interface.multicast
Counter
int64
interface.name="1.0"
direction="receive"
{packets}
f5.interface.multicast
Counter
int64
interface.name="1.0"
direction="transmit"
{packets}
f5.interface.ethernet
Counter
int64
name="1.0"
direction="transmit"
state=<field>
{packets}
Optic DDM Metrics
Reports the front-panel Optic DDM metrics.
Common Attributes include:
port.group=<
string
>
The F5OS port group name associated with the Optic
port.name="1.0"..
The front-panel port number
channel=1..N
For metrics which are per-channel, identifies the individual channel number
The following tenant metrics are currently reported by the BIG-IP tenant into the F5OS platform layer. The metrics visible at the platform layer are only a limited subset of the total number of metrics available to the tenant. You can view the full tenant metrics by using the BIG-IP metric reporting capability.
Common Tenant Attributes
This table lists the attributes that are associated with the tenant-based metrics.
F5OS OpenTelemetry exporter will only report the metrics that are associated with the Docker containers managed by the platform layer. For more information about the docker container metrics, see Docker stats documentation.
Common Attributes
Attributes
Metric value type
Description
container.name
string
The name of the container
container.image.name
string
The container image name
Metrics
Metric Name
Metric Type
Value Type
Attributes
Unit
container.cpu.usage
Gauge
float
ns
container.memory.<
field-name
>
Gauge
float
By
container.memory.usage <
field-name
>
Gauge
float
By
container.memory.percent
Gauge
float
{percent}
container.blockio.io_service_bytes_recursive
Gauge
float
operation="read" | "write"
By
container.network.io.usage.<
field-name
>
Gauge
float
interface=<name>
By | {percent}
container.cpu.percent
Gauge
float
cpu=<name>
{percent}
Platform Hardware Sensors
The platform hardware sensors represent physical sensors associated with the hardware which measure: temperature, current, power, voltage, RPM and percent humidity.
Common Attributes
f5.sensor.name=<sensor name>
Eamples:
Temperature:
Inlet
Outlet
Central
Voltage:
12V
3.3V BCM
Current:
12V Main
Current In
Power:
Controller Power
Total Power Supply Unit (PSU) Power In
Total Power Supply Unit (PSU) Power Out
f5os.sensor.source=<component name>
Eamples:
psu-[1..N]
fantray-[1..N]
psu-controller-[1..N]
blade-[1..N]
controller-[1..2]
platform
Metrics
Metric Name
Metric Type
Value Type
Attributes
Unit
f5.sensor.temperature
Gauge
float64
f5.sensor.name="<name of sensor>"
sensor.source="?<component name>"
C
f5.sensor.voltage
Gauge
float64
f5.sensor.name="<name of sensor>"
sensor.source="?<component name>"
V
f5.sensor.current
Gauge
float64
f5.sensor.name="<name of sensor>"
sensor.source="?<component name>"
A
f5.sensor.power
Gauge
float64
f5.sensor.name="<name of sensor>"
sensor.source="?<component name>"
W
f5.sensor.humidity
Gauge
float64
f5.sensor.name="<name of sensor>"
sensor.source="?<component name>"
{percent}
f5.sensor.fan.speed
Gauge
float64
f5.sensor.name="<name of sensor>"
sensor.source="?<component name>"
RPM
F5OS TMSTAT Metrics
The metric schema is heavily dependent upon the internal representation of the tmstat
tables within F5OS.
When you select instrument type as "all" and/or "metrics", the
instrument type "tmstat" is set to off and cannot be selected. You have to manualy enable
the instrument "tmstat". Using this instrument is more tailored to internal F5 use cases,
such as deep diagnostics.
Metric Name
Metric Type
Value Type
Attributes
Unit
f5.tmstat.<
table
>
Gauge
int
f5.tmstat.column=<
name
>
OpenTelemetry configuration from the webUI
Configure an exporter from the webUI
You can configure an exporter from the webUI.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM SETTINGS
>
Telemetry
.
The Telemetry screen displays.
Under the
Telemetry exporters
area, click
Add
.
The
Add Exporter
screen displays.
Enter
Name
of the Exporter (up to 20 characters).
The first character in the name cannot be a number. After that, only lowercase alphanumeric characters and hyphens are allowed.
For
Endpoint
For
IP Address
, enter the IPv4 address, IPv6 address, or Fully Qualified Domain Name (FQDN) for an exporter.
For
Port
, enter the port number of the Server.
For
Enable
, select
True
if you want to enable and send the telemetry data to the exporter or
False
to disable it.
For
Instruments
, select one or more instruments for an exporter.
Following table lists the avaialble options:
Note: "tenant"
and "datapath" instruments are only supported on Chassis partition.
Option
Description
all
Reports all logs and metrics produced by the F5OS platform layer
logs
Reports all F5OS logs file through the OpenTelemetry ' log' API
platform-log
Exports the F5OS platform log through the OpenTelemetry ' log' API
event-log
Exports the F5OS confd event log through the OpenTelemetry ' log'log'
API
metrics
Report all F5OS metrics through the OpenTelemetry ' log'metric' API
platform
F5OS platform metrics such as memory, disk, cpu, interface, and file
system
hardware
F5OS hardware sensors such as voltage, current, temperature, power, fan-speeds
optics
F5OS front-panel Optic DDM metrics
tenant
Low level tenant reported metrics such as memory, disk, cpu, interface stats
datapath
F5OS data-path metrics such as those generated by the FPGA and DMA
tmstat
F5OS tmstat tables exported as metrics
container
F5OS Per-Container metrics such as cpu, block-io, network, memory
For
Compression
, select the compression type. By default gzip will be selected.
For
Attributes
, specify the attributes for the exporter.
You can then click
+
or
x
to add or remove additional attributes.
Attributes are reference data which can be associated with the exporter. Attributes can be specified in the key & value format.
For Secure input, select
True
to enable and configure the Transport Layer Security (TLS) to secure the connections. The default option is
False
.
Before you can enable TLS encryption, you must configure a key and certificate on the system.
If you have selected
True
for secure connections, you can
use one of these methods:
Server Authentication only:
For
TLS CA Certificate
, paste the contents of the
certificate (self-signed or from a CA) for server TLS authentication.
Both Server and Client Authentication
For
TLS CA Certificate
, paste the contents of the
certificate (self-signed or from a CA) for server TLS authentication.
In the
TLS Certificate
field, paste the text of the
local certificate for client TLS authentication.
In the
TLS Key
field, paste the text of the private
key for client TLS authentication.
For
Reload Interval
, specify the duration to reload the certificate within the specified timeframe.
You can only specify the duration value in nanoseconds (ns), microseconds (us (or µs)), milliseconds (ms), seconds, minutes, and hours.
Click
Save &
Close
.
Delete an exporter from the webUI
You can delete an exporter from the webUI.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM SETTINGS
Telemetry
.
The Telemetry screen displays the existing exporter and associated details.
To delete an exporter, in the
Telemetry exporters
area, select the exporter from the list and then click
Delete
.
Click
Save
.
Add attributes to all exporters from the webUI
Attributes are reference data which can be associated with the exporter. Attributes can be specified in the key:value format. Spaces must be included between each entry. You can add attributes to all the configured exporters from the webUI.
Log in to the VELOS system controller
webUI or the chassis partition webUI using an account with admin
access.
On the left, click
SYSTEM SETTINGS
Telemetry
.
The Telemetry screen displays the existing exporter and associated details.
Under
Telemetry Attributes
, specify the attributes.
You can then click
+
or
x
to add or remove additional attributes.
Click
Save &
Close
.
OpenTelemetry configuration from the CLI
Display instruments from the CLI
An instrument is an area of metrics, which contain multiple metrics and can be enabled selectively.
Before configuring an exporter, you can display supported instruments from the CLI.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Show the total and available instruments:
show system telemetry instruments
Following is an example for the instruments that are supported on System Controller:
syscon-2-active# show system telemetry instruments
NAME DESCRIPTION
--------------------------------------------------------------------------------------------------------
all Report all logs and metrics produced by the F5OS platform layer
logs Report all F5OS logs file through the OpenTelemetry 'log' API
platform-log Export the F5OS platform log through the OpenTelemetry 'log' API
event-log Export the F5OS confd event log through the OpenTelemetry 'log' API
metrics Report all F5OS metrics through the OpenTelemetry 'metric' API
platform F5OS platform metrics such as: memory, disk, cpu, interface, and file system
hardware F5OS hardware sensors such as: voltage, current, temperature, power, fan-speeds
optics F5OS front-panel Optic DDM metrics
tmstat F5OS tmstat tables exported as metrics
container F5OS Per-Container metrics such as: cpu, block-io, network, memory
Following is an example for the instruments that are supported on Chassis
Partition:
default-2# show system telemetry instruments
NAME DESCRIPTION
--------------------------------------------------------------------------------------------------------
all Report all logs and metrics produced by the F5OS platform layer
logs Report all F5OS logs file through the OpenTelemetry 'log' API
platform-log Export the F5OS platform log through the OpenTelemetry 'log' API
event-log Export the F5OS confd event log through the OpenTelemetry 'log' API
metrics Report all F5OS metrics through the OpenTelemetry 'metric' API
platform F5OS platform metrics such as: memory, disk, cpu, interface, and file system
hardware F5OS hardware sensors such as: voltage, current, temperature, power, fan-speeds
optics F5OS front-panel Optic DDM metrics
tenant Low level tenant reported metrics such as: memory, disk, cpu, interface stats
datapath F5OS data-path metrics such as those generated by the FPGA and DMA
tmstat F5OS tmstat tables exported as metrics
container F5OS Per-Container metrics such as: cpu, block-io, network, memory
Configure an exporter without TLS from the CLI
An exporter defines an OpenTelemetry gRPC endpoint to which the F5OS Platform will push metrics/logs.
You can configure the exporter from the CLI.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Configure the exporter.
You must specify the IP address or DNS name of the server and the port number of the server on which OpenTelemetry (OTEL) is running
system telemetry exporters exporter <
server name
> config endpoint address <
address
> port <
port number
> instruments <
instrument name
> tls sercure { false | true }
Following example displays the configuration for an exporter in the System Controller :
Following example displays the configuration for an exporter in the System Controller :
syscon-2-active(config)# system telemetry exporters exporter test config endpoint address 10.146.243.109 port 4317 instruments [ platform hardware ] tls secure false
Following example dispalys the configuration for an exporter in the Chassis
Partition:
default-2# system telemetry exporters exporter test1 config endpoint address 10.144.74.171 port 4317 instruments [all] tls secure false
Commit the configuration changes.
commit
Configure an exporter with TLS from the CLI
An exporter defines an OpenTelemetry gRPC endpoint to which the F5OS Platform will push metrics/logs.
To optimize performance, F5 recommends to configure minimum
exporters, as they utilize system resources.
You can enable Transport Layer Security (TLS) and secure the connections for telemetry streaming. Before you can enable TLS encryption, you must generate a private key and self-signed certificate.
You can configure the exporter from the CLI.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
Configure the exporter.
You must specify the IP address or DNS name of the server and the port number of the server on which OpenTelemetry (OTEL) is running
system telemetry exporters exporter <
server name
> config endpoint address <
address
> port <
port number
> instruments <
instrument name
> tls sercure { false | true }
A summary similar to this example displays:
appliance-1(config)# system telemetry exporters exporter test1 config endpoint address 10.144.74.171 port 4317 instruments [all] tls secure true
Possible completions:
ca-certificate Specifies the CA Certificate content.
certificate Specifies the PEM-encoded telemetry client certificate (Configure for mTLS).
key Specifies the PEM-encoded telemetry client private key (Configure for mTLS)
reload-interval Specifies reload-interval in duration strings.
<cr>
You can secure the connections by using one of these methods:
To authenticate the server, add the certificate:
system telemetry exporters exporter
<
server name
>
config ca-certificate
Press Enter to enable multi-line mode and then paste the contents. Press Ctrl-D to
exit multi-line mode.
system telemetry exporters exporter test1 config ca-certificate
(<string>):
[Multiline mode, exit with ctrl-D.]
> ...
Following example displays the configuration for an exporter with secure connection in the System Controller:
After you configure the exporter, you can display the state of the exporter from the CLI.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Display the state of a specific exporter
show system telemetry exporters exporter <
server name
>
Following example displays the state of an exporter with secure connection enabled
in system controller for both server and
client:
syscon-2-active# show system telemetry exporters exporter test-mtls
system telemetry exporters exporter test-mtls
state enabled
state endpoint address 10.238.678.16
state endpoint port 4315
state instruments [ all ]
state tls secure true
state tls certificat
"-----BEGIN CERTIFICATE-----\nMIIFSTCCAzGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJJTjEL\nMAkGA1UECAwCVFMxDDAKBgNVBAcMA0h5ZDELMAkGA1UECgwCRjUxETAPBgNVBAsM\nCEFQSVNWQ0dXMREwDwYDVQQDDAhNeVJvb3RDQTAeFw0yMzExMTMwODE4MDFaFw0y\nNDExMTIwODE4MDFaMGAxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJUUzEMMAoGA1UE\nBwwDSHlkMQswCQYDVQQKDAJGNTERMA8GA1UECwwIQVBJU1ZDR1cxFjAUBgNVBAMM\nDTEwLjE0NC43NC4xNzEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDI\nHecdJvgITByPhLgtp8duUd0slfWABZYcRjpeLQj2FN7lPXMeKsuJn55zOSS9l/qv\nuOij7+FYj7asMLVfKBOZlLtR0AFEFSChM+bR48mTGMLpTo0pqEzod0KlxPt7P1bp\nDNkkfNlZZfIBFUvuDKgO4/ao45YEwD0DdXrswsnEh25e+NRLaPlmFbMRNhvfZKk6\nxkWW9Gd4int3EaXruHCc9FeMZAEyDelGxd5QlXU5VE9q3sJh6yHe0zssIAGatggR\nHzdxFxYwJsdDGedl1K9Z7v4zz7YG+3ziqZOdYtX+RXb/kJtTF1Xwk3gt6ZDH2BaU\nsDAZHHr87oei1qmISCaM2WMgHVo4XX2/R7dKLYvm/od91Fm1DLmpjNaHhWcNLbzH\nHdLbNwtlSPX7+6kBQbFTllyLcvmP6J2JTA+hVWkUNo6Ta82YAi2vW2bMKKkruNnt\n8XCsi23Yvh9EyiBWTGanaiVbA7FDs2fw9FRHeKqpN21cb5w29zacwJnHGjkwi/uI\ntUVjHDdUOCvawJbAsDj3oGkwSzHElUg6WsiQ/lY9ZdjoumHRbeY19RfXt33gfwgr\nNx/J/VVTbrR94Ysk6+NMW5M4M6EzktR3ikdnY3BoHCWIrE11eFWGwmTtQM5BxkbX\nzKPP9kc6rD9eNbvnxa8ZihVdsFHjh45LnXApDAHRDQIDAQABoxMwETAPBgNVHREE\nCDAGhwQKkEqrMA0GCSqGSIb3DQEBCwUAA4ICAQCL4WPnxZxkHQmWixwESO+r15hl\nStys4rwY7okRk9jLu90pV+TumO+/oWS+/ZbsKr0gbnGuvKiCZbsjzS9FHdBCDJTI\nZMbj2FLU4vwQZdaNRmmHJ8PjGVDrk5flAvM6mOBarZTuyElE8vAMlekjwcBwdEn3\n9Cyh10V+4U6C/6yJPdImsG2VCBN4UtiiROoUqBVFOZ8Us9tYjDtg7e85ZBtzNthK\n4rZ7cEbYMkYdQogC4J2LKGi+EDFEW7qbG1USArOo3mC2p4cAMTIhk5mfWPbyH8Ka\napOQU9o3/TrWCGMnSTYkrTV7IAtkjqEnlJzclMa1p4slYPVYgfsRS4JMtjnTxVtd\n9QoeNjlm81jqtUdxZLNTPJlLW6+tsonK12fkBFpiYHlFXR80VmVJ/llzjhSV8M7h\nphB1mzgVuhRSwEV7ZKtltYEvuXXnoI53AOJ8uZfK+a3OKTD/LNzfeKIDT9iYUznR\nK118PFLjRns25+ZsMsf+l72c9rvu4hpywnnTPp/1xT1OjfBh1Df66VNLjssg00d5\ncNqwtS3wQkTvrNk1ivSUr0fnq6EAtK5HALVs7+USXiHtfV7H1rqN8f6cMSdVGcHl\nGIuN7GXyY+Kclg+uFcRHTFGryESl1YhTV0LRdSBrR4Im1kPcuxqhOu65104jIlx7\n9P1GdQ6vjkCt8i0hXQ==\n-----END CERTIFICATE-----\n"
state tls key "$8$j6uZb0TF3fbN/hX/iayVBUJLDpyz1LJE3w2DkQXEB6BkBAi3PCWNLUAaQIopIND0EAdrN/Pq\nq/Exkmmv4NUt+pvhTtyYnZ03dFXGxdI3wOS3ctjLXkYeIaxatjhq/6ns/S/bKWSNgeMIt0CY\nUzxfp8dsV8a6JG/OoCZ2JsNlsYVzJ1fSQnTKTRcUtSrEfBdJn82Kr3wdx7lWInpyJWMNLNHs\nT4x0qv1Fm+mzW5q5/iZu/e/4F6c5WgCIpD6im0npfSYaQxH2gtjN9Xfpm+QK8WFxZJ3B1KxC\napu1oE9uUz1/8TWjfYPjeotvTcuxRz9j7aDyM6a9ONBesnA8Ngr4JiWvex1p0ctBK98DgXrz\nseahjyE4czwcIl6/WMUM6NuP38RG7BitFAt+c8Tf0C/tCzj1urZCwxMkg0+Vu6pzoZXTUMVv\ny+lbTzvnQpG90oR/LR4SbJI1RJ8w3v8lgrOT9EDCq847CD+ebqv9ONIZF74cH7z6eeTQPZmo\nw9bH0tGlbT0RrKWghGxB4NZGV5ivMJJTDGkCaIEXuw8GCo70uSXX9tn9VNiXz2LObTHBuRnp\n4F1F4Z7ESw7V/Mru1vJh3rb1v7fd7VHccvvQokWCL8Zg3DpC3x07hEMh4OzX09eY/PTRdceE\nBP+rUAt6aX4lVf24a/osFFEiApUceOBntHhZsxvnpwbwImC1Q6zyu4atVOaZtMwPDD1CdX6b\naOI/ZFNrG25jqpicIqO3sON64BOg+y6iWnfsiiOQZZ17+qcv4hsoR0hnjBJiNjeKqsxgrJA1\nhY4OHCNPVaK5jGEa+zBJJzYXrgYZFsqR5vgOGnCSFdLxtBckJ+H8O8V/v2Des96XwMkv2Fss\nxiCTUqbRrm1viquRtaVW9uygVc1MG1qSMv/YC7dun/X2Qx9RyBeM/SYjCsAYyp4zd4qeAcNp\n0MBAjgCdfL6+qxM6xtDnEXbFQO01JN6qMAMtcmwjQjO78qOjtxWwMJFPEa6ntEJRkeGeSqmn\np/QE9VbV+kB7W6Jj7DvmmWuqqQx1qX3EQBKKEx3pGpWTYpVA56Skki3UwygTbfYPQtRb3las\n6/NSHEtmT84EBhzraPk2N4E2Qj8O48U8IttKBAEd7vz7KMMPbDNvLu7pOOAgdNpuW8H4of3X\nn2TSiE2CseXAujlI9Hp7ag8YEM+1exxsXwz2Ft4oKMqE5/vjOd+MZfdm6DQP8Yv0h+bRUX+X\niUwkV3sO0zGX2cmw9vnMy9tVQXo7lZd2d+XVXZIFhhvo5L3OL0U+9TeOy4qbwEhfGWqoA8/l\ncsDJVZmjhVpXzj+gb1igSwx2YvmlSpZBTeJlFUGgJlUnGyDBXIebiPbb4GFTM19JKpRIJrrp\n2Bt93vlYczY3eD9KEN4TrxBz/mTD0pQIALopqf3FDP3/6sa6lcs9JWv5beTO4KkyfySiBC+m\n1J3zwoISPBPYWjxVclthLaZqY61AhL4yNVhjmE16G8XR1xXHn8BFD4wXlj82LndpQhSKxMpc\nDPzGHHs83I5K30/BbrAHwht0Z2q4IWhCRnXVWC5Vn/9E+3omophSL05/SPpj9I9D3a7/bWYm\nuFHfrG9omjRPgnkdUAED8keW1SRm0Z9k1Rz8862zhhMWE6Bj6kA1j1unmv+jXuWYboxEhOLI\narDCmWejfiZfM1wqNeJiUiwFpmBLFM3tiDqSB6tedPdoIwQi2VEvnQBpB4mj5xui6cgjeDWs\nWXkOlqEpVhg4/5G5LwcHpQPG993YlCfRk2qo52xFE+BagN/hpUm3MIYB8prDojnVvWm2YmQr\nJJdL2KmCoxC9NpMeomYNcYGjNYSyDTFriLZMUXz3xRG7DZhG4Q6NtWlyDZAUwILuoJ9f9MHs\ntJ6fnyIMhmdGgGRapHPYeZ1ll/pjpCnG5dMCoZjDkOLqJHLrh+QqAIWeTG2ZRlkXmQ1DXL0v\nPLTaqauOXGpg09mrleZgSlqpoDQof/+QQ4/QDmAz6Itxi7m20ngmhmnAq7lxAryBdeP2f+WG\nV73SjQO/5Xs9khc7QfYxD4D1tTYNJhfqNjHG3pv1AxOxzpHFFxfuvNhk5CRqiH+jWNiL8lpj\nxM7dldtzfw9fGgZeG0vtI25AnT8dVpFZYYwr23Rij0LmagspC0KWyS7vPiMnZ2znD791SozF\nfEJUGUGKYhkxLpaHV9X5IdZt7XJ54J1e4091cudQ1U6PzV7ypurEaw5DaerrZ++jC5bc8Kgl\nuEw73TUp7yrIJDWcPXjh/VSPlB11mcVc+YoPAyFIqpVcZSklllZynSEg+SAhVpr99OFM0i9F\n0EEIzExiDyJnc+iPRaJkOJhyN66F4psEXWbVASRUD4PqNPtHpJyX/1P/xjvK3YAnQeMCvDJ/\nvknR8N54XPCGH38fBXJbVEaK+yQgPbBAZHkNM7cZBxmjoZJ1694/eGAcsDLm3Gs/kDn7UxgF\nw69Qiff6Jgq4OMIPwqDlJHrB9fRQixYmFw4q2bhtgccUWUj/MLj2UECVGMD7/wubz6ovpf4r\nYtYz68wJx/AegWYw1AkMIa1VBOeUXXGCHXXfsJe4CPNZkOUb7de0ZgqgTtGpckDUvrlxvoFT\nzKKMBGZcbsVf7dkNPVF/htT3vkD/t1zf81nxuJFL0Ku9Jmws/u63sVHqr1iu26oInaQpXOoz\nDcfu6f5c22sZLoq8XTfi3zoIEZiFtpua+KEZAe5LbdsdGXL+yIiz6Ysp1PS28kvXgSgeDlxN\nTxC0diBKoaBSP0Gkcp/vGYI2gXJdLu3xT7OuLPLC6B9PQ1A2PVzVRCKU0vUGwrB8/SMNUWYv\nogyoFOXJ2xwig5u8xQKJAv9EtQuDi1XSjigEU4OlNjJGOfdk0ZJ32tBhDf/ghc1QKCD3/lpR\nJ41RMlcWcGVfqLqN/So/RADCSgiz3MI6kBavJXGnQOfDmtIQ1vTNcsULgpd4X/owoDAKVTJV\n8RCGsVmn4SQHxyRSl1m4c3tzYY9+LhRkC6XfglH9nSKZhP7mrq/tdmM/7/Vu/Zz8XTsBAhVz\npFc/JIP1LHlZOEbEkBF79rWaPly3EXHEQ/7XXgiLVqo+nFp+I8oQwb1dxIKsKT3JFBN9G/81\nBUppiTmXDivFefkzZyWRRws7LQkN7dgMysEerzXM6tIVhtpu28xqkb0WaClQQXi193MA/SNX\n8xq02KH7DWmpY95bZ/EVD9uog8q/HSR7Y9SlJKuUL/qPPk1Rq5vMVr1njmJhtXmpb8rLWs8w\nYa0dCPMebiRacF1ikyDjasnax9ZOsGRaDPuWe/5QNxMVjAJRA0GWbrX7O72UlnMpfANOvT0C\nV8K35H2/BIgJYgr/kLn6Ye2+oT6evXiJw4m3ors2KrCnxb+3sPExWKHmzm5vvN5I8E1mYoyo\nWQoXxu63J+ZkuylD13/Gh2ynOFNATnnxeBSVpi3SIc+hFI5dqSSHCOJ/6iYDkjYJoZnbk6SC\nlWnsB3ZzMIIOYL36+l4XckoCju60aRnZGGnyf0VjVaHPOUsYcFJu1gCGn3BWv0K/LlpiSCrs\n2bgPG4ZH3lSTWvyWfISHDru/u2i2qUr2cw5Z9BfJg2rsbjbjOcxe4pAc5c2DgzhBkF415lic\nFMiX8xhV0ADRiNsaRN/xjHYJe/k8hhQ98TixZy/EZdsWtHsLamg7ODXMGZAzNA43MI0xCJTf\n0qrf8Lfof34d1g7aiqF9VxV7Gb2jYZ6qVR8pJfRG8CkI28m+HVW2r+qQC+18Q0CaLKgvQgsg\nioAGvlM18eI+cWe8xmZEBLTzOyOWXonM3RDXZPTWSkhLA4F9tuwPcrxLrdrykPQMx0Fp6vji\nln3Dm9GwlztImHkkmnYDfmOPe0+W4AAJOYcl6v200gpY26iAjtFSP9As9FYc+e0H1/bW8KE2\noTXSRkvhy/dCvijJAZMxrawHCZK378kx/kU/RqnsNr4EBoXnf25Kjo+Z4Xz3J7jqgH4PU/pe\nSfk77/dgMZp15Bq8J+a0Uft0OP9j7baG/l9TclLytmoO03C4Cr8i/qfX1HUxsnf17pArYiyU\n+y1XMxAmfVjbj8gGOyrsitjqgX4MHDautext7gwzB+kFzH8ZFwsqGpxX62SNe8uwONtKVrPM\n5sjNDzLXaDXzJ0XiZU027VZNfJ23wV5GwIew/Q/EzIIhujU8tz0ndZBYbQObPHcXGwPMM731\n8cH4iSA7ZU17rUnFihB8Btsdr+6lxj7X2gykVVsZJ9wRDflkK9I9f79c0Wsfe5rMCckSNkjI\ncoaET2QJCe35Gmy57SgwQIQJH1NAi9+BUeP6ii2z5OMkVp+p9xXjjvvrRCtLrO3ZCpPPh6lN\ncj1q/npvZJldbe4eet/wtplOdd9vzDxN"
state tls ca-certificate
"-----BEGIN CERTIFICATE-----\nMIIFiTCCA3GgAwIBAgIJAOhKpL9Y2XI0MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV\nBAYTAklOMQswCQYDVQQIDAJUUzEMMAoGA1UEBwwDSHlkMQswCQYDVQQKDAJGNTER\nMA8GA1UECwwIQVBJU1ZDR1cxETAPBgNVBAMMCE15Um9vdENBMB4XDTIzMTExMzA3\nMTgzOVoXDTI0MTExMjA3MTgzOVowWzELMAkGA1UEBhMCSU4xCzAJBgNVBAgMAlRT\nMQwwCgYDVQQHDANIeWQxCzAJBgNVBAoMAkY1MREwDwYDVQQLDAhBUElTVkNHVzER\nMA8GA1UEAwwITXlSb290Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\nAQDQ/BzhFOmjSQpi/IHCaD8lGB353a5Lbq42WRM37DJXbZ1aOL57JNEdenHmqi9C\n8KQSM5E4rtEvEnNL667JeYzXZA6W8Juf6fgMhjvPhK1knFB1Hs1wROgPVhv2Xd0Q\ncVVHBE4CWCrazVD2dM/lRgCr/kxJVI+u5y16Kpe4c/0qoUetkcCEGnm04hC7N41O\n5UfbDGHFyqYNVU+f5EnCG0fV/LrWxqKGMSB8KUywAEJ32pteUxpsI5fq50XKPBkK\nPFrSM2T4lipwt2A1bKOq+GU8J8YefEIQNBxznQdMHOntWyJ+9spxxa2MVco045kH\nXVX6YpVe3OQ8Ogd41TgXHPLcCzCtSeblXn2OkxNB8LjcdGDtRTOEc+mvUIZrw5YZ\nFxegJOsoOm1Ul7YLaIvT281dyueqaAxq85OB+SYlcVe7BiorjoiF44ABAkBcQYrf\n/byNoQJ/y4pPjD0suKznyC0q+MZSjra7ezv8mquT/nRo5v0XwtlC1hLOxRr6ljqH\ns/irTqqzosqF/PidfaWopninLEGtMm2w5J4nqZn2XzHfCXs8uFxNlfy3X79E497r\njP/MfbFzjfZuJI/PjFVSF4I9Jj9sNbOIY4YVeKU65vjDnADFu0wZ5GA2O964hhX/\nJ24RqVLVnsieMvaW5cfIvMXSAIYU7h2hyny308JA72X44QIDAQABo1AwTjAdBgNV\nHQ4EFgQU2tPO6b+uiyewldxz0htrBLy6hI4wHwYDVR0jBBgwFoAU2tPO6b+uiyew\nldxz0htrBLy6hI4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAsGsA\nj9rqRoCbbbQfGcdcxhNbDv05kICCyVn51rwc7iHYmY5PHZbUuaTo4nfJF7yiAjtD\nwqSdZf3iRMAipHMInjHsWi+Aiv6JGABUHexnN1QNY99fw1XuvevC7XFSzOXH5Vq4\n0mn0s9LEk4gyGZm2WqEZ887sbe8xEM1yG5IQkt0N5Sfg6PADjPXc6IwPVAltvzVi\n1ZuoIUqrryQsT1KlaWgZW5zx+N9oWgeE934zC3JpxnbHKZduCsPhIiwc/MQRdLFD\nElXzaAVLM3qFsPu9UMynT1IdbN1Z2dtCiwDxP+gvUflnENRFISBuYG0WA+D/7p2I\nOkV7WeCs5AVeRrgnCNYDdxqPaRDoSfxKfNOMaXWV4519nW1DdfonDVnw0dITB0wG\n7ur/2Y2QfmAKjCoCI/gtDls60L8sNVpZgXVhkDjbYVELQN7uYSuMFYmZAeKDuXyH\n7hq+3oa+B3Nr9+h8A8fg3tIjeH6B/A0vz8zyBhtFctesmOV10TBZ6eCG+h+VvxPk\nS65kZxcp+KuR41esUYjbTbnN58QqUDMfDWb7nbYRr9sxBcktfxSDnUzLzhGfvnDa\nEF1MDwL8ivR1Fzh1B0YaMU7CNsDba7B3QgG08hrG18SiAFVuW/dcLnyIx9YHaPox\n+1efl7PuS/ILKF78pMnHur+xpt5oQmHf1erqqBE=\n-----END CERTIFICATE-----\n"
state options compression gzip
Modify the exporter configuration from the CLI
You can modify the configuration of an exporter from the CLI.
Connect using SSH to the system
controller floating management IP address or chassis partition
management IP address.
Log in to the command line interface
(CLI) of the system controller or chassis partition using an account
with admin access.
When you log in to the system,
you are in user (operational) mode.
Change to config mode.
config
The CLI prompt changes to
include
(config)
.
You can use the following commands to modify the exporter configuration:
Disable the
exporter
system telemetry exporters exporter <
server name
> config disabled
When
you specify an exporter, a summary to this example displays:
syscon-2-active(config)# system telemetry exporters exporter server1 config disabled
Modify option
compression
system telemetry exporters exporter server1 config options compression <
new value
>
A
summary to this example displays:
syscon-2-active(config)# system telemetry exporters exporter server1 config options compression zstd
You can monitor data and metrics related to the usage, performance, and behavior of the
system from the webUI. These statistics are crucial for monitoring, managing, and
optimizing the system. You can monitor the following system details:
System CPU Usage:
Shows the measurement of CPU utilization by the
system.
System Memory Usage
: Shows the measurement of memory utilization by the
system.
System Disk Usage
: Shows the measurement of disk utilization by the
system.
Display system statistics from the webUI
You can monitor system's statistics from the
webUI.
Log in to the VELOS chassis partition
webUI using an account with admin access.
On the left, click
SYSTEM SETTINGS
System Details
.
Select a configured blade from the
Blade
dropdown to see the system
statistics.
You can now see the following statistics and status of the system.
System CPU Usage
: Displays the vCPU’s current utilization of
the system by default. However, if multiple vCPUs are available, you can select a vCPU
and change the time series to view the historical data and analyze the vCPU
utilization.
System Memory Usage
: Displays the current memory utilization
of the system by default. However, you can change the time series to view the
historical data and analyze memory utilization.
System Disk Usage
: Displays the disk’s current utilization of
the system by default. However, if multiple disks are available, you can select a
disk, data type, and change the time series to view the historical data and analyze
memory utilization
Display system statistics from the CLI
You can monitor data and metrics related to the usage, performance, and behavior of a tenant from the CLI. These statistics, tenant CPU usage, memory usage and disk usage, are crucial for monitoring, managing, and optimizing the tenant.
Log in to the command line interface
(CLI) of the chassis partition using an account with admin
access.
When you log in to the system,
you are in user (operational) mode.
Show tenants status and statistics.
tenants tenant <
tenant name
> state <
action
>
You can get the stats with an average of 10 seconds, 30 seconds, 1 minute, 5 minutes, and 10 minutes.
This example displays the tenant status and statistics for a BIG-IP tenant running on the rSeries system.
