analytics dos-l7 report
analytics dos-l7 report(1) BIG-IP TMSH Manual analytics dos-l7 report(1)
NAME
report - Displays an HTTP/L7-DoS analytics report.
MODULE
analytics dos-l7
SYNTAX
Show, save or send an analytics dos-l7 report using the syntax shown in
the following sections.
DISPLAY
show report view-by [ activity-type | application | attack-id | behavioral-signature | bot-defense-reason | browser | client-ip | client-subnet |
country | country-code | device-id | dos-mobile-app-client-type | dos-mobile-app-display-name | dos-mobile-app-emulation-mode |
dos-mobile-app-human-behavior | dos-mobile-app-jail-break | dos-mobile-app-version-name | dos-profile | dosl7-bot-signature |
dosl7-bot-signature-category | http-method | http-transaction-outcome | mitigation | os | pool-member | response-code |
suspected-ip | trigger | url | user-agent | vector | virtual ]
options:
drilldown {
{
entity [ activity-type | application | attack-id | behavioral-signature | bot-defense-reason | browser | client-ip | client-subnet | country |
country-code | device-id | dos-mobile-app-client-type | dos-mobile-app-display-name | dos-mobile-app-emulation-mode |
dos-mobile-app-human-behavior | dos-mobile-app-jail-break | dos-mobile-app-version-name | dos-profile | dosl7-bot-signature |
dosl7-bot-signature-category | http-method | http-transaction-outcome | mitigation | os | pool-member | response-code | suspected-ip |
trigger | url | user-agent | vector | virtual ]
values
{
[value ...]
}
} ...
}
field-fmt
include-total
include-others
limit [number of rows]
measures {
[measure name ...]
}
order-by {
{
measure [ measure name ]
sort-type [ asc / desc ]
} ...
}
range [date range]
SAVE
save report view-by [ activity-type | application | attack-id | behavioral-signature | bot-defense-reason | browser | client-ip | client-subnet |
country | country-code | device-id | dos-mobile-app-client-type | dos-mobile-app-display-name | dos-mobile-app-emulation-mode |
dos-mobile-app-human-behavior | dos-mobile-app-jail-break | dos-mobile-app-version-name | dos-profile | dosl7-bot-signature |
dosl7-bot-signature-category | http-method | http-transaction-outcome | mitigation | os | pool-member | response-code |
suspected-ip | trigger | url | user-agent | vector | virtual ]
options:
drilldown {
{
entity [ activity-type | application | attack-id | behavioral-signature | bot-defense-reason | browser | client-ip | client-subnet | country |
country-code | device-id | dos-mobile-app-client-type | dos-mobile-app-display-name | dos-mobile-app-emulation-mode |
dos-mobile-app-human-behavior | dos-mobile-app-jail-break | dos-mobile-app-version-name | dos-profile | dosl7-bot-signature |
dosl7-bot-signature-category | http-method | http-transaction-outcome | mitigation | os | pool-member | response-code | suspected-ip |
trigger | url | user-agent | vector | virtual ]
values
{
[value ...]
}
} ...
}
file [ file name ]
format [ csv-aggregated | csv-time-series | pdf ]
include-total
include-others
limit [number of rows]
measures {
[measure name ...]
}
order-by {
{
measure [ measure name ]
sort-type [ asc / desc ]
} ...
}
range [date range]
SEND
send-mail report view-by [ activity-type | application | attack-id | behavioral-signature | bot-defense-reason | browser | client-ip | client-subnet |
country | country-code | device-id | dos-mobile-app-client-type | dos-mobile-app-display-name | dos-mobile-app-emulation-mode |
dos-mobile-app-human-behavior | dos-mobile-app-jail-break | dos-mobile-app-version-name | dos-profile | dosl7-bot-signature |
dosl7-bot-signature-category | http-method | http-transaction-outcome | mitigation | os | pool-member | response-code |
suspected-ip | trigger | url | user-agent | vector | virtual ]
options:
drilldown {
{
entity [ activity-type | application | attack-id | behavioral-signature | bot-defense-reason | browser | client-ip | client-subnet | country |
country-code | device-id | dos-mobile-app-client-type | dos-mobile-app-display-name | dos-mobile-app-emulation-mode |
dos-mobile-app-human-behavior | dos-mobile-app-jail-break | dos-mobile-app-version-name | dos-profile | dosl7-bot-signature |
dosl7-bot-signature-category | http-method | http-transaction-outcome | mitigation | os | pool-member | response-code | suspected-ip |
trigger | url | user-agent | vector | virtual ]
values
{
[value ...]
}
} ...
}
email-addresses {
[email address ...]
}
format [ csv-aggregated | csv-time-series | pdf ]
include-total
include-others
limit [number of rows]
measures {
[measure name ...]
}
order-by {
{
measure [ measure name ]
sort-type [ asc / desc ]
} ...
}
range [date range]
smtp-config-override [ smtp configuration object name ]
DESCRIPTION
Use this command to generate HTTP analytics reports. You can generate
an HTTP analytics report for the following entities:
o activity-type - Activity type.
o application - Application services.
o attack-id - Application/L7 DoS Attack ID.
o behavioral-signature - Behavioral signature.
o bot-defense-reason - BOT defense reason.
o browser - Browser.
o client-ip - A single client identified by an IP address.
o client-subnet - Client subnet.
o country - A country from which HTTP/HTTPs traffic was sent to each
of the virtual servers.
o country-code - Country code from which HTTP/HTTPs traffic was sent
to each of the virtual servers.
o device-id - Device ID.
o dos-mobile-app-client-type - DoS mobile application client type.
o dos-mobile-app-display-name - DoS mobile application display name.
o dos-mobile-app-emulation-mode - DoS mobile application emulation
mode.
o dos-mobile-app-human-behavior - DoS mobile application human
behavior.
o dos-mobile-app-jail-break - DoS mobile application jail break.
o dos-mobile-app-version-name - DoS mobile application version name.
o dos-profile - DoS Profile.
o dosl7-bot-signature - DoS Layer 7 bot signature.
o dosl7-bot-signature-category - DoS Layer 7 bot category.
o http-method - Method.
o http-transaction-outcome - HTTP Transaction outcomes
(Blocked/Dropped/Passthrough/etc.)
o mitigation - Mitication.
o os - OS name.
o pool-member - Pool members.
o response-code - An HTTP response code that was sent back to the
client.
o suspected-ip - Suspected address IP.
o trigger - Trigger.
o url - A URL accessed by HTTP or HTTPs.
o user-agent - A browser identifier sent by the client's browser as
part of the request for URL.
o vector - Attack vector.
o virtual - Virtual servers.
Different measures are collected for each of these entities and can be
a part of the report request.
EXAMPLES
show analytics dos-l7 report view-by virtual measures {average-tps}
limit 20
Gets the average tps of 20 virtual servers (unordered).
show analytics dos-l7 report view-by virtual measures {average-tps}
limit 20 order-by { { measure average-tps sort-type desc } }
Gets the average tps of the top 20 virtual servers.
show analytics dos-l7 report view-by virtual measures {average-tps}
limit 20 order-by { { measure average-tps sort-type desc } } range
now-3d--now
Gets the average tps of the top 20 virtual servers from the last three
days.
show analytics dos-l7 report view-by virtual drilldown { { entity
application values { app } } { entity pool-member values { p1 p2 } } }
range now-4d--now-2d measures {average-tps} limit 10 order-by { {
measure average-tps sort-type DESC } }
Gets the average tps of the top 10 virtual servers (ordered by average
tps) on app iApp (out of several monitored) on pool members p1 and p2
(out of five monitored p1-p5) in the interval ranging from two to four
days ago.
show analytics dos-l7 report view-by response-code drilldown { { entity
virtual values { v1 } } } measures { transactions }
Gets a distribution of requests per response code on virtual v1.
show analytics dos-l7 report view-by country drilldown { { entity
application values { app } } } measures { average-concurrent-sessions
average-sessions } order-by { { measure average-sessions sort-type DESC
} } limit 5
Gets the new sessions and average concurrent sessions of the top five
countries, ordered by the average concurrent sessions on the
application app.
show analytics dos-l7 report view-by client-ip drilldown { { entity
virtual values { v1 } } } measures { max-page-load-time } limit 1
Gets the client IP address with the worst page load time.
show analytics dos-l7 report view-by application drilldown { { entity
pool-member values { p1 p2 } } } measures { transactions } order-by { {
measure transactions } } range now-7d--now
Gets the distribution of requests per application on pool members p1
and p2 ordered by the number of requests during the last week.
save analytics dos-l7 report view-by virtual measures {average-tps}
limit 20 order-by { { measure average-tps sort-type desc } } format pdf
file report.pdf
Gets the average tps of the top 20 virtual servers and exports to a PDF
file on the BIG-IP system.
save analytics dos-l7 report view-by virtual measures {average-tps}
limit 20 order-by { { measure average-tps sort-type desc } } format
csv-aggregated file report.csv
Gets the average tps of the top 20 virtual servers and exports to a CSV
file on the BIG-IP system.
save analytics dos-l7 report view-by virtual measures {average-tps}
limit 20 order-by { { measure average-tps sort-type desc } } format
csv-time-series file report.csv
Gets the average tps over time of the top 10 virtual servers and
exports to a CSV file on the BIG-IP system.
send-mail analytics dos-l7 report view-by virtual measures
{average-tps} limit 20 order-by { { measure average-tps sort-type desc
} } format pdf email-addresses { some.one@someaddress.com }
Gets the average tps over time of the top 10 virtual servers and sends
out an email containing the report as a PDF.
OPTIONS
device
Specifies a BIG-IP device on which to generate a report.
(Enterprise Manager only)
device-list
Specifies a custom list of BIG-IP devices on which to generate a
report. (Enterprise Manager only)
drilldown
Specifies specific entities that are used as a filter.
email-addresses
Specifies the list of email addresses to which the report file is
sent when using the send-mail command.
file Specifies the exported file path to be saved when using the save
command. The file name should be simple (not a full path).
format
Specifies the exported file format to be saved or sent. This
option must be specified when using the save or send-mail
commands.
include-others
Specifies that the grand total for the measure is displayed for
all entities, except for those shown in the result. It can be used
along with include-total.
include-total
Specifies that a total summary row should be added to the
analytics report. For average measures, the total value is also an
average.
limit
Specifies the maximum number of rows/entities in the output result
set/file. The default value is 10, not including the total
row/entity. The maximum value is 1000.
measures
Specifies a list of measures that can be used with the chosen
entity type. The default value is transactions. The options are:
average-concurrent-sessions
The average number of concurrent sessions for each entity.
average-new-sessions
The average number of new sessions for each entity.
average-page-load-time
The average client page load time for each entity.
average-request-throughput
The average request throughput for each entity.
average-response-throughput
The average response throughput for each entity.
average-server-latency
The average server latency for each entity.
average-tps
The average number of transactions per second for each
entity.
client-side-sampled-transactions
The number of transactions sampled for client side page load
time.
max-page-load-time
The maximum client page load time for each entity.
max-request-throughput
The maximum request throughput for each entity.
max-response-throughput
The maximum response throughput for each entity.
max-server-latency
The maximum server latency for each entity.
max-tps
The maximum number of transactions per second for each
entity.
transactions
The absolute number of transactions for each entity.
min-server-latency
The minimum server latency for each entity.
average-request-size
The average request size for each entity.
average-response-size
The average response size for each entity.
average-application-response-time
The average application response time for each entity.
min-application-response-time
The minimum application response time for each entity.
max-application-response-time
The maximum application response time for each entity.
average-client-ttfb
The average client TTFB for each entity.
min-client-ttfb
The minimum client TTFB for each entity.
max-client-ttfb
The maximum client TTFB for each entity.
average-clientside-network-latency
The average client-side network latency for each entity.
min-clientside-network-latency
The minimum client-side network latency for each entity.
max-clientside-network-latency
The maximum client-side network latency for each entity.
average-serverside-network-latency
The average server-side network latency for each entity.
min-serverside-network-latency
The minimum server-side network latency for each entity.
max-serverside-network-latency
The maximum server-side network latency for each entity.
average-request-duration
The average request duration for each entity.
min-request-duration
The minimum request duration for each entity.
max-request-duration
The maximum request duration for each entity.
average-response-duration
The average response duration for each entity.
min-response-duration
The minimum response duration for each entity.
max-response-duration
The maximum response duration for each entity.
attacks-count
The total number of attack for each entity.
valid
The total number of valid transactions for each entity.
average-valid-tps
The average number of valid transactions for each entity.
mitigated
The total number of mitigated transaction for each entity.
average-mitigated-tps
The average number of mitigated transaction for each entity.
blocked
The total number of blocked transactions for each entity.
average-blocked-tps
The average number of blocked transactions for each entity.
incomplete
The total number of incomplete transactions for each entity.
average-incomplete-tps
The average number of incomplete transactions for each
entity.
order-by
Specifies the measures and sort type (ascending or descending)
that will be used to sort the final report. The default value for
measures is previously chosen measures. The default value for sort
type is desc (descending).
range
Specifies the time/date range of the analytics information that
you want to display. The given results will reflect the time range
chosen here. The default value is the last hour (now--now-1h).
smtp-config-override
Specifies the SMTP configuration to use when sending reports by
email. This overrides the default SMTP settings.
SEE ALSO
show, save, send-mail, tmsh, ltm profile analytics, security dos
profile, analytics report
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013, 2015, 2018. All rights
reserved.
BIG-IP 2018-07-16 analytics dos-l7 report(1)