analytics network reportΒΆ

analytics network report(1)   BIG-IP TMSH Manual   analytics network report(1)



NAME
       report - Displays a network firewall analytics report.

MODULE
       analytics network

SYNTAX
       Show, save or send an analytics network report using the syntax shown
       in the following sections.

   DISPLAY
	show report view-by [ l3l4-errors-error-reason | l3l4-errors-network-protocol | l3l4-errors-action | l3l4-errors-source-ip | l3l4-errors-destination-ip | l3l4-errors-vlan |
			      acl-enforced-application | acl-enforced-destination-ip | acl-enforced-destination-port | acl-enforced-policy | acl-enforced-rule |
			      acl-enforced-rule-action | acl-enforced-rule-context | acl-enforced-rule-context-type | acl-enforced-self-ip | acl-enforced-server-ip |
			      acl-enforced-source-ip | acl-enforced-source-port | acl-enforced-translation-pool | acl-enforced-translation-type | acl-enforced-vlan |
			      acl-mgmt-application | acl-mgmt-destination-ip | acl-mgmt-destination-port | acl-mgmt-rule | acl-mgmt-rule-action |
			      acl-mgmt-rule-context | acl-mgmt-source-ip | acl-mgmt-source-port  |
			      acl-staged-application | acl-staged-destination-ip | acl-staged-destination-port | acl-staged-policy | acl-staged-rule |
			      acl-staged-rule-action | acl-staged-rule-context | acl-staged-rule-context-type | acl-staged-self-ip | acl-staged-server-ip |
			      acl-staged-source-ip | acl-staged-source-port | acl-staged-translation-pool | acl-staged-translation-type | acl-staged-vlan ]
	 options:
	  drilldown {
	    {
		entity [ l3l4-errors-error-reason | l3l4-errors-network-protocol | l3l4-errors-action | l3l4-errors-source-ip | l3l4-errors-destination-ip | l3l4-errors-vlan |
			 acl-enforced-application | acl-enforced-destination-ip | acl-enforced-destination-port | acl-enforced-policy | acl-enforced-rule |
			 acl-enforced-rule-action | acl-enforced-rule-context | acl-enforced-rule-context-type | acl-enforced-self-ip | acl-enforced-server-ip |
			 acl-enforced-source-ip | acl-enforced-source-port | acl-enforced-translation-pool | acl-enforced-translation-type | acl-enforced-vlan |
			 acl-mgmt-application | acl-mgmt-destination-ip | acl-mgmt-destination-port | acl-mgmt-rule | acl-mgmt-rule-action |
			 acl-mgmt-rule-context | acl-mgmt-source-ip | acl-mgmt-source-port  |
			 acl-staged-application | acl-staged-destination-ip | acl-staged-destination-port | acl-staged-policy | acl-staged-rule |
			 acl-staged-rule-action | acl-staged-rule-context | acl-staged-rule-context-type | acl-staged-self-ip | acl-staged-server-ip |
			 acl-staged-source-ip | acl-staged-source-port | acl-staged-translation-pool | acl-staged-translation-type | acl-staged-vlan ]
		values
		{
		  [value ...]
		}
	    } ...
	  }
	  field-fmt
	  include-total
	  include-others
	  limit [number of rows]
	  measures {
	    [measure name ...]
	  }
	  order-by {
	    {
	      measure [ measure name ]
	      sort-type [ asc | desc ]
	    } ...
	  }
	  range [date range]

   SAVE
	save report view-by [ l3l4-errors-error-reason | l3l4-errors-network-protocol | l3l4-errors-action | l3l4-errors-source-ip | l3l4-errors-destination-ip | l3l4-errors-vlan |
			      acl-enforced-application | acl-enforced-destination-ip | acl-enforced-destination-port | acl-enforced-policy | acl-enforced-rule |
			      acl-enforced-rule-action | acl-enforced-rule-context | acl-enforced-rule-context-type | acl-enforced-self-ip | acl-enforced-server-ip |
			      acl-enforced-source-ip | acl-enforced-source-port | acl-enforced-translation-pool | acl-enforced-translation-type | acl-enforced-vlan |
			      acl-mgmt-application | acl-mgmt-destination-ip | acl-mgmt-destination-port | acl-mgmt-rule | acl-mgmt-rule-action |
			      acl-mgmt-rule-context | acl-mgmt-source-ip | acl-mgmt-source-port  |
			      acl-staged-application | acl-staged-destination-ip | acl-staged-destination-port | acl-staged-policy | acl-staged-rule |
			      acl-staged-rule-action | acl-staged-rule-context | acl-staged-rule-context-type | acl-staged-self-ip | acl-staged-server-ip |
			      acl-staged-source-ip | acl-staged-source-port | acl-staged-translation-pool | acl-staged-translation-type | acl-staged-vlan ]
	 options:
	   drilldown {
	    {
		entity [ l3l4-errors-error-reason | l3l4-errors-network-protocol | l3l4-errors-action | l3l4-errors-source-ip | l3l4-errors-destination-ip | l3l4-errors-vlan |
			 acl-enforced-application | acl-enforced-destination-ip | acl-enforced-destination-port | acl-enforced-policy | acl-enforced-rule |
			 acl-enforced-rule-action | acl-enforced-rule-context | acl-enforced-rule-context-type | acl-enforced-self-ip | acl-enforced-server-ip |
			 acl-enforced-source-ip | acl-enforced-source-port | acl-enforced-stranslation-pool | acl-enforced-translation-type | acl-enforced-vlan |
			 acl-mgmt-application | acl-mgmt-destination-ip | acl-mgmt-destination-port | acl-mgmt-rule | acl-mgmt-rule-action |
			 acl-mgmt-rule-context | acl-mgmt-source-ip | acl-mgmt-source-port  |
			 acl-staged-application | acl-staged-destination-ip | acl-staged-destination-port | acl-staged-policy | acl-staged-rule |
			 acl-staged-rule-action | acl-staged-rule-context | acl-staged-rule-context-type | acl-staged-self-ip | acl-staged-server-ip |
			 acl-staged-source-ip | acl-staged-source-port | acl-staged-translation-pool | acl-staged-translation-type | acl-staged-vlan ]
		values
		{
		  [value ...]
		}
	    } ...
	  }
	  file [ file name ]
	  format [ csv-aggregated | csv-time-series | pdf ]
	  include-total
	  include-others
	  limit [number of rows]
	  measures {
	    [measure name ...]
	  }
	  order-by {
	    {
	      measure [ measure name ]
	      sort-type [ asc | desc ]
	    } ...
	  }
	  range [date range]

   SEND
	send-mail report view-by [ l3l4-errors-error-reason | l3l4-errors-network-protocol | l3l4-errors-action | l3l4-errors-source-ip | l3l4-errors-destination-ip | l3l4-errors-vlan |
				   acl-enforced-application | acl-enforced-destination-ip | acl-enforced-destination-port | acl-enforced-policy | acl-enforced-rule |
				   acl-enforced-rule-action | acl-enforced-rule-context | acl-enforced-rule-context-type | acl-enforced-self-ip | acl-enforced-server-ip |
				   acl-enforced-source-ip | acl-enforced-source-port | acl-enforced-translation-pool | acl-enforced-translation-type | acl-enforced-vlan |
				   acl-mgmt-application | acl-mgmt-destination-ip | acl-mgmt-destination-port | acl-mgmt-rule | acl-mgmt-rule-action |
				   acl-mgmt-rule-context | acl-mgmt-source-ip | acl-mgmt-source-port  |
				   acl-staged-application | acl-staged-destination-ip | acl-staged-destination-port | acl-staged-policy | acl-staged-rule |
				   acl-staged-rule-action | acl-staged-rule-context | acl-staged-rule-context-type | acl-staged-self-ip | acl-staged-server-ip |
				   acl-staged-source-ip | acl-staged-source-port | acl-staged-translation-pool | acl-staged-translation-type | acl-staged-vlan ]
	 options:
	  drilldown {
	    {
		entity [ l3l4-errors-error-reason | l3l4-errors-network-protocol | l3l4-errors-action | l3l4-errors-source-ip | l3l4-errors-destination-ip | l3l4-errors-vlan |
			 acl-enforced-application | acl-enforced-destination-ip | acl-enforced-destination-port | acl-enforced-policy | acl-enforced-rule |
			 acl-enforced-rule-action | acl-enforced-rule-context | acl-enforced-rule-context-type | acl-enforced-self-ip | acl-enforced-server-ip |
			 acl-enforced-source-ip | acl-enforced-source-port | acl-enforced-translation-pool | acl-enforced-translation-type | acl-enforced-vlan |
			 acl-mgmt-application | acl-mgmt-destination-ip | acl-mgmt-destination-port | acl-mgmt-rule | acl-mgmt-rule-action |
			 acl-mgmt-rule-context | acl-mgmt-source-ip | acl-mgmt-source-port  |
			 acl-staged-application | acl-staged-destination-ip | acl-staged-destination-port | acl-staged-policy | acl-staged-rule |
			 acl-staged-rule-action | acl-staged-rule-context | acl-staged-rule-context-type | acl-staged-self-ip | acl-staged-server-ip |
			 acl-staged-source-ip | acl-staged-source-port | acl-staged-translation-pool | acl-staged-translation-type | acl-staged-vlan ]
		values
		{
		  [value ...]
		}
	    } ...
	  }
	  email-addresses {
	     [email address ...]
	  }
	  format [ csv-aggregated | csv-time-series | pdf ]
	  include-total
	  include-others
	  limit [number of rows]
	  measures {
	    [measure name ...]
	  }
	  order-by {
	    {
	      measure [ measure name ]
	      sort-type [ asc | desc ]
	    } ...
	  }
	  range [date range]
	  smtp-config-override [ smtp configuration object name ]

DESCRIPTION
       Use this command to generate network firewall analytics reports. You
       can generate a network firewall analytics report for the following
       entities:

       o    action - Action taken (allowed/dropped).

       o    acl-enforced-application - Application services (ACL - Enforced).

       o    acl-enforced-destination-ip - Destination IP Address (ACL -
	    Enforced).

       o    acl-enforced-destination-port - Destination IP Port (ACL -
	    Enforced).

       o    acl-enforced-policy - Policy (ACL - Enforced).

       o    acl-enforced-rule-action - Rule Action (ACL - Enforced).

       o    acl-enforced-rule-context - Rule Context (ACL - Enforced).

       o    acl-enforced-rule-context-type - Rule Context Type (ACL -
	    Enforced).

       o    acl-enforced-rule - Rule (ACL - Enforced).

       o    acl-enforced-self-ip - Self IP Address (ACL - Enforced).

       o    acl-enforced-server-ip - Server IP Address (ACL - Enforced).

       o    acl-enforced-source-ip - Source IP Address (ACL - Enforced).

       o    acl-enforced-source-port - Source IP Port (ACL - Enforced).

       o    acl-enforced-translation-pool - Translation Pool (ACL - Enforced).

       o    acl-enforced-translation-type - Translation Type (ACL - Enforced).

       o    acl-enforced-vlan - VLAN (ACL - Enforced).

       o    acl-mgmt-application - Application services (ACL - Management).

       o    acl-mgmt-destination-ip - Destination IP Address (ACL -
	    Management).

       o    acl-mgmt-destination-port - Destination IP Port (ACL -
	    Management).

       o    acl-mgmt-rule-action - Rule Action (ACL - Management).

       o    acl-mgmt-rule-context - Rule Context (ACL - Management).

       o    acl-mgmt-rule  - Rule (ACL - Management).

       o    acl-mgmt-source-ip - Source IP Address (ACL - Management).

       o    acl-mgmt-source-port - Source IP Port (ACL - Management).

       o    acl-staged-application - Application services (ACL - Staged).

       o    acl-staged-destination-ip - Destination IP Address (ACL - Staged).

       o    acl-staged-destination-port - Destination IP Port (ACL - Staged).

       o    acl-staged-policy - Policy (ACL - Staged).

       o    acl-staged-rule-action - Rule Action (ACL - Staged).

       o    acl-staged-rule-context - Rule Context (ACL - Staged).

       o    acl-staged-rule-context-type - Rule Context Type (ACL - Staged).

       o    acl-staged-rule - Rule (ACL - Staged).

       o    acl-staged-self-ip - Self IP Address (ACL - Staged).

       o    acl-staged-server-ip - Server IP Address (ACL - Staged).

       o    acl-staged-source-ip - Source IP Address (ACL - Staged).

       o    acl-staged-source-port - Source IP Port (ACL - Staged).

       o    acl-staged-translation-pool - Translation Reason (ACL - Staged).

       o    acl-staged-translation-type - Translation Type (ACL - Staged).

       o    acl-staged-vlan - VLAN (ACL - Staged).

       o    l3l4-errors-action - Network firewall errors action.

       o    l3l4-errors-destination-ip - Destination IP address (Network
	    firewall errors).

       o    l3l4-errors-error-reason - Network firewall error reason.

       o    l3l4-errors-network-protocol - Destination port (Network
	    protocol).

       o    l3l4-errors-source-ip - Source IP address (Network firewall
	    errors).

       o    l3l4-errors-vlan - VLAN (Network firewall errors).

EXAMPLES
       show analytics network report view-by acl-enforced-rule

       show analytics network report view-by acl-staged-vlan drilldown { {
       entity acl-staged-destination-port values { 80 } } }

       send-mail analytics network report view-by acl-mgmt-source-ip limit 20
       format pdf email-addresses { some.one@someaddress.com }

       For more syntactical examples see manual for analytics report.

OPTIONS
       device
	    Specifies a BIG-IP device on which to generate a report.
	    (Enterprise Manager only)

       device-list
	    Specifies a custom list of BIG-IP devices on which to generate a
	    report. (Enterprise Manager only)

       drilldown
	    Specifies specific entities that are used as a filter.

       email-addresses
	    Specifies the list of email addresses to which the report file is
	    sent when using the send-mail command.

       file Specifies the exported file path to be saved when using the save
	    command. The file name should be simple (not a full path).

       format
	    Specifies the exported file format to be saved or sent. This
	    option must be specified when using the save or send-mail
	    commands.

       include-others
	    Specifies that the grand total for the measure is displayed for
	    all entities, except for those shown in the result. It can be used
	    along with include-total.

       include-total
	    Specifies that a total summary row should be added to the
	    analytics report. For average measures, the total value is also an
	    average.

       limit
	    Specifies the maximum number of rows/entities in the output result
	    set/file. The default value is 10, not including the total
	    row/entity. The maximum value is 1000.

       measures
	    Specifies a list of measures that can be used with the chosen
	    entity type. The options are:

	    acl-matches
		 The total number of ACL rule matches. Applicable only to
		 view-by entities starting with "acl-".

	    errors
		 The total number of firewall errors. Applicable only to view-
		 by entities starting with "l3l3-errors-".

       order-by
	    Specifies the measures and sort type (ascending or descending)
	    that will be used to sort the final report. The value for each
	    measure is a previously chosen measure. The default value for sort
	    type is desc (descending).

       range
	    Specifies the time/date range of the analytics information that
	    you want to display. The given results will reflect the time range
	    chosen here. The default value is the last hour (now--now-1h).

       smtp-config-override
	    Specifies the SMTP configuration to use when sending reports by
	    email. This overrides the default SMTP settings.

SEE ALSO
       show, save, send-mail, tmsh, analytics, analytics report

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or
       by any means, electronic or mechanical, including photocopying,
       recording, or information storage and retrieval systems, for any
       purpose other than the purchaser's personal use, without the express
       written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008-2013. All rights reserved.



BIG-IP				  2013-04-10	   analytics network report(1)