analytics network report
analytics network report(1) BIG-IP TMSH Manual analytics network report(1)
NAME
report - Displays a network firewall analytics report.
MODULE
analytics network
SYNTAX
Show, save or send an analytics network report using the syntax shown
in the following sections.
DISPLAY
show report view-by [ l3l4-errors-error-reason | l3l4-errors-network-protocol | l3l4-errors-action | l3l4-errors-source-ip | l3l4-errors-destination-ip | l3l4-errors-vlan |
acl-enforced-application | acl-enforced-destination-ip | acl-enforced-destination-port | acl-enforced-policy | acl-enforced-rule |
acl-enforced-rule-action | acl-enforced-rule-context | acl-enforced-rule-context-type | acl-enforced-self-ip | acl-enforced-server-ip |
acl-enforced-source-ip | acl-enforced-source-port | acl-enforced-translation-pool | acl-enforced-translation-type | acl-enforced-vlan |
acl-mgmt-application | acl-mgmt-destination-ip | acl-mgmt-destination-port | acl-mgmt-rule | acl-mgmt-rule-action |
acl-mgmt-rule-context | acl-mgmt-source-ip | acl-mgmt-source-port |
acl-staged-application | acl-staged-destination-ip | acl-staged-destination-port | acl-staged-policy | acl-staged-rule |
acl-staged-rule-action | acl-staged-rule-context | acl-staged-rule-context-type | acl-staged-self-ip | acl-staged-server-ip |
acl-staged-source-ip | acl-staged-source-port | acl-staged-translation-pool | acl-staged-translation-type | acl-staged-vlan ]
options:
drilldown {
{
entity [ l3l4-errors-error-reason | l3l4-errors-network-protocol | l3l4-errors-action | l3l4-errors-source-ip | l3l4-errors-destination-ip | l3l4-errors-vlan |
acl-enforced-application | acl-enforced-destination-ip | acl-enforced-destination-port | acl-enforced-policy | acl-enforced-rule |
acl-enforced-rule-action | acl-enforced-rule-context | acl-enforced-rule-context-type | acl-enforced-self-ip | acl-enforced-server-ip |
acl-enforced-source-ip | acl-enforced-source-port | acl-enforced-translation-pool | acl-enforced-translation-type | acl-enforced-vlan |
acl-mgmt-application | acl-mgmt-destination-ip | acl-mgmt-destination-port | acl-mgmt-rule | acl-mgmt-rule-action |
acl-mgmt-rule-context | acl-mgmt-source-ip | acl-mgmt-source-port |
acl-staged-application | acl-staged-destination-ip | acl-staged-destination-port | acl-staged-policy | acl-staged-rule |
acl-staged-rule-action | acl-staged-rule-context | acl-staged-rule-context-type | acl-staged-self-ip | acl-staged-server-ip |
acl-staged-source-ip | acl-staged-source-port | acl-staged-translation-pool | acl-staged-translation-type | acl-staged-vlan ]
values
{
[value ...]
}
} ...
}
field-fmt
include-total
include-others
limit [number of rows]
measures {
[measure name ...]
}
order-by {
{
measure [ measure name ]
sort-type [ asc | desc ]
} ...
}
range [date range]
SAVE
save report view-by [ l3l4-errors-error-reason | l3l4-errors-network-protocol | l3l4-errors-action | l3l4-errors-source-ip | l3l4-errors-destination-ip | l3l4-errors-vlan |
acl-enforced-application | acl-enforced-destination-ip | acl-enforced-destination-port | acl-enforced-policy | acl-enforced-rule |
acl-enforced-rule-action | acl-enforced-rule-context | acl-enforced-rule-context-type | acl-enforced-self-ip | acl-enforced-server-ip |
acl-enforced-source-ip | acl-enforced-source-port | acl-enforced-translation-pool | acl-enforced-translation-type | acl-enforced-vlan |
acl-mgmt-application | acl-mgmt-destination-ip | acl-mgmt-destination-port | acl-mgmt-rule | acl-mgmt-rule-action |
acl-mgmt-rule-context | acl-mgmt-source-ip | acl-mgmt-source-port |
acl-staged-application | acl-staged-destination-ip | acl-staged-destination-port | acl-staged-policy | acl-staged-rule |
acl-staged-rule-action | acl-staged-rule-context | acl-staged-rule-context-type | acl-staged-self-ip | acl-staged-server-ip |
acl-staged-source-ip | acl-staged-source-port | acl-staged-translation-pool | acl-staged-translation-type | acl-staged-vlan ]
options:
drilldown {
{
entity [ l3l4-errors-error-reason | l3l4-errors-network-protocol | l3l4-errors-action | l3l4-errors-source-ip | l3l4-errors-destination-ip | l3l4-errors-vlan |
acl-enforced-application | acl-enforced-destination-ip | acl-enforced-destination-port | acl-enforced-policy | acl-enforced-rule |
acl-enforced-rule-action | acl-enforced-rule-context | acl-enforced-rule-context-type | acl-enforced-self-ip | acl-enforced-server-ip |
acl-enforced-source-ip | acl-enforced-source-port | acl-enforced-stranslation-pool | acl-enforced-translation-type | acl-enforced-vlan |
acl-mgmt-application | acl-mgmt-destination-ip | acl-mgmt-destination-port | acl-mgmt-rule | acl-mgmt-rule-action |
acl-mgmt-rule-context | acl-mgmt-source-ip | acl-mgmt-source-port |
acl-staged-application | acl-staged-destination-ip | acl-staged-destination-port | acl-staged-policy | acl-staged-rule |
acl-staged-rule-action | acl-staged-rule-context | acl-staged-rule-context-type | acl-staged-self-ip | acl-staged-server-ip |
acl-staged-source-ip | acl-staged-source-port | acl-staged-translation-pool | acl-staged-translation-type | acl-staged-vlan ]
values
{
[value ...]
}
} ...
}
file [ file name ]
format [ csv-aggregated | csv-time-series | pdf ]
include-total
include-others
limit [number of rows]
measures {
[measure name ...]
}
order-by {
{
measure [ measure name ]
sort-type [ asc | desc ]
} ...
}
range [date range]
SEND
send-mail report view-by [ l3l4-errors-error-reason | l3l4-errors-network-protocol | l3l4-errors-action | l3l4-errors-source-ip | l3l4-errors-destination-ip | l3l4-errors-vlan |
acl-enforced-application | acl-enforced-destination-ip | acl-enforced-destination-port | acl-enforced-policy | acl-enforced-rule |
acl-enforced-rule-action | acl-enforced-rule-context | acl-enforced-rule-context-type | acl-enforced-self-ip | acl-enforced-server-ip |
acl-enforced-source-ip | acl-enforced-source-port | acl-enforced-translation-pool | acl-enforced-translation-type | acl-enforced-vlan |
acl-mgmt-application | acl-mgmt-destination-ip | acl-mgmt-destination-port | acl-mgmt-rule | acl-mgmt-rule-action |
acl-mgmt-rule-context | acl-mgmt-source-ip | acl-mgmt-source-port |
acl-staged-application | acl-staged-destination-ip | acl-staged-destination-port | acl-staged-policy | acl-staged-rule |
acl-staged-rule-action | acl-staged-rule-context | acl-staged-rule-context-type | acl-staged-self-ip | acl-staged-server-ip |
acl-staged-source-ip | acl-staged-source-port | acl-staged-translation-pool | acl-staged-translation-type | acl-staged-vlan ]
options:
drilldown {
{
entity [ l3l4-errors-error-reason | l3l4-errors-network-protocol | l3l4-errors-action | l3l4-errors-source-ip | l3l4-errors-destination-ip | l3l4-errors-vlan |
acl-enforced-application | acl-enforced-destination-ip | acl-enforced-destination-port | acl-enforced-policy | acl-enforced-rule |
acl-enforced-rule-action | acl-enforced-rule-context | acl-enforced-rule-context-type | acl-enforced-self-ip | acl-enforced-server-ip |
acl-enforced-source-ip | acl-enforced-source-port | acl-enforced-translation-pool | acl-enforced-translation-type | acl-enforced-vlan |
acl-mgmt-application | acl-mgmt-destination-ip | acl-mgmt-destination-port | acl-mgmt-rule | acl-mgmt-rule-action |
acl-mgmt-rule-context | acl-mgmt-source-ip | acl-mgmt-source-port |
acl-staged-application | acl-staged-destination-ip | acl-staged-destination-port | acl-staged-policy | acl-staged-rule |
acl-staged-rule-action | acl-staged-rule-context | acl-staged-rule-context-type | acl-staged-self-ip | acl-staged-server-ip |
acl-staged-source-ip | acl-staged-source-port | acl-staged-translation-pool | acl-staged-translation-type | acl-staged-vlan ]
values
{
[value ...]
}
} ...
}
email-addresses {
[email address ...]
}
format [ csv-aggregated | csv-time-series | pdf ]
include-total
include-others
limit [number of rows]
measures {
[measure name ...]
}
order-by {
{
measure [ measure name ]
sort-type [ asc | desc ]
} ...
}
range [date range]
smtp-config-override [ smtp configuration object name ]
DESCRIPTION
Use this command to generate network firewall analytics reports. You
can generate a network firewall analytics report for the following
entities:
o action - Action taken (allowed/dropped).
o acl-enforced-application - Application services (ACL - Enforced).
o acl-enforced-destination-ip - Destination IP Address (ACL -
Enforced).
o acl-enforced-destination-port - Destination IP Port (ACL -
Enforced).
o acl-enforced-policy - Policy (ACL - Enforced).
o acl-enforced-rule-action - Rule Action (ACL - Enforced).
o acl-enforced-rule-context - Rule Context (ACL - Enforced).
o acl-enforced-rule-context-type - Rule Context Type (ACL -
Enforced).
o acl-enforced-rule - Rule (ACL - Enforced).
o acl-enforced-self-ip - Self IP Address (ACL - Enforced).
o acl-enforced-server-ip - Server IP Address (ACL - Enforced).
o acl-enforced-source-ip - Source IP Address (ACL - Enforced).
o acl-enforced-source-port - Source IP Port (ACL - Enforced).
o acl-enforced-translation-pool - Translation Pool (ACL - Enforced).
o acl-enforced-translation-type - Translation Type (ACL - Enforced).
o acl-enforced-vlan - VLAN (ACL - Enforced).
o acl-mgmt-application - Application services (ACL - Management).
o acl-mgmt-destination-ip - Destination IP Address (ACL -
Management).
o acl-mgmt-destination-port - Destination IP Port (ACL -
Management).
o acl-mgmt-rule-action - Rule Action (ACL - Management).
o acl-mgmt-rule-context - Rule Context (ACL - Management).
o acl-mgmt-rule - Rule (ACL - Management).
o acl-mgmt-source-ip - Source IP Address (ACL - Management).
o acl-mgmt-source-port - Source IP Port (ACL - Management).
o acl-staged-application - Application services (ACL - Staged).
o acl-staged-destination-ip - Destination IP Address (ACL - Staged).
o acl-staged-destination-port - Destination IP Port (ACL - Staged).
o acl-staged-policy - Policy (ACL - Staged).
o acl-staged-rule-action - Rule Action (ACL - Staged).
o acl-staged-rule-context - Rule Context (ACL - Staged).
o acl-staged-rule-context-type - Rule Context Type (ACL - Staged).
o acl-staged-rule - Rule (ACL - Staged).
o acl-staged-self-ip - Self IP Address (ACL - Staged).
o acl-staged-server-ip - Server IP Address (ACL - Staged).
o acl-staged-source-ip - Source IP Address (ACL - Staged).
o acl-staged-source-port - Source IP Port (ACL - Staged).
o acl-staged-translation-pool - Translation Reason (ACL - Staged).
o acl-staged-translation-type - Translation Type (ACL - Staged).
o acl-staged-vlan - VLAN (ACL - Staged).
o l3l4-errors-action - Network firewall errors action.
o l3l4-errors-destination-ip - Destination IP address (Network
firewall errors).
o l3l4-errors-error-reason - Network firewall error reason.
o l3l4-errors-network-protocol - Destination port (Network
protocol).
o l3l4-errors-source-ip - Source IP address (Network firewall
errors).
o l3l4-errors-vlan - VLAN (Network firewall errors).
EXAMPLES
show analytics network report view-by acl-enforced-rule
show analytics network report view-by acl-staged-vlan drilldown { {
entity acl-staged-destination-port values { 80 } } }
send-mail analytics network report view-by acl-mgmt-source-ip limit 20
format pdf email-addresses { some.one@someaddress.com }
For more syntactical examples see manual for analytics report.
OPTIONS
device
Specifies a BIG-IP device on which to generate a report.
(Enterprise Manager only)
device-list
Specifies a custom list of BIG-IP devices on which to generate a
report. (Enterprise Manager only)
drilldown
Specifies specific entities that are used as a filter.
email-addresses
Specifies the list of email addresses to which the report file is
sent when using the send-mail command.
file Specifies the exported file path to be saved when using the save
command. The file name should be simple (not a full path).
format
Specifies the exported file format to be saved or sent. This
option must be specified when using the save or send-mail
commands.
include-others
Specifies that the grand total for the measure is displayed for
all entities, except for those shown in the result. It can be used
along with include-total.
include-total
Specifies that a total summary row should be added to the
analytics report. For average measures, the total value is also an
average.
limit
Specifies the maximum number of rows/entities in the output result
set/file. The default value is 10, not including the total
row/entity. The maximum value is 1000.
measures
Specifies a list of measures that can be used with the chosen
entity type. The options are:
acl-matches
The total number of ACL rule matches. Applicable only to
view-by entities starting with "acl-".
errors
The total number of firewall errors. Applicable only to view-
by entities starting with "l3l3-errors-".
order-by
Specifies the measures and sort type (ascending or descending)
that will be used to sort the final report. The value for each
measure is a previously chosen measure. The default value for sort
type is desc (descending).
range
Specifies the time/date range of the analytics information that
you want to display. The given results will reflect the time range
chosen here. The default value is the last hour (now--now-1h).
smtp-config-override
Specifies the SMTP configuration to use when sending reports by
email. This overrides the default SMTP settings.
SEE ALSO
show, save, send-mail, tmsh, analytics, analytics report
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013. All rights reserved.
BIG-IP 2013-04-10 analytics network report(1)