analytics dos-vis-common report
analytics dos-vis-common report(1) BIG-IP TMSH Manual analytics dos-vis-common report(1)
NAME
report - Displays a DoS Common analytics report.
MODULE
analytics dos-vis-common
SYNTAX
Show, save or send a analytics dos-vis-common report using the syntax shown in the following sections.
DISPLAY
show report view-by [ activity-type | application | attack-id | client-ip | country | country-code | dos-profile | mitigation |
protocol | suspected-ip | trigger | vector | virtual ]
options:
drilldown {
{
entity [ activity-type | application | attack-id | client-ip | country | country-code | dos-profile | mitigation |
protocol | suspected-ip | trigger | vector | virtual ]
values
{
[value ...]
}
} ...
}
field-fmt
include-total
include-others
limit [number of rows]
measures {
[measure name ...]
}
order-by {
{
measure [ measure name ]
sort-type [ asc / desc ]
} ...
}
range [date range]
SAVE
save report view-by [ activity-type | application | attack-id | client-ip | country | country-code | dos-profile | mitigation |
protocol | suspected-ip | trigger | vector | virtual ]
options:
drilldown {
{
entity [ activity-type | application | attack-id | client-ip | country | country-code | dos-profile | mitigation |
protocol | suspected-ip | trigger | vector | virtual ]
values
{
[value ...]
}
} ...
}
file [ file name ]
format [ csv-aggregated | csv-time-series | pdf ]
include-total
include-others
limit [number of rows]
measures {
[measure name ...]
}
order-by {
{
measure [ measure name ]
sort-type [ asc / desc ]
} ...
}
range [date range]
SEND
send-mail report view-by [ activity-type | application | attack-id | client-ip | country | country-code | dos-profile | mitigation |
protocol | suspected-ip | trigger | vector | virtual ]
options:
drilldown {
{
entity [ activity-type | application | attack-id | client-ip | country | country-code | dos-profile | mitigation |
protocol | suspected-ip | trigger | vector | virtual ]
values
{
[value ...]
}
} ...
}
email-addresses {
[email address ...]
}
format [ csv-aggregated | csv-time-series | pdf ]
include-total
include-others
limit [number of rows]
measures {
[measure name ...]
}
order-by {
{
measure [ measure name ]
sort-type [ asc / desc ]
} ...
}
range [date range]
smtp-config-override [ smtp configuration object name ]
DESCRIPTION
Use this command to generate DoS Common analytics reports. You can generate a DoS Common analytics report for
the following entities:
· activity-type - Tells whether a transaction was created by client regular activity or due to BIG-IP
internal activity/injected JavaScripts.
· application - Application services.
· attack-id - Attack's unique ID.
· client-ip - A single client identified by an IP address.
· country - The name of the country from which the traffic arrived.
· country-code - An ISO 3166-1 Alpha-2 country code from which the traffic arrived.
· dos-profile - Name of the DoS Profile involved in classifying relevant traffic as attack.
· mitigation - The mitigation of the attack.
· protocol - The protocol that was attacked (HTTP/SIP/DNS/L3).
· suspected-ip - Is this IP suspected by dos module as "attacking".
· trigger - The trigger of the attack.
· vector - The vector of the attack.
· virtual - Name of the virtual server.
Different measures are collected for each of these entities and can be a part of the report request.
EXAMPLES
show analytics dos-vis-common report view-by activity-type
show analytics dos-vis-common report view-by activity-type drilldown { { entity virtual values { virtual_1
virtual_2 } } }
send-mail analytics dos-vis-common report view-by activity-type measures { network-dropped-requests-per-second
} limit 20 order-by { { measure network-dropped-requests-per-second sort-type desc } } format pdf email-
addresses { some.one@someaddress.com }
For more syntactical examples, see the tmsh help manual for analytics report.
OPTIONS
device
Specifies a BIG-IP device on which to generate a report. (Enterprise Manager only)
device-list
Specifies a custom list of BIG-IP devices on which to generate a report. (Enterprise Manager only)
drilldown
Specifies specific entities that are used as a filter.
email-addresses
Specifies the list of email addresses to which the report file is sent when using the send-mail command.
file Specifies the exported file path to be saved when using the save command. The file name should be simple
(not a full path).
format
Specifies the exported file format to be saved or sent. This option must be specified when using the save
or send-mail commands.
include-others
Specifies that the grand total for the measure is displayed for all entities, except for those shown in
the result. It can be used along with include-total.
include-total
Specifies that a total summary row should be added to the analytics report. For average measures, the
total value is also an average.
limit
Specifies the maximum number of rows/entities in the output result set/file. The default value is 10, not
including the total row/entity. The maximum value is 1000.
measures
Specifies a list of measures that can be used with the chosen entity type. The options are:
attacks-count
Number of distinct attacks.
average-tps
Average number of transactions per second (tps).
dns-hits-count
The total number of DNS packets.
http-transactions
The absolute number of transactions for each entity.
network-allowed-requests
Total number of attacking network requests that were allowed by AFM.
network-allowed-requests-per-second
Average number of network-attacking requests allowed per second.
network-dropped-requests
Total number of dropped network requests.
network-dropped-requests-per-second
Average number of network-attacking requests dropped per second.
network-total-requests
Total number of attacking requests.
network-total-requests-per-second
Average number of attacking requests per second (allowed and dropped).
packets-per-second
Average DNS packets per second.
sip-hits-count
The total number of SIP requests.
sip-requests-per-sec
Average number of SIP requests per second.
order-by
Specifies the measures and sort type (ascending or descending) that will be used to sort the final
report. The value for each measure is a previously chosen measure. The default value for sort type is
desc (descending).
range
Specifies the time/date range of the analytics information that you want to display. The given results
will reflect the time range chosen here. The default value is the last hour (now--now-1h).
smtp-config-override
Specifies the SMTP configuration to use when sending reports by email. This overrides the default SMTP
settings.
SEE ALSO
show, save, send-mail, tmsh, ltm profile analytics, analytics, analytics report
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2018. All rights reserved.
BIG-IP 2018-07-05 analytics dos-vis-common report(1)