AFM ACL Staging Rules¶
Overview¶
Staging Firewall Rules (Access Control List) detailed information
Module Name in API¶
bigip-afm-staged
Product Name in API¶
local-traffic
Dimensions¶
| Dimension | Name in API | Description |
|---|---|---|
| Country | country | Client Country |
| Source Port | source-port | |
| Context Info Name | context-info | The name of the object the activity is reported on, this field goes together with the context type |
| BIG-IP Blade Number | slot-id | Used for BIG-IP Chassis with multiple blades. A value of 0 means this is a non chassis BIG-IP, any other value tells the serial number of the blade in the chassis |
| Destination Region | destination-region | |
| Client IP | client-ip | |
| Context Type | context-type | The type of the object the activity is reported on, such as virtual-server, vlan, device, etc. |
| Server Ip | server-ip | |
| Destination User Name | destination-user-name | |
| Destination Ip | destination-ip | |
| Self IP | self-ip | |
| User Name | client-user-name | |
| Source Address Translation Type | sa-translation-type | |
| BIG-IP Host Name | hostname | The hostname given to the BIG-IP |
| Source Address Translation Pool | sa-translation-pool | |
| Destination Port | destination-port | |
| ACL Policy Name | acl-policy-name | |
| Destination Country | destination-country | |
| BIG-IP Service Cluster | dsc-name | Clusters of BIG-IPs grouped together to have the same config |
| Vlan Name | vlan-name | |
| Region | region | |
| ACL Rule Name | acl-rule-name | |
| Action | security-action | The action a security module took with this transaction/packet, such as allow or block |
MetricSets¶
Rule Match Count¶
Description¶
Number of occurrences a rule was matched
Name In API¶
rule-match-count
Metrics in the metricSet¶
| Metric | Name in API | Unit | Description |
|---|---|---|---|
| Rule Match Count | count | conns | Total number of times the system has matched the rule |
| Avg Rule Matches/s | avg-count-per-sec | conns/s | Average number of times the system has matched the rule per second |
Examples¶
By Time Query¶
A query by time returns a series of data points in time, based on optional filters, time range, and time granularity. This query kind is identified by the keyword: “ap:query:stats:byTime”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/local-traffic/metric-query
This example for JSON body in the post, filters by dimension country and get the count of rule-match-count
{
"kind": "ap:query:stats:byTime",
"module": "bigip-afm-staged",
"timeRange": {
"from": "-1h",
"to": "now"
},
"timeGranularity": {
"duration": 30,
"unit": "SECONDS"
},
"aggregations": {
"rule-match-count$count": {
"metricSet": "rule-match-count",
"metric": "count"
}
},
"dimensionFilter": {
"type": "eq",
"dimension": "country",
"value": "value to filter by"
}
}
By Entities Query¶
A query by entities returns a sort set of entities, based on optional filters, time range, and choosen metric to sort by. This query kind is identified by the keyword: “ap:query:stats:byEntities”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/local-traffic/metric-query
This example for JSON body in the post, gets top entities of type country, sorted by count of rule-match-count
{
"kind": "ap:query:stats:byEntities",
"module": "bigip-afm-staged",
"timeRange": {
"from": "-1H",
"to": "now"
},
"dimension": "country",
"sortMetric": "rule-match-count$count",
"sortOrder": "desc",
"aggregations": {
"rule-match-count$count": {
"metricSet": "rule-match-count",
"metric": "count"
}
},
"limit": 5
}
Entities Count Query¶
An entities count query returns the distinct count of entities, based on optional filters, time range, and choosen entity type. This query kind is identified by the keyword: “ap:query:stats:entitiesCount”
POST https://<address>/mgmt/ap/query/v1/tenants/default/products/local-traffic/metric-query
This example for JSON body in the post, gets the distinct count of entities of type country
{
"kind": "ap:query:stats:entitiesCount",
"module": "bigip-afm-staged",
"dimension": "country",
"timeRange": {
"from": "-1h",
"to": "now"
}
}