Observability Examples

This section contains examples concerning observability (such as logging).

Creating an Analytics profile to enable AVR data streaming

In this example, we are licensing a new BIG-IP, provisioning AVR, and creating an Analytics profile (you must have AVR provisioned to create an Analytics profile). This allows you to stream AVR data for consumption by F5 Telemetry Steaming or similar applications.

{
    "schemaVersion": "1.5.0",
    "class": "Device",
    "label": "Adding support for AVR streaming",
    "async": true,
    "Common": {
        "class": "Tenant",
        "hostname": "avr.example.com",
        "myLicense": {
            "class": "License",
            "licenseType": "regKey",
            "regKey": "AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE"
        },
        "myProvisioning": {
            "class": "Provision",
            "ltm": "nominal",
            "avr": "nominal"
        },
        "analytics": {
            "class": "Analytics",
            "debugEnabled": true,
            "interval": 60,
            "offboxProtocol": "tcp",
            "offboxTcpAddresses": [
                "192.0.2.1"
            ],
            "offboxTcpPort": 80,
            "offboxEnabled": true
        }
    }
}

Back to top


Configuring SNMP in a declaration

In this example, we show how to configure SNMP in a BIG-IP Declarative Onboarding declaration. You can use BIG-IP DO to configure SNMP agents, users, communities, trap events, and trap destinations. See the Monitoring BIG-IP System Traffic with SNMP in the BIG-IP documentation for specific information.

BIG-IP DO 1.32 and later add the ability to enable or disable snmpd daemon support of snmpV1 and snmpV2c queries using the snmpV1 and snmpV2c properties in the SNMP class. Using a value of true (default) enables support, false disables support.

In the following declaration snippet we show only the classes related to SNMP. You can use this class as a part of a larger BIG-IP Declarative Onboarding declaration.

Important: If you try to use this declaration with a BIG-IP DO version prior to 1.32, it will fail. Either upgrade BIG-IP DO to 1.32, or remove the snmpV1 and snmpV2c lines (highlighted in yellow).

{
    "schemaVersion": "1.7.0",
    "class": "Device",
    "label": "Configuring SNMP",
    "async": true,
    "Common": {
        "class": "Tenant",
        "mySnmpAgent": {
            "class": "SnmpAgent",
            "contact": "Op Center <ops@example.com>",
            "location": "Seattle, WA",
            "allowList": [
                "10.30.100.0/23",
                "10.40.100.0/23",
                "10.8.100.0/32",
                "10.30.10.100",
                "10.30.10.200"
            ],
            "snmpV1": false,
            "snmpV2c": true
        },
        "snmpUser1": {
            "class": "SnmpUser",
            "authentication": {
                "protocol": "sha",
                "password": "pass1W0rd!"
            },
            "privacy": {
                "protocol": "aes",
                "password": "P@ssW0rd"
            },
            "oid": ".1",
            "access": "rw"
        },
        "public": {
            "class": "SnmpCommunity",
            "ipv6": false,
            "source": "all",
            "oid": ".1",
            "access": "ro"
        },
        "snmpCommunityWithSpecialChar": {
            "class": "SnmpCommunity",
            "name": "special!community",
            "ipv6": false,
            "source": "all",
            "oid": ".1",
            "access": "ro"
        },
        "myTraps": {
            "class": "SnmpTrapEvents",
            "agentStartStop": true,
            "authentication": true,
            "device": true
        },
        "myV2SnmpDestination": {
            "class": "SnmpTrapDestination",
            "version": "2c",
            "community": "my_snmp_community",
            "destination": "10.0.10.100",
            "port": 80,
            "network": "other"
        },
        "myV3SnmpDestination": {
            "class": "SnmpTrapDestination",
            "version": "3",
            "destination": "10.0.10.1",
            "port": 80,
            "network": "other",
            "securityName": "someSnmpUser",
            "authentication": {
                "protocol": "sha",
                "password": "P@ssW0rd"
            },
            "privacy": {
                "protocol": "aes",
                "password": "P@ssW0rd"
            },
            "engineId": "0x80001f8880c6b6067fdacfb558"
        },
        "myV3SnmpDestination256": {
            "class": "SnmpTrapDestination",
            "version": "3",
            "destination": "10.0.10.1",
            "port": 80,
            "network": "other",
            "securityName": "someSnmpUser",
            "authentication": {
                "protocol": "sha256",
                "password": "P@ssW0rd"
            },
            "privacy": {
                "protocol": "aes256",
                "password": "P@ssW0rd"
            },
            "engineId": "0x80001f8880c6b6067fdacfb558"
        }
    }
}

Back to top


Configuring a System Log (syslog) Destination in declaration

In this example, we show how to configure a syslog destination using the SyslogRemoteServer class. For information on syslog destinations, see External Monitoring and the Configuring remote logging Knowledge Base article. Also see SyslogRemoteServer Class in the Schema reference for usage options.

Important: The remote syslog server must be accessible from your BIG-IP system on the default route domain (Domain 0) or management network, and conversely, your BIG-IP system is accessible from the remote syslog server.

In the following declaration snippet we show only the SyslogRemoteServer class. You can use this class as a part of a larger BIG-IP Declarative Onboarding declaration.

{
    "schemaVersion": "1.7.0",
    "class": "Device",
    "async": true,
    "Common": {
        "class": "Tenant",
        "LocalDCSyslog": {
            "class": "SyslogRemoteServer",
            "host": "local-ip",
            "localIp": "172.28.68.42",
            "remotePort": 514
        },
        "DRDCSyslog": {
            "class": "SyslogRemoteServer",
            "host": "dr-ip",
            "localIp": "172.28.68.42",
            "remotePort": 514
        }
    }
}

Back to top


Configuring Audit Logging in a declaration

In this example, we show how you can configure audit logging in the System class of a BIG-IP Declarative Onboarding declaration. This allows audit logging to start as early as possible.

See System in the Schema Reference for BIG-IP DO usage and options. For detailed information about audit logging on the BIG-IP, see the Audit Logging documentation.

Important

guiAuditLog is only available on TMOS v14.0 and later

{
    "schemaVersion": "1.13.0",
    "class": "Device",
    "async": false,
    "Common": {
        "class": "Tenant",
        "mySys": {
            "class": "System",
            "tmshAuditLog": true,
            "guiAuditLog": true,
            "mcpAuditLog": "enable"
        }
    }
}

Back to top


Configuring Security Analytics in a declaration

In this example, we show how you can configure security analytics in a BIG-IP Declarative Onboarding declaration. This allows you to gather analytics specific to security features, such as Denial of Service and Firewall ACL statistics.

For a complete list of properties as well as DO usage, see SecurityAnalytics Class in the Schema Reference.

{
    "async": true,
    "schemaVersion": "1.37.0",
    "class": "Device",
    "Common": {
        "class": "Tenant",
        "currentSecurityAnalytics": {
            "class": "SecurityAnalytics",
            "aclRules": {
                "collectClientIpEnabled": true,
                "collectClientPortEnabled": false,
                "collectDestinationIpEnabled": true,
                "collectDestinationPortEnabled": true,
                "collectServerSideStatsEnabled": false
            },
            "collectAllDosStatsEnabled": false,
            "collectedStatsExternalLoggingEnabled": false,
            "collectedStatsInternalLoggingEnabled": false,
            "dns": {
                "collectClientIpEnabled": true,
                "collectDestinationIpEnabled": true
            },
            "collectDnsStatsEnabled": true,
            "dosL2L4": {
                "collectClientIpEnabled": true,
                "collectDestinationGeoEnabled": true
            },
            "collectDosL3StatsEnabled": true,
            "collectFirewallAclStatsEnabled": true,
            "collectFirewallDropsStatsEnabled": true,
            "collectIpReputationStatsEnabled": true,
            "l3L4Errors": {
                "collectClientIpEnabled": true,
                "collectDestinationIpEnabled": true
            },
            "collectSipStatsEnabled": true,
            "collectStaleRulesEnabled": true,
            "publisher": "none",
            "smtpConfig": "none"
        }
    }
}

Back to top