Observability Examples¶
This section contains examples concerning observability (such as logging).
Creating an Analytics profile to enable AVR data streaming¶
In this example, we are licensing a new BIG-IP, provisioning AVR, and creating an Analytics profile (you must have AVR provisioned to create an Analytics profile). This allows you to stream AVR data for consumption by F5 Telemetry Steaming or similar applications.
{
"schemaVersion": "1.5.0",
"class": "Device",
"label": "Adding support for AVR streaming",
"async": true,
"Common": {
"class": "Tenant",
"hostname": "avr.example.com",
"myLicense": {
"class": "License",
"licenseType": "regKey",
"regKey": "AAAAA-BBBBB-CCCCC-DDDDD-EEEEEEE"
},
"myProvisioning": {
"class": "Provision",
"ltm": "nominal",
"avr": "nominal"
},
"analytics": {
"class": "Analytics",
"debugEnabled": true,
"interval": 60,
"offboxProtocol": "tcp",
"offboxTcpAddresses": [
"192.0.2.1"
],
"offboxTcpPort": 80,
"offboxEnabled": true
}
}
}
Configuring SNMP in a declaration¶
In this example, we show how to configure SNMP in a BIG-IP Declarative Onboarding declaration. You can use BIG-IP DO to configure SNMP agents, users, communities, trap events, and trap destinations. See the Monitoring BIG-IP System Traffic with SNMP in the BIG-IP documentation for specific information.
BIG-IP DO 1.32 and later add the ability to enable or disable snmpd daemon support of snmpV1 and snmpV2c queries using the snmpV1 and snmpV2c properties in the SNMP class. Using a value of true (default) enables support, false disables support.
In the following declaration snippet we show only the classes related to SNMP. You can use this class as a part of a larger BIG-IP Declarative Onboarding declaration.
Important: If you try to use this declaration with a BIG-IP DO version prior to 1.32, it will fail. Either upgrade BIG-IP DO to 1.32, or remove the snmpV1 and snmpV2c lines (highlighted in yellow).
{
"schemaVersion": "1.7.0",
"class": "Device",
"label": "Configuring SNMP",
"async": true,
"Common": {
"class": "Tenant",
"mySnmpAgent": {
"class": "SnmpAgent",
"contact": "Op Center <ops@example.com>",
"location": "Seattle, WA",
"allowList": [
"10.30.100.0/23",
"10.40.100.0/23",
"10.8.100.0/32",
"10.30.10.100",
"10.30.10.200"
],
"snmpV1": false,
"snmpV2c": true
},
"snmpUser1": {
"class": "SnmpUser",
"authentication": {
"protocol": "sha",
"password": "pass1W0rd!"
},
"privacy": {
"protocol": "aes",
"password": "P@ssW0rd"
},
"oid": ".1",
"access": "rw"
},
"public": {
"class": "SnmpCommunity",
"ipv6": false,
"source": "all",
"oid": ".1",
"access": "ro"
},
"snmpCommunityWithSpecialChar": {
"class": "SnmpCommunity",
"name": "special!community",
"ipv6": false,
"source": "all",
"oid": ".1",
"access": "ro"
},
"myTraps": {
"class": "SnmpTrapEvents",
"agentStartStop": true,
"authentication": true,
"device": true
},
"myV2SnmpDestination": {
"class": "SnmpTrapDestination",
"version": "2c",
"community": "my_snmp_community",
"destination": "10.0.10.100",
"port": 80,
"network": "other"
},
"myV3SnmpDestination": {
"class": "SnmpTrapDestination",
"version": "3",
"destination": "10.0.10.1",
"port": 80,
"network": "other",
"securityName": "someSnmpUser",
"authentication": {
"protocol": "sha",
"password": "P@ssW0rd"
},
"privacy": {
"protocol": "aes",
"password": "P@ssW0rd"
},
"engineId": "0x80001f8880c6b6067fdacfb558"
},
"myV3SnmpDestination256": {
"class": "SnmpTrapDestination",
"version": "3",
"destination": "10.0.10.1",
"port": 80,
"network": "other",
"securityName": "someSnmpUser",
"authentication": {
"protocol": "sha256",
"password": "P@ssW0rd"
},
"privacy": {
"protocol": "aes256",
"password": "P@ssW0rd"
},
"engineId": "0x80001f8880c6b6067fdacfb558"
}
}
}
Configuring a System Log (syslog) Destination in declaration¶
In this example, we show how to configure a syslog destination using the SyslogRemoteServer class. For information on syslog destinations, see External Monitoring and the Configuring remote logging Knowledge Base article. Also see SyslogRemoteServer Class in the Schema reference for usage options.
Important: The remote syslog server must be accessible from your BIG-IP system on the default route domain (Domain 0) or management network, and conversely, your BIG-IP system is accessible from the remote syslog server.
In the following declaration snippet we show only the SyslogRemoteServer class. You can use this class as a part of a larger BIG-IP Declarative Onboarding declaration.
{
"schemaVersion": "1.7.0",
"class": "Device",
"async": true,
"Common": {
"class": "Tenant",
"LocalDCSyslog": {
"class": "SyslogRemoteServer",
"host": "local-ip",
"localIp": "172.28.68.42",
"remotePort": 514
},
"DRDCSyslog": {
"class": "SyslogRemoteServer",
"host": "dr-ip",
"localIp": "172.28.68.42",
"remotePort": 514
}
}
}
Configuring Audit Logging in a declaration¶
In this example, we show how you can configure audit logging in the System class of a BIG-IP Declarative Onboarding declaration. This allows audit logging to start as early as possible.
See System in the Schema Reference for BIG-IP DO usage and options. For detailed information about audit logging on the BIG-IP, see the Audit Logging documentation.
Important
guiAuditLog is only available on TMOS v14.0 and later
{
"schemaVersion": "1.13.0",
"class": "Device",
"async": false,
"Common": {
"class": "Tenant",
"mySys": {
"class": "System",
"tmshAuditLog": true,
"guiAuditLog": true,
"mcpAuditLog": "enable"
}
}
}
Configuring Security Analytics in a declaration¶
In this example, we show how you can configure security analytics in a BIG-IP Declarative Onboarding declaration. This allows you to gather analytics specific to security features, such as Denial of Service and Firewall ACL statistics.
For a complete list of properties as well as DO usage, see SecurityAnalytics Class in the Schema Reference.
{
"async": true,
"schemaVersion": "1.37.0",
"class": "Device",
"Common": {
"class": "Tenant",
"currentSecurityAnalytics": {
"class": "SecurityAnalytics",
"aclRules": {
"collectClientIpEnabled": true,
"collectClientPortEnabled": false,
"collectDestinationIpEnabled": true,
"collectDestinationPortEnabled": true,
"collectServerSideStatsEnabled": false
},
"collectAllDosStatsEnabled": false,
"collectedStatsExternalLoggingEnabled": false,
"collectedStatsInternalLoggingEnabled": false,
"dns": {
"collectClientIpEnabled": true,
"collectDestinationIpEnabled": true
},
"collectDnsStatsEnabled": true,
"dosL2L4": {
"collectClientIpEnabled": true,
"collectDestinationGeoEnabled": true
},
"collectDosL3StatsEnabled": true,
"collectFirewallAclStatsEnabled": true,
"collectFirewallDropsStatsEnabled": true,
"collectIpReputationStatsEnabled": true,
"l3L4Errors": {
"collectClientIpEnabled": true,
"collectDestinationIpEnabled": true
},
"collectSipStatsEnabled": true,
"collectStaleRulesEnabled": true,
"publisher": "none",
"smtpConfig": "none"
}
}
}