Example Output

Use this page to see the type of information that Telemetry Streaming collects. Use the links in the left pane to find a particular example

System Information

{
    "system": {
        "hostname": "telemetry.bigip.com",
        "version": "14.0.0.1",
        "versionBuild": "0.0.2",
        "location": "Seattle",
        "description": "Telemetry BIG-IP",
        "marketingName": "BIG-IP Virtual Edition",
        "platformId": "Z100",
        "chassisId": "9c3abad5-513a-1c43-5bc2be62e957",
        "baseMac": "00:0d:3a:30:34:51",
        "callBackUrl": "https://10.0.1.100",
        "configReady": "yes",
        "licenseReady": "yes",
        "provisionReady": "yes",
        "syncMode": "standalone",
        "syncColor": "green",
        "syncStatus": "Standalone",
        "syncSummary": " ",
        "failoverStatus": "ACTIVE",
        "failoverColor": "green",
        "systemTimestamp": "2019-01-01T01:01:01Z",
        "asmState": "Policies Consistent",
        "lastAsmChange": "2019-06-19T20:15:28.000Z",
        "apmState": "Policies Consistent",
        "afmState": "quiescent",
        "lastAfmDeploy": "2019-06-17T21:24:29.000Z",
        "ltmConfigTime": "2019-06-19T21:13:40.000Z",
        "gtmConfigTime": "2019-06-07T18:11:53.000Z",
        "cpu": 0,
        "memory": 0,
        "tmmCpu": 0,
        "tmmMemory": 0,
        "tmmTraffic": {
            "clientSideTraffic.bitsIn": 0,
            "clientSideTraffic.bitsOut": 0,
            "serverSideTraffic.bitsIn": 0,
            "serverSideTraffic.bitsOut": 0
        },
        "diskStorage": {
            "/": {
                "1024-blocks": "436342",
                "Capacity": "55%",
                "name": "/"
            },
            "/dev/shm": {
                "1024-blocks": "7181064",
                "Capacity": "9%",
                "name": "/dev/shm"
            },
            "/config": {
                "1024-blocks": "3269592",
                "Capacity": "11%",
                "name": "/config"
            },
            "/usr": {
                "1024-blocks": "4136432",
                "Capacity": "83%",
                "name": "/usr"
            },
            "/var": {
                "1024-blocks": "3096336",
                "Capacity": "37%",
                "name": "/var"
            },
            "/shared": {
                "1024-blocks": "20642428",
                "Capacity": "3%",
                "name": "/shared"
            },
            "/var/log": {
                "1024-blocks": "3023760",
                "Capacity": "8%",
                "name": "/var/log"
            },
            "/appdata": {
                "1024-blocks": "51607740",
                "Capacity": "3%",
                "name": "/appdata"
            },
            "/shared/rrd.1.2": {
                "1024-blocks": "7181064",
                "Capacity": "1%",
                "name": "/shared/rrd.1.2"
            },
            "/var/run": {
                "1024-blocks": "7181064",
                "Capacity": "1%",
                "name": "/var/run"
            },
            "/var/tmstat": {
                "1024-blocks": "7181064",
                "Capacity": "1%",
                "name": "/var/tmstat"
            },
            "/var/prompt": {
                "1024-blocks": "4096",
                "Capacity": "1%",
                "name": "/var/prompt"
            },
            "/var/apm/mount/apmclients-7170.2018.627.21-3.0.iso": {
                "1024-blocks": "298004",
                "Capacity": "100%",
                "name": "/var/apm/mount/apmclients-7170.2018.627.21-3.0.iso"
            },
            "/var/loipc": {
                "1024-blocks": "7181064",
                "Capacity": "0%",
                "name": "/var/loipc"
            },
            "/mnt/sshplugin_tempfs": {
                "1024-blocks": "7181064",
                "Capacity": "0%",
                "name": "/mnt/sshplugin_tempfs"
            }
        },
        "diskLatency": {
            "sda": {
                "r/s": "1.46",
                "w/s": "8.25",
                "%util": "0.09",
                "name": "sda"
            },
            "sdb": {
                "r/s": "1.00",
                "w/s": "0.00",
                "%util": "0.04",
                "name": "sdb"
            },
            "dm-0": {
                "r/s": "0.00",
                "w/s": "0.00",
                "%util": "0.00",
                "name": "dm-0"
            },
            "dm-1": {
                "r/s": "0.01",
                "w/s": "11.01",
                "%util": "0.01",
                "name": "dm-1"
            },
            "dm-2": {
                "r/s": "0.14",
                "w/s": "2.56",
                "%util": "0.00",
                "name": "dm-2"
            },
            "dm-3": {
                "r/s": "0.01",
                "w/s": "4.28",
                "%util": "0.01",
                "name": "dm-3"
            },
            "dm-4": {
                "r/s": "0.00",
                "w/s": "0.00",
                "%util": "0.00",
                "name": "dm-4"
            },
            "dm-5": {
                "r/s": "0.04",
                "w/s": "1.52",
                "%util": "0.00",
                "name": "dm-5"
            },
            "dm-6": {
                "r/s": "0.13",
                "w/s": "0.00",
                "%util": "0.00",
                "name": "dm-6"
            },
            "dm-7": {
                "r/s": "0.00",
                "w/s": "0.05",
                "%util": "0.00",
                "name": "dm-7"
            },
            "dm-8": {
                "r/s": "0.11",
                "w/s": "4.72",
                "%util": "0.01",
                "name": "dm-8"
            }
        },
        "networkInterfaces": {
            "1.1": {
                "counters.bitsIn": 0,
                "counters.bitsOut": 0,
                "status": "up",
                "name": "1.1"
            },
            "1.2": {
                "counters.bitsIn": 0,
                "counters.bitsOut": 0,
                "status": "up",
                "name": "1.2"
            },
            "mgmt": {
                "counters.bitsIn": 0,
                "counters.bitsOut": 0,
                "status": "up",
                "name": "mgmt"
            }
        },
        "provisioning": {
            "afm": {
                "name": "afm",
                "level": "nominal"
            },
            "am": {
                "name": "am",
                "level": "none"
            },
            "apm": {
                "name": "apm",
                "level": "nominal"
            },
            "asm": {
                "name": "asm",
                "level": "nominal"
            },
            "avr": {
                "name": "avr",
                "level": "nominal"
            },
            "dos": {
                "name": "dos",
                "level": "none"
            },
            "fps": {
                "name": "fps",
                "level": "none"
            },
            "gtm": {
                "name": "gtm",
                "level": "none"
            },
            "ilx": {
                "name": "ilx",
                "level": "none"
            },
            "lc": {
                "name": "lc",
                "level": "none"
            },
            "ltm": {
                "name": "ltm",
                "level": "nominal"
            },
            "pem": {
                "name": "pem",
                "level": "none"
            },
            "sslo": {
                "name": "sslo",
                "level": "none"
            },
            "swg": {
                "name": "swg",
                "level": "none"
            },
            "urldb": {
                "name": "urldb",
                "level": "none"
            }
        }
    },
    "virtualServers": {
        "/Common/app.app/app_vs": {
            "clientside.bitsIn": 0,
            "clientside.bitsOut": 0,
            "clientside.curConns": 0,
            "destination": "10.5.6.7:80",
            "availabilityState": "offline",
            "enabledState": "enabled",
            "mask": "255.255.255.255",
            "name": "/Common/foofoo.app/foofoo_vs",
            "appService": "/Common/foofoo.app/foofoo",
            "ipProtocol": "tcp",
            "tenant": "Common",
            "application": "foofoo.app"
        },
        "/Example_Tenant/A1/serviceMain": {
            "clientside.bitsIn": 0,
            "clientside.bitsOut": 0,
            "clientside.curConns": 0,
            "destination": "192.0.2.11:443",
            "availabilityState": "offline",
            "enabledState": "enabled",
            "mask": "255.255.255.0",
            "name": "/Example_Tenant/A1/serviceMain",
            "ipProtocol": "tcp",
            "tenant": "Example_Tenant",
            "application": "A1"
        },
        "/Example_Tenant/A1/serviceMain-Redirect": {
            "clientside.bitsIn": 0,
            "clientside.bitsOut": 0,
            "clientside.curConns": 0,
            "destination": "192.0.2.11:80",
            "availabilityState": "unknown",
            "enabledState": "enabled",
            "name": "/Example_Tenant/A1/serviceMain-Redirect",
            "tenant": "Example_Tenant",
            "application": "A1"
        }
    },
    "pools": {
        "/Common/app.app/app_pool": {
            "activeMemberCnt": 0,
            "serverside.bitsIn": 0,
            "serverside.bitsOut": 0,
            "serverside.curConns": 0,
            "availabilityState": "available",
            "enabledState": "enabled",
            "name": "/Common/app.app/app_pool",
            "members": {
                "/Common/10.0.3.5:80": {
                    "addr": "10.0.3.5",
                    "port": 0,
                    "serverside.bitsIn": 0,
                    "serverside.bitsOut": 0,
                    "serverside.curConns": 0,
                    "availabilityState": "available",
                    "enabledState": "enabled"
                }
            },
            "tenant": "Common",
            "application": "app.app"
        },
        "/Common/telemetry-local": {
            "activeMemberCnt": 0,
            "serverside.bitsIn": 0,
            "serverside.bitsOut": 0,
            "serverside.curConns": 0,
            "availabilityState": "available",
            "enabledState": "enabled",
            "name": "/Common/telemetry-local",
            "members": {
                "/Common/10.0.1.100:6514": {
                    "addr": "10.0.1.100",
                    "port": 0,
                    "serverside.bitsIn": 0,
                    "serverside.bitsOut": 0,
                    "serverside.curConns": 0,
                    "availabilityState": "available",
                    "enabledState": "enabled"
                }
            },
            "tenant": "Common",
            "application": ""
        },
        "/Example_Tenant/A1/hsl_pool": {
            "activeMemberCnt": 0,
            "serverside.bitsIn": 0,
            "serverside.bitsOut": 0,
            "serverside.curConns": 0,
            "availabilityState": "offline",
            "enabledState": "enabled",
            "name": "/Example_Tenant/A1/hsl_pool",
            "members": {
                "/Example_Tenant/192.168.120.6:514": {
                    "addr": "192.168.120.6",
                    "port": 0,
                    "serverside.bitsIn": 0,
                    "serverside.bitsOut": 0,
                    "serverside.curConns": 0,
                    "availabilityState": "offline",
                    "enabledState": "enabled"
                }
            },
            "tenant": "Example_Tenant",
            "application": "A1"
        },
        "/Example_Tenant/A1/web_pool": {
            "activeMemberCnt": 0,
            "serverside.bitsIn": 0,
            "serverside.bitsOut": 0,
            "serverside.curConns": 0,
            "availabilityState": "offline",
            "enabledState": "enabled",
            "name": "/Example_Tenant/A1/web_pool",
            "members": {
                "/Example_Tenant/192.0.2.12:80": {
                    "addr": "192.0.2.12",
                    "port": 0,
                    "serverside.bitsIn": 0,
                    "serverside.bitsOut": 0,
                    "serverside.curConns": 0,
                    "availabilityState": "offline",
                    "enabledState": "enabled"
                },
                "/Example_Tenant/192.0.2.13:80": {
                    "addr": "192.0.2.13",
                    "port": 0,
                    "serverside.bitsIn": 0,
                    "serverside.bitsOut": 0,
                    "serverside.curConns": 0,
                    "availabilityState": "offline",
                    "enabledState": "enabled"
                }
            },
            "tenant": "Example_Tenant",
            "application": "A1"
        }
    },
    "ltmPolicies": {
        "/Common/app.app/app_policy": {
            "invoked": 0,
            "succeeded": 0,
            "actions": {
                "default:1": {
                    "invoked": 0,
                    "succeeded": 0
                }
            },
            "name": "/Common/app.app/app_policy",
            "tenant": "Common",
            "application": "app.app"
        },
        "/Common/telemetry": {
            "invoked": 0,
            "succeeded": 0,
            "actions": {
                "default:0": {
                    "invoked": 0,
                    "succeeded": 0
                }
            },
            "name": "/Common/telemetry",
            "tenant": "Common",
            "application": ""
        }
    },
    "httpProfiles": {
        "/Common/app.app/app_http": {
            "cookiePersistInserts": 0,
            "getReqs": 0,
            "maxKeepaliveReq": 0,
            "numberReqs": 0,
            "postReqs": 0,
            "2xxResp": 0,
            "3xxResp": 0,
            "4xxResp": 0,
            "5xxResp": 0,
            "respLessThan2m": 0,
            "respGreaterThan2m": 0,
            "v10Reqs": 0,
            "v10Resp": 0,
            "v11Reqs": 0,
            "v11Resp": 0,
            "v9Reqs": 0,
            "v9Resp": 0,
            "name": "/Common/app.app/app_http",
            "tenant": "Common",
            "application": "app.app"
        },
        "/Common/http": {
            "cookiePersistInserts": 0,
            "getReqs": 0,
            "maxKeepaliveReq": 0,
            "numberReqs": 0,
            "postReqs": 0,
            "2xxResp": 0,
            "3xxResp": 0,
            "4xxResp": 0,
            "5xxResp": 0,
            "respLessThan2m": 0,
            "respGreaterThan2m": 0,
            "v10Reqs": 0,
            "v10Resp": 0,
            "v11Reqs": 0,
            "v11Resp": 0,
            "v9Reqs": 0,
            "v9Resp": 0,
            "name": "/Common/http",
            "tenant": "Common",
            "application": ""
        },
        "/Example_Tenant/A1/custom_http_profile": {
            "cookiePersistInserts": 0,
            "getReqs": 0,
            "maxKeepaliveReq": 0,
            "numberReqs": 0,
            "postReqs": 0,
            "2xxResp": 0,
            "3xxResp": 0,
            "4xxResp": 0,
            "5xxResp": 0,
            "respLessThan2m": 0,
            "respGreaterThan2m": 0,
            "v10Reqs": 0,
            "v10Resp": 0,
            "v11Reqs": 0,
            "v11Resp": 0,
            "v9Reqs": 0,
            "v9Resp": 0,
            "name": "/Example_Tenant/A1/custom_http_profile",
            "tenant": "Example_Tenant",
            "application": "A1"
        }
    },
    "clientSslProfiles": {
        "/Common/clientssl": {
            "activeHandshakeRejected": 0,
            "currentCompatibleConnections": 0,
            "currentConnections": 0,
            "currentNativeConnections": 0,
            "currentActiveHandshakes": 0,
            "decryptedBytesIn": 0,
            "decryptedBytesOut": 0,
            "encryptedBytesIn": 0,
            "encryptedBytesOut": 0,
            "fatalAlerts": 0,
            "handshakeFailures": 0,
            "peercertInvalid": 0,
            "peercertNone": 0,
            "peercertValid": 0,
            "protocolUses.dtlsv1": 0,
            "protocolUses.sslv2": 0,
            "protocolUses.sslv3": 0,
            "protocolUses.tlsv1": 0,
            "protocolUses.tlsv1_1": 0,
            "protocolUses.tlsv1_2": 0,
            "protocolUses.tlsv1_3": 0,
            "recordsIn": 0,
            "recordsOut": 0,
            "sniRejects": 0,
            "name": "/Common/clientssl",
            "tenant": "Common",
            "application": ""
        },
        "/Example_Tenant/A1/webtls": {
            "activeHandshakeRejected": 0,
            "currentCompatibleConnections": 0,
            "currentConnections": 0,
            "currentNativeConnections": 0,
            "currentActiveHandshakes": 0,
            "decryptedBytesIn": 0,
            "decryptedBytesOut": 0,
            "encryptedBytesIn": 0,
            "encryptedBytesOut": 0,
            "fatalAlerts": 0,
            "handshakeFailures": 0,
            "peercertInvalid": 0,
            "peercertNone": 0,
            "peercertValid": 0,
            "protocolUses.dtlsv1": 0,
            "protocolUses.sslv2": 0,
            "protocolUses.sslv3": 0,
            "protocolUses.tlsv1": 0,
            "protocolUses.tlsv1_1": 0,
            "protocolUses.tlsv1_2": 0,
            "protocolUses.tlsv1_3": 0,
            "recordsIn": 0,
            "recordsOut": 0,
            "sniRejects": 0,
            "name": "/Example_Tenant/A1/webtls",
            "tenant": "Example_Tenant",
            "application": "A1"
        }
    },
    "serverSslProfiles": {
        "/Common/serverssl": {
            "activeHandshakeRejected": 0,
            "currentCompatibleConnections": 0,
            "currentConnections": 0,
            "currentNativeConnections": 0,
            "currentActiveHandshakes": 0,
            "decryptedBytesIn": 0,
            "decryptedBytesOut": 0,
            "encryptedBytesIn": 0,
            "encryptedBytesOut": 0,
            "fatalAlerts": 0,
            "handshakeFailures": 0,
            "peercertInvalid": 0,
            "peercertNone": 0,
            "peercertValid": 0,
            "protocolUses.dtlsv1": 0,
            "protocolUses.sslv2": 0,
            "protocolUses.sslv3": 0,
            "protocolUses.tlsv1": 0,
            "protocolUses.tlsv1_1": 0,
            "protocolUses.tlsv1_2": 0,
            "protocolUses.tlsv1_3": 0,
            "recordsIn": 0,
            "recordsOut": 0,
            "name": "/Common/serverssl",
            "tenant": "Common",
            "application": ""
        }
    },
    "sslCerts": {
        "ca-bundle.crt": {
            "expirationDate": 0,
            "expirationString": "2019-01-01T01:01:01Z",
            "issuer": "CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies, Inc.,L=Scottsdale,ST=Arizona,C=US",
            "subject": "CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies, Inc.,L=Scottsdale,ST=Arizona,C=US",
            "name": "ca-bundle.crt"
        },
        "default.crt": {
            "email": "root@localhost.localdomain",
            "expirationDate": 0,
            "expirationString": "2019-01-01T01:01:01Z",
            "issuer": "emailAddress=root@localhost.localdomain,CN=localhost.localdomain,OU=IT,O=MyCompany,L=Seattle,ST=WA,C=US",
            "subject": "emailAddress=root@localhost.localdomain,CN=localhost.localdomain,OU=IT,O=MyCompany,L=Seattle,ST=WA,C=US",
            "name": "default.crt"
        },
        "f5-ca-bundle.crt": {
            "expirationDate": 0,
            "expirationString": "2019-01-01T01:01:01Z",
            "issuer": "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust, Inc.,C=US",
            "subject": "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust, Inc.,C=US",
            "name": "f5-ca-bundle.crt"
        },
        "f5-irule.crt": {
            "email": "support@f5.com",
            "expirationDate": 0,
            "expirationString": "2019-01-01T01:01:01Z",
            "issuer": "emailAddress=support@f5.com,CN=support.f5.com,OU=Product Development,O=F5 Networks,L=Seattle,ST=Washington,C=US",
            "subject": "emailAddress=support@f5.com,CN=support.f5.com,OU=Product Development,O=F5 Networks,L=Seattle,ST=Washington,C=US",
            "name": "f5-irule.crt"
        }
    },
    "networkTunnels": {
        "/Common/http-tunnel": {
            "hcInBroadcastPkts": 0,
            "hcInMulticastPkts": 0,
            "hcInOctets": 0,
            "hcInUcastPkts": 0,
            "hcOutBroadcastPkts": 0,
            "hcOutMulticastPkts": 0,
            "hcOutOctets": 0,
            "hcOutUcastPkts": 0,
            "inDiscards": 0,
            "inErrors": 0,
            "inUnknownProtos": 0,
            "outDiscards": 0,
            "outErrors": 0,
            "name": "/Common/http-tunnel",
            "tenant": "Common",
            "application": ""
        },
        "/Common/socks-tunnel": {
            "hcInBroadcastPkts": 0,
            "hcInMulticastPkts": 0,
            "hcInOctets": 0,
            "hcInUcastPkts": 0,
            "hcOutBroadcastPkts": 0,
            "hcOutMulticastPkts": 0,
            "hcOutOctets": 0,
            "hcOutUcastPkts": 0,
            "inDiscards": 0,
            "inErrors": 0,
            "inUnknownProtos": 0,
            "outDiscards": 0,
            "outErrors": 0,
            "name": "/Common/socks-tunnel",
            "tenant": "Common",
            "application": ""
        }
    },
    "deviceGroups": {
        "/Common/device_trust_group": {
            "commitIdTime": "2019-06-10T17:23:02.000Z",
            "lssTime": "-",
            "timeSinceLastSync": "-",
            "type": "sync-only",
            "name": "/Common/device_trust_group",
            "tenant": "Common"
        },
        "/Common/example_device_group": {
            "commitIdTime": "2019-05-31T01:11:48.000Z",
            "lssTime": "2019-05-31T01:11:48.000Z",
            "timeSinceLastSync": "1221553",
            "type": "sync-failover",
            "name": "/Common/example_device_group",
            "tenant": "Common"
        }
    },
    "iRules": {
        "/Common/_sys_APM_ExchangeSupport_OA_BasicAuth": {
            "events": {
                "RULE_INIT": {
                    "aborts": 0,
                    "avgCycles": 19014,
                    "failures": 0,
                    "maxCycles": 19014,
                    "minCycles": 8804,
                    "priority": 500,
                    "totalExecutions": 4
                }
            },
            "name": "/Common/_sys_APM_ExchangeSupport_OA_BasicAuth",
            "tenant": "Common",
            "application": ""
        },
        "/Common/_sys_APM_ExchangeSupport_OA_NtlmAuth": {
            "events": {
                "RULE_INIT": {
                    "aborts": 0,
                    "avgCycles": 28942,
                    "failures": 0,
                    "maxCycles": 28942,
                    "minCycles": 20102,
                    "priority": 500,
                    "totalExecutions": 4
                }
            },
            "name": "/Common/_sys_APM_ExchangeSupport_OA_NtlmAuth",
            "tenant": "Common",
            "application": ""
        }
    },
    "telemetryServiceInfo": {
        "pollingInterval": 0,
        "cycleStart": "2019-01-01T01:01:01Z",
        "cycleEnd": "2019-01-01T01:01:01Z"
    },
    "telemetryEventCategory": "systemInfo"
}

Back to top

iHealth Information Request

{
    "system": {
        "hostname": "localhost.localdomain",
        "ihealthLink": "https://ihealth-api.f5.com/qkview-analyzer/api/qkviews/11258541",
        "qkviewNumber": "11258541"
    },
    "diagnostics": [
        {
            "importance": "HIGH",
            "action": "For additional information, refer to the linked article.",
            "name": "H00040234",
            "solution": [
                {
                    "id": "K00040234",
                    "value": "https://support.f5.com/csp/article/K00040234"
                }
            ],
            "cveIds": [
                "CVE-2018-5744"
            ],
            "header": "BIND vulnerability CVE-2018-5744",
            "summary": "BIG-IPAttacker can exploit this vulnerability to cause memory exhaustion on the affected system.BIG-IQ, F5 iWorkflow, Enterprise Manager, and Traffix SDCThere is no impact for these F5 products; theyare not affected by this vulnerability.",
            "version": [
                {
                    "major": 14,
                    "minor": 1,
                    "maintenance": 0,
                    "point": 2,
                    "fix": ""
                }
            ]
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H01713115",
            "solution": [
                {
                    "id": "K01713115",
                    "value": "https://support.f5.com/csp/article/K01713115"
                }
            ],
            "cveIds": [
                "CVE-2019-6465"
            ],
            "header": "BIND vulnerability CVE-2019-6465",
            "summary": "BIG-IPAn attacker can exploit this vulnerabilitytorequest and receive a zonetransfer of a DLZ that bypassestheallow-transfer accesscontrol list.BIG-IQ, F5 iWorkflow, and Enterprise ManagerThese F5 products are not vulnerablein the default, standard, and recommended configurations. This vulnerability is exposed on these products when a custom configurationis applied to the named service.Traffix SDCThere is no impact for this F5 product; it is not affected by this vulnerability.",
            "version": [
                {
                    "major": 14,
                    "minor": 1,
                    "maintenance": 0,
                    "point": 2,
                    "fix": ""
                }
            ]
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H11315080",
            "solution": [
                {
                    "id": "K11315080",
                    "value": "https://support.f5.com/csp/article/K11315080"
                }
            ],
            "cveIds": [
                "CVE-2018-20685"
            ],
            "header": "OpenSSH vulnerability CVE-2018-20685",
            "summary": "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side."
        },
        {
            "importance": "LOW",
            "action": "For additional information, refer to the linked article.",
            "name": "H12252011",
            "solution": [
                {
                    "id": "K12252011",
                    "value": "https://support.f5.com/csp/article/K12252011"
                }
            ],
            "cveIds": [
                "CVE-2019-6109"
            ],
            "header": "OpenSSH vulnerability CVE-2019-6109",
            "summary": "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c."
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H21350967",
            "solution": [
                {
                    "id": "K21350967",
                    "value": "https://support.f5.com/csp/article/K21350967"
                }
            ],
            "cveIds": [
                "CVE-2019-6111"
            ],
            "header": "OpenSSH vulnerability CVE-2019-6111",
            "summary": "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file)."
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H21665601",
            "solution": [
                {
                    "id": "K21665601",
                    "value": "https://support.f5.com/csp/article/K21665601"
                }
            ],
            "cveIds": [
                "CVE-2018-0732"
            ],
            "header": "OpenSSL vulnerability CVE-2018-0732",
            "summary": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).",
            "version": [
                {
                    "major": 11,
                    "minor": 6,
                    "maintenance": 3,
                    "point": 3,
                    "fix": ""
                },
                {
                    "major": 12,
                    "minor": 1,
                    "maintenance": 4,
                    "point": 0,
                    "fix": ""
                },
                {
                    "major": 13,
                    "minor": 1,
                    "maintenance": 1,
                    "point": 2,
                    "fix": ""
                },
                {
                    "major": 14,
                    "minor": 1,
                    "maintenance": 0,
                    "point": 2,
                    "fix": ""
                }
            ]
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H24578092",
            "solution": [
                {
                    "id": "K24578092",
                    "value": "https://support.f5.com/csp/article/K24578092"
                }
            ],
            "cveIds": [
                "CVE-2017-6001"
            ],
            "header": "Linux kernel vulnerability  CVE-2017-6001",
            "summary": "Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786."
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H25244852",
            "solution": [
                {
                    "id": "K25244852",
                    "value": "https://support.f5.com/csp/article/K25244852"
                }
            ],
            "cveIds": [
                "CVE-2018-5745"
            ],
            "header": "BIND vulnerability CVE-2018-5745",
            "summary": "BIG-IPAn arbitrary attacker may exploit this vulnerability to cause a denial of service (DoS) on the named service.BIG-IQ, F5 iWorkflow, and Enterprise ManagerThese F5 products are not vulnerablein the default, standard, and recommended configurations. This vulnerability is exposed on these products when a custom configurationis applied to the named service.Traffix SDCThere is no impact for thisF5 product; it isnot affected by this vulnerability.",
            "version": [
                {
                    "major": 14,
                    "minor": 1,
                    "maintenance": 0,
                    "point": 2,
                    "fix": ""
                }
            ]
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H27228191",
            "solution": [
                {
                    "id": "K27228191",
                    "value": "https://support.f5.com/csp/article/K27228191"
                }
            ],
            "cveIds": [
                "CVE-2018-7159"
            ],
            "header": "Node.js vulnerability CVE-2018-7159",
            "summary": "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete."
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H28241423",
            "solution": [
                {
                    "id": "K28241423",
                    "value": "https://support.f5.com/csp/article/K28241423"
                }
            ],
            "cveIds": [
                "CVE-2018-18559"
            ],
            "header": "Linux kernel vulnerability CVE-2018-18559",
            "summary": "In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control."
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H29146534",
            "solution": [
                {
                    "id": "K29146534",
                    "value": "https://support.f5.com/csp/article/K29146534"
                }
            ],
            "cveIds": [
                "CVE-2018-3639"
            ],
            "header": "SBB Variant 4 vulnerability CVE-2018-3639",
            "summary": "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4."
        },
        {
            "importance": "HIGH",
            "action": "For additional information, refer to the linked article.",
            "name": "H37111863",
            "solution": [
                {
                    "id": "K37111863",
                    "value": "https://support.f5.com/csp/article/K37111863"
                }
            ],
            "cveIds": [
                "CVE-2018-12120"
            ],
            "header": "NodeJS vulnerability CVE-2018-12120",
            "summary": "Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable."
        },
        {
            "importance": "HIGH",
            "action": "For additional information, refer to the linked article.",
            "name": "H380432",
            "solution": [
                {
                    "id": "K10261",
                    "value": "https://support.f5.com/csp/article/K10261"
                },
                {
                    "id": "K13426",
                    "value": "https://support.f5.com/csp/article/K13426"
                }
            ],
            "cveIds": null,
            "header": "Log messages report an excessive number of login failures",
            "summary": "The /var/log/audit file reports a number of failed login attempts, which may indicate that an unauthorized user is attempting to gain access to the unit. F5 recommends that you audit these messages for any anomalies that may indicate attempted security breaches to your network."
        },
        {
            "importance": "LOW",
            "action": "For additional information, refer to the linked article.",
            "name": "H380932",
            "solution": [
                {
                    "id": "K16538",
                    "value": "https://support.f5.com/csp/article/K16538"
                }
            ],
            "cveIds": null,
            "header": "Optional modules or features may be configurable but will not function unless licensed",
            "summary": "Modules or features that are listed as optional modules in the BIG-IP license may be configurable; however, functionality for these modules or features is not active unless the license includes support for the module."
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H40523020",
            "solution": [
                {
                    "id": "K40523020",
                    "value": "https://support.f5.com/csp/article/K40523020"
                }
            ],
            "cveIds": [
                "CVE-2018-16658"
            ],
            "header": "Linux kernel vulnerability CVE-2018-16658",
            "summary": "An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940."
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H42142782",
            "solution": [
                {
                    "id": "K42142782",
                    "value": "https://support.f5.com/csp/article/K42142782"
                }
            ],
            "cveIds": [
                "CVE-2017-15121"
            ],
            "header": "Linux kernel vulnerability CVE-2017-15121",
            "summary": "A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary."
        },
        {
            "importance": "LOW",
            "action": "For additional information, refer to the linked article.",
            "name": "H42531048",
            "solution": [
                {
                    "id": "K42531048",
                    "value": "https://support.f5.com/csp/article/K42531048"
                }
            ],
            "cveIds": [
                "CVE-2019-6110"
            ],
            "header": "OpenSSH vulnerability CVE-2019-6110",
            "summary": "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred."
        },
        {
            "importance": "LOW",
            "action": "For additional information, refer to the linked article.",
            "name": "H441024",
            "solution": [
                {
                    "id": "K5532",
                    "value": "https://support.f5.com/csp/article/K5532"
                }
            ],
            "cveIds": null,
            "header": "Log levels are not set to the default value",
            "summary": "The logging levels indicated in the Output section are not set to their default values in the BigDB database. You may see less or more information than you expect. Use caution when changing a log level from its default setting."
        },
        {
            "importance": "LOW",
            "action": "For additional information, refer to the linked article.",
            "name": "H444724",
            "solution": [
                {
                    "id": "K7312",
                    "value": "https://support.f5.com/csp/article/K7312"
                },
                {
                    "id": "K13309",
                    "value": "https://support.f5.com/csp/article/K13309"
                }
            ],
            "cveIds": null,
            "header": "The management interface is allowing access from public IP addresses",
            "summary": "The management interface is ether configured to use a public IP address or is allowing public address to access the Configuration Utility."
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H45616155",
            "solution": [
                {
                    "id": "K45616155",
                    "value": "https://support.f5.com/csp/article/K45616155"
                }
            ],
            "cveIds": [
                "CVE-2018-16869"
            ],
            "header": "Nettle vulnerability CVE-2018-16869",
            "summary": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server."
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H494013",
            "solution": [
                {
                    "id": "K15497",
                    "value": "https://support.f5.com/csp/article/K15497"
                },
                {
                    "id": "K5962",
                    "value": "https://support.f5.com/csp/article/K5962"
                }
            ],
            "cveIds": null,
            "header": "A password policy is not configured or can be strengthened.",
            "summary": "F5 recommends that you configure a secure password policy for the BIG-IP system."
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H515693",
            "solution": [
                {
                    "id": "K16416",
                    "value": "https://support.f5.com/csp/article/K16416"
                }
            ],
            "cveIds": null,
            "header": "GNU C library strxfrm / strcoll overflow vulnerabilities",
            "summary": "The GNU C (glibc) strxfrm() function is prone to a remote integer-overflow vulnerability that leads to buffer overflow vulnerability. The GNU C (glibc) strcoll() function is prone to a stack-based buffer-overflow vulnerability."
        },
        {
            "importance": "LOW",
            "action": "For additional information, refer to the linked article.",
            "name": "H51801290",
            "solution": [
                {
                    "id": "K51801290",
                    "value": "https://support.f5.com/csp/article/K51801290"
                }
            ],
            "cveIds": [
                "CVE-2018-3640"
            ],
            "header": "RSRE Variant 3a vulnerability CVE-2018-3640",
            "summary": "Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a."
        },
        {
            "importance": "LOW",
            "action": "For additional information, refer to the linked article.",
            "name": "H539310",
            "solution": [
                {
                    "id": "K17120",
                    "value": "https://support.f5.com/csp/article/K17120"
                }
            ],
            "cveIds": [
                "CVE-2014-8134"
            ],
            "header": "Linux kernel vulnerability CVE-2014-8134",
            "summary": "The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value (CVE-2014-8134)"
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H54252492",
            "solution": [
                {
                    "id": "K54252492",
                    "value": "https://support.f5.com/csp/article/K54252492"
                }
            ],
            "cveIds": [
                "CVE-2018-3693"
            ],
            "header": "Side-channel processor vulnerability CVE-2018-3693",
            "summary": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. (CVE-2018-3693 also known as Spectre or Spectre-NG Variant 1.1)Bounds checking bypass - store"
        },
        {
            "importance": "HIGH",
            "action": "For additional information, refer to the linked article.",
            "name": "H626151",
            "solution": [
                {
                    "id": "K4679",
                    "value": "https://support.f5.com/csp/article/K4679"
                }
            ],
            "cveIds": null,
            "header": "BIG-IP evaluation and demonstration licenses may expire",
            "summary": "Production BIG-IP system license files do not expire; however, evaluation or demonstration BIG-IP licenses do expire. This applies to add-on module evaluation licenses for all modules. If you convert an evaluation or demonstration BIG-IP system to a production BIG-IP system, you must activate the new BIG-IP production license."
        },
        {
            "importance": "HIGH",
            "action": "For additional information, refer to the linked article.",
            "name": "H64292204",
            "solution": [
                {
                    "id": "K64292204",
                    "value": "https://support.f5.com/csp/article/K64292204"
                }
            ],
            "cveIds": [
                "CVE-2016-10010"
            ],
            "header": "OpenSSH vulnerability CVE-2016-10010",
            "summary": "sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c."
        },
        {
            "importance": "HIGH",
            "action": "For additional information, refer to the linked article.",
            "name": "H665966",
            "solution": [
                {
                    "id": "K52592992",
                    "value": "https://support.f5.com/csp/article/K52592992"
                }
            ],
            "cveIds": null,
            "header": "Overview of the Auto Last Hop feature on the MGMT interface",
            "summary": "You may need to configure a default specific route on the MGMT interface if you disable the Auto Last Hop feature on a BIG-IP system."
        },
        {
            "importance": "LOW",
            "action": "No action required. This issue has no impact on the system.",
            "name": "H701182",
            "solution": [],
            "cveIds": null,
            "header": "Non-ASCII characters removed from Qkview XML files",
            "summary": "Certain Non-ASCII characters cause parsing issues and prevent a ‘qkview’ file from being processed by iHealth. These characters are removed at upload time so that the ‘qkview’ file can be viewed in iHealth. This is strictly an issue in the ‘qkview’ file, not the system the ‘qkview’ file was generated from."
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked articles and http://support.ntp.org/bin/view/Servers/NTPPoolServers.",
            "name": "H726514",
            "solution": [
                {
                    "id": "K3122",
                    "value": "https://support.f5.com/csp/article/K3122"
                },
                {
                    "id": "K10240",
                    "value": "https://support.f5.com/csp/article/K10240"
                }
            ],
            "cveIds": null,
            "header": "There are not enough NTP servers either configured or reliably reachable, or the NTP daemon is not running",
            "summary": "F5 recommends that you configure at least three external NTP servers. If fewer than three Network Time Protocol (NTP) servers are reachable, the system will not be able to reliably detect incorrect time sources."
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H770025",
            "solution": [
                {
                    "id": "K15335",
                    "value": "https://support.f5.com/csp/article/K15335"
                }
            ],
            "cveIds": null,
            "header": "F5 recommends removing orphaned configuration objects",
            "summary": "Over the course of a system's operation, various configuration objects may become orphaned as they are created and then abandoned to accommodate changing business or application needs. While orphaned configuration objects do not initially cause problems, if allowed to accumulate, you can eventually encounter some of the following issues : performance degradation, increased memory and CPU utilization, and hindered administration from unnecessarily large configurations that can result in configuration conflicts such as IP address or object name conflicts."
        },
        {
            "importance": "MEDIUM",
            "action": "For additional information, refer to the linked article.",
            "name": "H94735334",
            "solution": [
                {
                    "id": "K94735334",
                    "value": "https://support.f5.com/csp/article/K94735334"
                }
            ],
            "cveIds": [
                "CVE-2018-10883"
            ],
            "header": "Linux kernel vulnerability CVE-2018-10883",
            "summary": "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image."
        }
    ],
    "telemetryServiceInfo": {
        "cycleStart": "Wed, 06 Mar 2019 20:35:19 GMT",
        "cycleEnd": "Wed, 06 Mar 2019 20:40:21 GMT"
    },
    "telemetryEventCategory": "ihealthInfo"
}

Back to top

LTM Request Log

Note

Log streams from LTM, AFM, ASM, and APM are not configured by Telemetry Streaming, they must be configured with AS3 or another method.

{
    "event_source":"request_logging",
    "event_timestamp":"2019-01-01:01:01.000Z",
    "hostname":"hostname",
    "client_ip":"192.0.2.42",
    "server_ip":"",
    "http_method":"GET",
    "http_uri":"/",
    "virtual_name":"/Common/app.app/app_vs",
    "tenant":"Common",
    "application":"app.app",
    "telemetryEventCategory": "LTM"
}

Back to top

AFM Request Log

Note

Log streams from LTM, AFM, ASM, and APM are not configured by Telemetry Streaming, they must be configured with AS3 or another method.

{
    "acl_policy_name":"/Common/app",
    "acl_policy_type":"Enforced",
    "acl_rule_name":"ping",
    "action":"Reject",
    "hostname":"telemetry.bigip.com",
    "bigip_mgmt_ip":"10.0.1.100",
    "context_name":"/Common/app.app/app_vs",
    "context_type":"Virtual Server",
    "date_time":"Dec 17 2018 22:46:04",
    "dest_fqdn":"unknown",
    "dest_ip":"10.0.2.101",
    "dst_geo":"Unknown",
    "dest_port":"80",
    "device_product":"Advanced Firewall Module",
    "device_vendor":"F5",
    "device_version":"14.0.0.1.0.0.2",
    "drop_reason":"Policy",
    "errdefs_msgno":"23003137",
    "errdefs_msg_name":"Network Event",
    "flow_id":"0000000000000000",
    "ip_protocol":"TCP",
    "severity":"8",
    "partition_name":"Common",
    "route_domain":"0",
    "sa_translation_pool":"",
    "sa_translation_type":"",
    "source_fqdn":"unknown",
    "source_ip":"50.206.82.144",
    "src_geo":"US/Washington",
    "source_port":"62204",
    "source_user":"unknown",
    "source_user_group":"unknown",
    "translated_dest_ip":"",
    "translated_dest_port":"",
    "translated_ip_protocol":"",
    "translated_route_domain":"",
    "translated_source_ip":"",
    "translated_source_port":"",
    "translated_vlan":"",
    "vlan":"/Common/external",
    "send_to_vs":"",
    "tenant":"Common",
    "application":"app.app",
    "telemetryEventCategory":"AFM"
}

Back to top

ASM Request Log

Note

Log streams from LTM, AFM, ASM, and APM are not configured by Telemetry Streaming, they must be configured with AS3 or another method.

{
    "hostname":"hostname",
    "management_ip_address":"10.0.1.4",
    "management_ip_address_2":"",
    "http_class_name":"/Common/app.app/app_policy",
    "web_application_name":"/Common/app.app/app_policy",
    "policy_name":"/Common/app.app/app_policy",
    "policy_apply_date":"2018-11-19 22:17:57",
    "violations":"Evasion technique detected",
    "support_id":"1730614276869062795",
    "request_status":"blocked",
    "response_code":"0",
    "ip_client":"50.206.82.144",
    "route_domain":"0",
    "method":"GET",
    "protocol":"HTTP",
    "query_string":"",
    "x_forwarded_for_header_value":"50.206.82.144",
    "sig_ids":"",
    "sig_names":"",
    "date_time":"2018-11-19 22:34:40",
    "severity":"Critical",
    "attack_type":"Detection Evasion,Path Traversal",
    "geo_location":"US",
    "ip_address_intelligence":"N/A",
    "username":"N/A",
    "session_id":"f609d8a924419638",
    "src_port":"49804",
    "dest_port":"80",
    "dest_ip":"10.0.2.10",
    "sub_violations":"Evasion technique detected:Directory traversals",
    "virus_name":"N/A",
    "violation_rating":"3",
    "websocket_direction":"N/A",
    "websocket_message_type":"N/A",
    "device_id":"N/A",
    "staged_sig_ids":"",
    "staged_sig_names":"",
    "threat_campaign_names":"",
    "staged_threat_campaign_names":"",
    "blocking_exception_reason":"N/A",
    "captcha_result":"not_received",
    "uri":"/directory/file",
    "fragment":"",
    "request":"GET /admin/..%2F..%2F..%2Fdirectory/file HTTP/1.0\\r\\nHost: host.westus.cloudapp.azure.com\\r\\nConnection: keep-alive\\r\\nCache-Control: max-age",
    "tenant":"Common",
    "application":"app.app",
    "telemetryEventCategory": "ASM"
}

Back to top

APM Request Log

Note

Log streams from LTM, AFM, ASM, and APM are not configured by Telemetry Streaming, they must be configured with AS3 or another method.

{
    "hostname":"telemetry.bigip.com",
    "errdefs_msgno":"01490102:5:",
    "partition_name":"Common",
    "session_id":"ec7fd55d",
    "Access_Profile":"/Common/access_app",
    "Partition":"Common",
    "Session_Id":"ec7fd55d",
    "Access_Policy_Result":"Logon_Deny",
    "tenant":"Common",
    "application":"",
    "telemetryEventCategory":"APM"
}

Back to top

AVR Request Log

{
    "hostname":"hostname.hostname",
    "SlotId":"0",
    "errdefs_msgno":"22282245",
    "Entity":"OffboxAll",
    "Module":"http",
    "AVRProfileName":"/Common/telemetry-http-analytics",
    "AggrInterval":"30",
    "EOCTimestamp":"1556577360",
    "HitCount":"678",
    "ApplicationName":"<Unassigned>",
    "VSName":"/Common/VIRTUAL_SERVER_NAME",
    "POOLIP":"X.X.X.X",
    "POOLIPRouteDomain":"0",
    "POOLPort":"YYYY",
    "URL":"/",
    "ResponseCode":"200",
    "BrowserName":"N/A",
    "OsName":"N/A",
    "ClientIP":"Z.Z.Z.Z",
    "ClientIPRouteDomain":"0",
    "SubnetName":"",
    "SubnetIP":"A.A.A.A",
    "SubnetRouteDomain":"0",
    "DeviceId":"0",
    "GeoCode":"N/A",
    "Method":"GET",
    "UserAgent":"USER_AGENT",
    "TPSMax":"23.000000",
    "ClientLatencyHitCount":"0",
    "ClientLatencyMax":"0",
    "ClientLatencyTotal":"0",
    "ServerLatencyMax":"5",
    "ServerLatencyMin":"1",
    "ServerLatencyTotal":"314",
    "ThroughputReqMaxPerSec":"14136",
    "ThroughputReqTotalPerInterval":"50172",
    "ThroughputRespMaxPerSec":"1458672",
    "ThroughputRespTotalPerInterval":"5175174",
    "UserSessionsNewTotal":"10901",
    "ServerHitcount":"678",
    "ApplicationResponseTime":"48",
    "MaxApplicationResponseTime":"4",
    "MinApplicationResponseTime":"1",
    "SosApplicationResponseTime":"84",
    "ClientTtfbHitcount":"678",
    "ClientTtfb":"922",
    "MaxClientTtfb":"15",
    "MinClientTtfb":"1",
    "SosClientTtfb":"1986",
    "ClientSideNetworkLatency":"69",
    "MaxClientSideNetworkLatency":"1",
    "MinClientSideNetworkLatency":"1",
    "SosClientSideNetworkLatency":"1",
    "ServerSideNetworkLatency":"950",
    "MaxServerSideNetworkLatency":"13",
    "MinServerSideNetworkLatency":"1",
    "SosServerSideNetworkLatency":"1794",
    "RequestDurationHitcount":"678",
    "RequestDuration":"0",
    "MaxRequestDuration":"0",
    "MinRequestDuration":"0",
    "SosRequestDuration":"0",
    "ResponseDurationHitcount":"678",
    "ResponseDuration":"157",
    "MaxResponseDuration":"3",
    "MinResponseDuration":"0",
    "SosResponseDuration":"173",
    "LatencyHistogram":"0,2,4,7,12,22,40,74,136,252,465,858,1585,2929,5412,10001,300000|635,38,5,0,0,0,0,0,0,0,0,0,0,0,0,0",
    "telemetryEventCategory":"AVR"
}

Back to top