This implementation describes how to set up the BIG-IP® system to collect application traffic so that you can troubleshoot problems that have become apparent by monitoring application statistics. For example, by examining captured requests and responses, you can investigate issues with latency, throughput, or reduced transactions per second to understand what is affecting application performance.
When Application Visibility and Reporting (AVR) is provisioned, you can create an Analytics profile that includes traffic capturing instructions. The system can collect application traffic locally, remotely, or both. If the system is already monitoring applications, you can also update an existing Analytics profile to make it so that it captures traffic.
If logging locally, the system logs the first 1000 transactions and displays charts based on the analysis of those transactions. For VIPRION® systems, the local logging consists of the first 1000 transactions multiplied by however many blades are installed. If logging remotely, the system logs information on that system; log size is limited only by any constraints of the remote logging system. To see updated application statistics, you can clear the existing data to display the current statistics.
After you finish a basic networking configuration of the BIG-IP® system, you must complete these prerequisites for setting up application statistics collection:
You can set up the system for capturing application traffic either locally or remotely (or both).
You typically use traffic capturing if you notice an application issue, such as trouble with throughput or latency, discovered when examining application statistics, and want to troubleshoot the system by examining actual transactions.
You can configure the BIG-IP® system to capture application traffic and store the information locally or remotely (on Syslog servers or SIEM devices, such as Splunk). To do this, you create an Analytics profile designed for capturing traffic. The profile instructs the BIG-IP system to collect a portion of application traffic using the Application Visibility and Reporting (AVR) module.
|Max TPS and Throughput||Collects statistics showing the maximum number of transactions occurring per second and the amount of traffic moving through the system (maximum request and response throughput is collected and recorded separately).|
|Page Load Time||Tracks how long it takes an application user to get a complete
response from the application, including network latency and completed
Note: End-user response times and latencies can vary significantly based on geography and connection types.
|User Sessions||Stores the number of unique user sessions. For
Timeout, select the number of minutes of user
inactivity to allow before the system considers the session to be over.
For Cookie Secure Attribute, specify whether to secure session cookies. Options are Always, the secure attribute is always added to the session cookie; Never, the secure attribute is never added to the session cookie; or Only SSL, the secure attribute is added to the session cookie only when the virtual server has a client SSL profile (the default value).
|URLs||Collects the requested URLs.|
|Countries||Saves the name of the country where the request came from, and is based on the client IP address criteria.|
|Client IP Addresses||Saves the IP address where the request originated. The address saved also depends on whether the request has an XFF (X-forwarded-for) header and whether the HTTP profile accepts XFF headers.|
|Client Subnets||Saves statistics for predefined client subnets. Client subnets can be added in the Subnets area of the default HTTP Analytics profile.|
|Response Codes||Saves HTTP response codes that the server returned to requesters.|
|User Agents||Saves information about browsers making the request.|
|Methods||Saves HTTP methods in requests.|
|None||Specifies that the system does not capture request (or response) data.|
|Headers||Specifies that the system captures request (or response) header data only.|
|Body||Specifies that the system captures the body of requests (or responses) only.|
|All||Specifies that the system captures all request (or response) data.|