This implementation describes how to set up the BIG-IP® system to collect application traffic so that you can troubleshoot problems that have become apparent by monitoring application statistics. For example, by examining captured requests and responses, you can investigate issues with latency, throughput, or reduced transactions per second to understand what is affecting application performance.
When Application Visibility and Reporting (AVR) is provisioned, you can create an Analytics profile that includes traffic capturing instructions. The system can collect application traffic locally, remotely, or both. If the system is already monitoring applications, you can also update an existing Analytics profile to make it so that it captures traffic.
If logging locally, the system logs the first 1000 transactions and displays charts based on the analysis of those transactions. For VIPRION® systems, the local logging consists of the first 1000 transactions multiplied by however many blades are installed. If logging remotely, the system logs information on that system; log size is limited only by any constraints of the remote logging system. To see updated application statistics, you can clear the existing data to display the current statistics.
After you finish a basic networking configuration of the BIG-IP® system, you must complete these prerequisites for setting up application statistics collection:
You can set up the system for capturing application traffic either locally or remotely (or both).
You typically use traffic capturing if you notice an application issue, such as trouble with throughput or latency, discovered when examining application statistics, and want to troubleshoot the system by examining actual transactions.
You can configure the BIG-IP system to capture application traffic and store the information locally or remotely (on Syslog servers or SIEM devices, such as Splunk). To do this, you create an Analytics profile designed for capturing traffic. The profile instructs the BIG-IP system to collect a portion of application traffic using the Application Visibility and Reporting (AVR) module.
|Max TPS and Throughput||Collects and logs statistics
regarding the maximum number of transactions occurring per second (TPS)
and the amount of traffic moving through the system.
Note: Maximum request and response throughput is collected and recorded separately. Each value is then displayed separately when you drill down into details of Transaction Outcomes ( ).
|HTTP Timing (RTT, TTFB, Duration)||Collects and logs statistics regarding the HTTP request and response times, including round-trip time, time to first byte and overall transaction duration time.|
|Page Load Time||Collects and logs statistics
regarding the time it takes an application user to get a complete
response from the application, including network latency and completed
Note: End-user response times and latencies can vary significantly based on geographic location and connection types.
|User Sessions||Collects and logs statistics
regarding the number of unique user sessions. For Timeout, select the
allowed minutes of user inactivity before the system considers the
session to be over.
For Cookie Secure Attribute, specify whether to secure session cookies:
|None||Specifies that the system does not capture request (or response) data.|
|Headers||Specifies that the system captures request (or response) header data only.|
|Body||Specifies that the system captures the body of requests (or responses) only.|
|All||Specifies that the system captures all request (or response) data, including header and body.|
|Any||Specifies that the system captures any traffic regardless of DoS activity.|
|Mitigated by Application DoS||Specifies that the system only captures DoS traffic if it was mitigated.|
|Virtual Servers||Select Allto capture traffic for all Virtual
Select Only to capture traffic from specific virtual servers. To specify, add virtual servers to the Selected Virtual Servers list from the Available Virtual Servers list.
|Nodes||Select Allto capture traffic from all
Select Only to capture traffic from specific nodes. To specify, add nodes to the Selected Nodes list from the Available Nodes list.
|Response Status Codes||Select Allto capture traffic, regardless of
the HTTP status response code.
Select Only to capture traffic with specific response status codes. To specify, add response status codes to the Selected Status Codes list from the Available Status Codes list.
|HTTP Methods||Select Allto capture traffic, regardless of
the HTTP request method.
Select Only to capture traffic with requests that contain a specific HTTP method. To specify, add methods to the Selected Methods list from the Available Methods list.
|URL||Select All to capture
traffic with requests for any URL.
Select Starts With to only capture traffic with requests for URLs that start with a specific string.
Note: If you select this option, and leave the list blank, the system will not capture any traffic.
Select Does not start with to capture traffic with requests for URLs except for those that start with a specific string.
Note: You can add up to 10 different strings to the list. If the list is blank, the system will capture traffic with requests for any URL.
|User Agent||Select All to capture
traffic sent from any browser.
Select Contains to only capture traffic sent from a browser that contains a specific string.
Note: You can add up to 10 different strings to the list. If the list is blank, the system will capture traffic sent from any browser.
|Client IP Address||Select All to capture
traffic sent to, or from, any client IP address.
Select Only to only capture traffic sent to or from a specific client IP address.
Note: You can add up to 10 different IP addresses to the list. If the list is blank, the system will capture traffic sent to, or from, any IP address.
|Request Containing String||Select All to capture all
Select Search in filter captured traffic that includes a specific string contained in the request.
|Response Containing String||Select All to capture all
Select Search in filter captured traffic that includes a specific string contained in the response.