Access Policy events Access Policy event messages include logs pertinent to access policy, sso, network access, and portal access. To view access policy events, run Access Policy reports; expand Access Policy and click Reports. |
Audit Logging Audit event messages are those that the Access Policy Manager system logs as a result of changes made to its configuration. |
The host name of the system that logged the event message. Because this is typically the host name of the local machine, the appearance of a remote host name could be of interest. | ||
The status code associated with the event. Note that only events logged by BIG-IP system components, and not operating system services, have status codes. | ||
Provides the description of the event so that it can be applicable to both Audit and Access policy logging. | Audit Access Policy |
1. |
2. | In the Log Rotation Period box, type a number between 0 and 90. The default value is 0. When set to 0, log database tables are rotated only when the database contains the maximum number of log entries. When set to a value between 1 and 90, log database tables are rotated every n number of days. (If the maximum number of log entries is reached despite regular rotation, log database tables are rotated regardless.) |
3. | In the Maximum Number Of Log Entries box, type a number between 100000 and 5000000 (100,000 and 5,000,000). Do not type commas. The default value is 5000000. |
4. | Click Update. |
1. |
2. | Next to Log Database Maintenance, click Delete. All records are deleted from the reporting log database. |
1. |
2. |
3. | Click Update. |
1. |
1. |
Access policy: Includes messages created during access policy validation, sso, network access, and portal access. |
Audit: Includes configuration changes. |
Access policy events: Messages are logged in a database; you can view them using Access Policy Manager reports. By default, messages are also logged to the /var/log/apm file. |
Audit events: Messages are logged in the /var/log/audit file when audit logging is enabled. |
DB_VARIABLE modified: name=config.auditing | |||
1. |
2. | On the menu bar, click Configuration, and select Options. The Logs screen changes to display the various logging options available. |
3. | Depending on the type of log messages you want to control, scroll down to Access Policy Logging. |
1. |
2. | On the menu bar, click Configuration, and select Options. The Logs screen changes to display the various logging options available. |
3. | Scroll down to Local Traffic Logging. |
Disable This turns audit logging off. This is the default value. |
Enable This causes the system to log messages for user-initiated configuration changes only. |
Verbose This causes the system to log messages for user-initiated configuration changes and any loading of configuration data. |
Debug This causes the system to log messages for all user-initiated and system-initiated configuration changes. |
1. |
2. |
3. | In the Audit Logging area near the bottom of the screen, select a log level from the Audit Logging list, which includes MCP and tmsh. |
4. | Click Update. |
2. | Run the report that you would like to use as the default. The report opens in a new tab. |
3. | In the report tab, click Set to default report. |
1. |
2. | To display data for a non-default time period, select the appropriate Restrict Time settings. |
3. |
a) | Scroll to the Session Reports list and select All Sessions > Run. The Report Parameters window opens, with a one-line description of the report and default Restrict by Time settings. |
b) | To display data for a non-default time period, select the appropriate Restrict by Time settings. |
c) |
5. |
1. |
2. |
3. |
4. | To display data for a non-default time period, select the appropriate Restrict by Time settings. |
5. | Click Run Reports. |
6. | To view variables for a particular session, click the View Session Variables link in the Active column. |
1. |
2. | Depending on the type of logs you want to view, type the following in the command line: adminreports.pl -aclogs adminreports.pl -logonlogs adminreports.pl -aclogsforsession session_id adminreports.pl -saforsession session_id adminreports.pl -count adminreports.pl -start <index> adminreports.pl -end <index> |
-aclogsforsession session_id | |
This returns entries starting from the given <index>. The default is the first entry <index is 1>/ | |
1. |
2. |
3. |
4. | At the bottom of the Custom Reports area, click the Create icon. A Design Custom Report window opens with 3 tabs: Report Fields, Report Constraints, and Sort Fields. |
5. | Type a unique name in the Report Name field. |
6. | On the Report Fields tab, under these folders: Users, Resources, Session, and Access Policy, select fields by clicking check boxes. |
7. | Optionally, create constraints on the Report Constraints tab and specify a sort order on the Sort Fields tab. For more information, see online help. |
8. | Click Save. The Design Custom Report window closes. The name of the newly created custom report is displayed under Report Names in the Custom Reports area. |
1. |
2. |
3. |
4. | Select the report to run and click Run Report. A Custom Report Parameters window opens, displaying a default time range and any previously configured constraints. |
5. | Change the values that are displayed or leave them as is; click Run Report. The report displays in a new tab. The report results are not updated until you run the report again. |
1. |
2. | Click Run Reports. The default report is displayed. |
3. |
4. | The Custom Reports area lists any custom reports and displays icons labeled as follows: |
Active Sessions: Displays the number of active sessions. |
New Sessions: Displays the number of new sessions |
Client Requests: Displays the total cache requests from the client. |
Request Served from RamCache: Displays the total number of cache hits. |
Requests Missed from RamCache: Displays the total number of cache misses. |
Throughput: Displays the amount of throughput for data transfers through the network access tunnels. |
Open Connections: Displays the number of open connections through the network access tunnels. |
New Connections: Displays the number of new connections through the network access tunnels. |
Compression: Displays the compression level through the network access tunnel. The Compression tab provides a gauge as well as a chart. |