Manual Chapter : Reporting

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.1.0
Manual Chapter

About Access and SWG reports

Access reports focus on session and logging data from Access devices (managed devices with APM licensed and provisioned). SWG reports focus on user requests (for URLs or applications, for example) from Access devices with SWG provisioned.

Access reports and SWG reports provide the following features.

  • Reports on any combination of discovered devices, Access groups, and clusters.
  • Graphs for typical areas of concern and interest, such as cross-geographical comparisons or top 10 issues.
  • Tabular data to support the graphs.
  • Ability to drill down from summarized data to details.
  • Ability to save data to CSV files.

Setup requirements for Access and SWG reports

To produce Access reports and SWG reports, these tasks must already be complete.

  • Set up the BIG-IQ® logging nodes.
  • Add the BIG-IP® devices to BIG-IQ inventory.
  • Discover the devices. Devices with the APM® service configuration are what you need.
  • Run the remote logging configuration setup on the devices from the Access Reporting screen.

What data goes into Access reports for the All Devices option?

The All Devices option for Access reports includes data from the devices that are currently managed (discovered) in the BIG-IQ® system. This is in addition to data from devices that were managed at some point during the report timeframe, but that are not currently managed. With All Devices selected, if data from unmanaged devices exists, it displays in reports.

An unmanaged device might be unmanaged temporarily or permanently. Any time a configuration management change causes APM® to be undiscovered, the device and its data are moved to All Devices until APM is re-discovered on the device.

You cannot generate a report for an unmanaged device. However, you can generate a report for the timeframe when the device was managed, and then search the report for the unmanaged device name. In the Summary report, All Active Sessions includes the number of sessions that were active on the device when it became unmanaged. Those sessions stay in the Summary and in the Active sessions reports until the next session status update, which occurs every 15 minutes.

Running Access reports

For Access to have report data for a device, the device must have been added to the BIG-IQ® system, discovered, and had the Access remote logging configuration run for it.
You can create Access reports for any device with the APM® service configuration on it that has been discovered on the BIG-IQ system, whether or not the device is a member of Access group. To create a report, you can select any combination of Access groups, clusters, and devices.
  1. Log in to F5® BIG-IQ® Centralized Management with your user name and password.
  2. At the top left of the screen, select Access from the BIG-IQ menu.
  3. At the top of the screen, select Access Reporting.
    A Summary report (for all devices and a default timeframe) starts to generate and display.
  4. From the left, select any report that you want to run.
  5. At the top left of the screen, from the ACCESS GROUP/DEVICES list, either select one of the first two options (All Devices and All Managed Devices) or, select one or more of the other options (<Access group name>, <Cluster display name>, and <Device name>).
    • All Devices Includes Access devices that are currently managed, and Access devices that were managed at one time but are not managed now. (A managed device is one that has been discovered with the APM service configuration.)
    • All Managed Devices Includes all Access devices that are currently discovered.
    • <Access group name> - Select to include all devices in the Access group.
    • <Cluster display name> - Select to include the devices in the cluster.
    • <Device name> - Select to include the device. You can select any device from Managed Devices, <Access group name>, or <Cluster display name>.
  6. From the TIMEFRAME list, specify a time frame:
    • Select a predefined time period - These range from Last hour to Last 3 months.
    • Set a custom time period - Select Between, After, or Before, and click the additional fields that display the set dates and times that support your selection.
  7. To save report data in a comma-separated values file, click the CSV Report button.
    A CSV file downloads.

Getting the details that underlie an Access report

For Access to have report data for a device, the device must have been added to the BIG-IQ® system, discovered, and had the Access remote logging configuration run for it.
From the Summary report, and from most session reports, the initial display includes graphs that summarize the report data. You can get successively more detailed information by clicking a bar or a point on a graph or clicking a link if one is displayed on the screen.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top left of the screen, select Access from the BIG-IQ menu.
  3. At the top of the screen, click Access Reporting.
    The Summary report is an example of the type of report that presents high-level data, and provides access to underlying data.
    The Summary starts to generate and display. A timeline and some summaries display across the top of the screen. Graphs display under the summaries. Each graph provides different views of the data.
  4. Click anywhere in a summary to get more information.
    To get details from a summary, click the brightly colored number or the brightly colored bar.

    Top left portion of the Summary report display

    Additional graphs display, and supporting data displays in a table at the bottom of the screen.
  5. If more details are available, click the bars in the graphs to display more details.
  6. Scroll down to the table to view the supporting data.
  7. If the table includes a Session ID field, click the link in that field to open the session details.
    Session details report displays local time, hostname, log level, message, and a Session Variables tab.

    Session details popup screen (with addresses and host names blurred)

  8. To change which records display on this screen, select a log level from the LOG LEVEL list at the top of the screen.

Stopping sessions on BIG-IP devices from Access

For Access to have report data for a device, the device must have been added to the BIG-IQ® system, discovered, and had the Access remote logging configuration run for it.
You can stop currently active sessions on BIG-IP® devices, using the Active sessions report on the BIG-IQ system.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top left of the screen, select Access from the BIG-IQ menu.
  3. At the top of the screen, select Access Reporting.
    A SUMMARY report starts to generate and display.
  4. On the left, from Sessions, select Active.
    The screen displays a list of active sessions for all devices.
  5. To display sessions for particular devices, groups, or clusters only, select them from the ACCESS GROUP/DEVICE list at upper left.
    The screen displays the active sessions for the selected devices.
  6. To stop specific sessions only, select the sessions that you want to end and click Kill Selected Sessions.
  7. To stop all sessions, click Kill All Sessions.

Running SWG reports

For Access to have report data for a device, the device must have been added to the BIG-IQ® system, discovered, and had the Access remote logging configuration run for it.Only a device with SWG provisioned on it can provide data for SWG reports.
You can create SWG reports for Access groups, clusters (in Access groups), or devices that you select from the Access groups and clusters (in Access groups) on the BIG-IQ system.
  1. Log in to the BIG-IQ system with your user name and password.
  2. At the top left of the screen, select Access from the BIG-IQ menu.
  3. At the top of the screen, select SWG Reporting.
    A Summary report (for the managed devices and a default timeframe) starts to generate and display.
  4. From the left, select any report that you want to run.
  5. From the ACCESS GROUP/DEVICE list at upper left, select Managed Devices or select one or more of these options:
    • <Access group name> - Select to include all devices in the Access group.
    • <Cluster display name> - Select to include the devices in the cluster.
    • <Device name> - Select to include the device. You can select any device from Managed Devices, <Access group name>, or <Cluster display name>.
  6. From the TIMEFRAME list, specify a time frame:
    • Select a predefined time period - These range from Last hour to Last 3 months.
    • Set a custom time period - Select Between, After, or Before, and click the additional fields that display the set dates and times that support your selection.
  7. To save report data in a comma-separated values file, click the CSV Report button.
    A CSV file downloads.

Getting the details that underlie an SWG report

For Access to have report data for a device, the device must have been added to the BIG-IQ® system, discovered, and had the Access remote logging configuration run for it.Only a device with SWG provisioned on it can provide data for SWG reports.
From the Summary report, the initial display includes graphs that summarize the report data. You can get more detailed information by clicking a bar or a point on a graph to see additional graphs and tables with supporting entries.
  1. Log in to F5® BIG-IQ® Centralized Management with your user name and password.
  2. At the top left of the screen, select Access from the BIG-IQ menu.
  3. At the top of the screen, select SWG Reporting.
    The Summary starts to generate and display. A timeline and some summaries display across the top of the screen. Graphs display under the summaries. Each graph provide different views of the data.
  4. Click any bar in a graph on the display to get more information.
    Additional graphs provide different views of the data, and supporting data displays in a table at the bottom of the screen.
  5. If more details are available, click the bars in the graphs to display them.
  6. Scroll down to the table to view the supporting data.

About the maximum number records for Access and SWG reports

When you run an Access report or an SWG report, Access can get up to 10,000 records to display to you. After you scroll to the end of those 10,000 records, Access displays a message. At that point, all you can do is select fewer devices or select a shorter timeframe.

Setting the timeframe for your Access or SWG report

For Access to have report data for a device, the device must have been added to the BIG-IQ® system, discovered, and had the Access remote logging configuration run for it.
Use the TIMEFRAME list at the top of any Access or SWG report to change the report time period.
  1. Log in to F5® BIG-IQ® Centralized Management with your user name and password.
  2. At the top left of the screen, select Access from the BIG-IQ menu.
  3. At the top of the screen, select Access Reporting or SWG Reporting.
  4. To set a predefined timeframe, select one of these from the TIMEFRAME list: Last hour, Last day, Last week, Last 30 days, Last 3 months.
  5. To set a custom timeframe, select one of these from theTIMEFRAME list:
    • Between: Click each of the additional fields that display to select dates and times. The report displays the records between those dates and times.
    • Before: Click the additional fields that display to select a date and a time. The report displays the records before that date and time.
    • After: Click the additional fields that display to select a date and a time. The report displays the records after that date and time.

Access report problems: causes and resolutions

Problem Resolution
A session is over, but it continues to display in the Active sessions report. If a session starts when logging nodes are up and working, but terminates during a period when logging modes are unavailable, the session remains in the Active sessions report for 15 minutes. After 15 minutes, the session status is updated and the session is dropped from the report.
Active sessions are included in the Summary and Active sessions reports for a device that is no longer managed. Sessions were active on a device when it was removed from an Access group and became unmanaged. Sessions that were active when the device became unmanaged remain counted in All Active Sessions on the Summary screen and stay in the Active sessions report until the next session status update, which occurs every 15 minutes.
A session is over, but Session Termination and Session Duration are blank in a session report. If a session starts when logging nodes are up and working but terminates during a period when logging nodes are unavailable, the session termination is not recorded and the session duration cannot be calculated.

What can cause logging nodes to become unavailable?

Logging nodes are highly available, but it is still possible for them to become unavailable. This could occur, for example, if all logging nodes are on devices in the same rack in a lab, and the power to the lab shuts down.