Lab 2.1: Configure AVR Profiles

An Analytics profile is a set of definitions that determines the circumstances under which the system gathers, logs, notifies, and graphically displays information regarding traffic to an application or service. The Analytics module requires that you select an Analytics profile for each application you want to monitor. You associate the Analytics profile with one or more virtual servers used by the application / service.

In the Analytics profile, you customize:
  • What statistics to collect
  • Where to collect data (locally, remotely, or both)
  • Whether to capture the traffic itself
  • Whether to send notifications.

Task 1 - Import the Postman Collection & Environment

In this task you will Import a Postman Collection & Environment for this lab. Perform the following steps to complete this task:

  1. Open the Postman tool by clicking the image8 icon of the desktop of your Linux Jumphost (Postman should be open from previous Lab)
  2. Click the ‘Import’ button in the top left of the Postman window

image87

  1. Click the ‘Import from Link’ tab. Paste the following URL into the text box and click ‘Import’

    https://raw.githubusercontent.com/jarrodlucia/bigip_elk_server/develop/postman_collections/SP Modules.postman_collection.json
image88

  1. You should now see a collection named ‘SP Modules’ in your Postman Collections sidebar:

    postman_sp_mod

  2. Import the Environment file by clicking ‘Import’ -> ‘Import from Link’ and pasting the following URL and clicking ‘Import’:

    https://raw.githubusercontent.com/jarrodlucia/bigip_elk_server/develop/postman_collections/F5 SPDevOps.postman_environment.json
postman_sp_env

Task 2 – Configure TCP Analytics

In this task we will query and configure TCP AVR profile. This will be done using REST API (explored in previous Lab)

Perform the following steps to complete this task:

  1. Click the ‘TCP Analytics’ item in the SP Module Postman Collection

  2. Notice that we are sending a GET request to the /mgmt/tm/ltm/profile/tcp-analytics endpoint. Check the body returned and observer the default values.

    get_tcp_profile

  3. Click on the ‘Create TCP Analytics Profile’ , check the body message for ELK_PEM_Publisher (We will use the PEM index in ELK for logging TCP Optimisation)

    create_tcp_profile

  4. Verify in BIG-IP TMUI that the new profile was created.

    verify_tcp_profile

  5. Add in the VS manually (This is not available in REST API currently)

    add_tcp_vs

Task 3 – Configure PEM Analytics

In this task we will query and configure PEM AVR profile. This will be done using REST API (explored in previous Lab)

Perform the following steps to complete this task:

  1. Click the ‘PEM’ item in the SP Module Postman Collection

  2. Notice there are two sections we must update Global and Classification. We will do Global first, click on ‘Request PEM Global Analytics Options’ we are sending a GET request to the /mgmt/tm/pem/global-settings/analytics endpoint. Check the body returned and observer the default values.

    get_pem_global

  3. Click on the ‘Update PEM Global Analytics Options - External Logging’ , check the body message for ELK_PEM_Publisher.

    update_pem_global

  4. Verify in BIG-IP TMUI that the new updates where changed in PEM global options.

  5. Click on ‘Request PEM Classification Profile’ we are sending a GET request to the /mgmt/tm/ltm/profile/classification/classification_pem endpoint. Check the body returned and observer the default values.

    get_pem_class

  6. Click on the ‘Update PEM Classification Profile’ , check the body message for ELK_PEM_Publisher.

    update_pem_class

  7. Verify in BIG-IP TMUI that the new updates where changed in PEM Classification.

Task 4 – Configure AFM Analytics

In this task we will query and configure AFM AVR profile and Logging. This will be done using REST API (explored in previous Lab)

Perform the following steps to complete this task:

  1. Click the ‘AFM’ item in the SP Module Postman Collection

  2. Notice there are two sections we must update Security Reporting and Event Logging. We will do Security Reporting first, click on ‘Request AFM Security Reporting Settings’ we are sending a GET request to the /mgmt/tm/security/analytics/settings endpoint. Check the body returned and observer the default values.

    get_afm_report

  3. Click on the ‘Update AFM Security Reporting Settings’ , check the body message for ELK_AFM_Publisher.

    update_afm_report

  4. Verify in BIG-IP TMUI that the new updates where changed in AFM Report Settings.

Note

Request AFM Device DoS Settings - Can be used to report on settings currently set, however REST API cannot be used to update these settings at this time.

  1. Click on ‘Request AFM Event Logger’ we are sending a GET request to the /mgmt/tm/security/log/profile/ endpoint. Check the body returned and observer the default values.

    get_afm_log

  2. Click on the ‘Create AFM Event Log Profile’ , check the body message for ELK_AFM_Publisher.

    create_afm_log

  3. Addtional Steps are required for AFM as not all REST commands can configure all sections at this time. Go to TMUI on BIG-IP and navigate to Security / Event Logs / Logging Profiles. Change Publishers and tick events to log.

    update_afm_log_1

    Update Network Firewall tab and click update.

    update_afm_log_2

Task 5 – Configure DNS Analytics

In this task we will query and configure DNS AVR profile. This will be done using REST API (explored in previous Lab)

Perform the following steps to complete this task:

  1. Click the ‘DNS’ item in the SP Module Postman Collection

  2. Notice that we are sending a GET request to the /mgmt/tm/ltm/profile/dns-logging endpoint. Check the body returned and observer the default values.

    get_dns_log

  3. Click on the ‘Create DNS Log Profile’ , check the body message for ELK_DNS_Publisher.

    create_dns_log

  4. Verify in BIG-IP TMUI that the new profile was created.

Previous Next