ASM Reporting feature

Question

Hello, &nbsp;I am trying to generate some report using the Reporting feature available on ASM. However, I have strange results for example : Report for top 20 IP on a defined period (1st day to 1st day of the next month) I can see an IP with X hits When i search on this IP on events logs (with same period), i have more logs than what is generated in the report. &nbsp;Hits for an IP and no logs (illegal requests)&nbsp;I am on BigIP 14.1.2.X Have anyone already encounter this kind of behavior with the reporting capability of ASM ? Or are there any specification on the Reporting capabilities ? &nbsp;Best Regards.

andrew-f5 · Answer

ASM uses the AVR module to collect and report its statistical data. AVR aggregates logs by smaller segments - 1 day logs collected over 7 days get aggregated to a 1 week log, 1 week log over 4 weeks turns into 1 month aggregated, etc and it's this behavior that causes you to see a difference compared to the ASM request logs. The ASM requests logs do not aggregate.

Forum Discussion

ASM Reporting feature

Recent Discussions

SSL bridging without SSL proxy forward

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

Should config via cli rather than gui?

Related Content

Re: BigIP Report

Multiple Ways to Configure Usage Reporting in NGINX

F5 ICAP over SSL/TLS (Secure ICAP) with F5 ASM/AWAF Antivirus Protection feature

Experience the power of F5 NGINX One with feature demos

BigIP Report Old

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS