I think we would be interested in polling for the ASM Traffic Statistics (Blocked, Alarmed, Dropped), ASM Network Statistics (Transactions Per Second), and Anamoly Statistics (DoS Attacks, Brute Force Attacks, IP Enforcer, Web Scraping). We use PRTG for monitoring systems and wanted to setup some custom SNMP sensors based off of OID strings on the ASM. This a possibility on the ASM?
Count me in. We're implementing the "new" DoS in ASM 11.6 and it appears that ltmDosAttackDataStatTable isn't actually being populated during an attack.
Beyond the attack itself, we'd like to know what the "normal" TPS is... say, average TPS and 95%ile. That would certainly help tune the DoS policies, up-front and as time goes on. Is that already being tracked somewhere?
another vote for this. lots of statistics can be read, but ASM is severely lacking from this. blocked per minute / hour / day is quite useful to be able to see a sudden increase.
but seeing how security reporting is more and more pushed to external logging servers anyway i wonder if we are going to see it.
I am also looking for pollable SNMP objects related to ASM actions.
Typically F5 does a decent job of implementing detailed, accurate, and useful SNMP gauge and counter objects for time series monitoring. The only ASM related objects I can find in the MIBs appear to be traps which are not that effective for trending this kind of activity.
It would be nice to see a response from F5 on this very valid request that has been around for five years.
2017-05-10 adding new info
I opened a ticket on this and the engineer escalated it into feature request ID663539 - Add SNMP MIBs for collecting statistics from ASM.
Would be great for our Customers user experience if we could monitor F5 ASM request blocks with a tool like PRT or Nagios.
The default F5 ASM reporting is far to slow and clumpsy to react fast on the many false positive blocked requests on our customer portal!
posting here helps people here but doesn't get a message towards F5 product management i believe, so be sure to contact your F5 sales team mention: feature request ID663539 - Add SNMP MIBs for collecting statistics from ASM.