cancel
Showing results for 
Search instead for 
Did you mean: 

ASM OIDs for Monitoring

Brian_Saunders1
Altostratus
Altostratus
Hey All,

 

 

Anyone know if there are any ASM OID's to be able to snmp poll the F5 ASM module for statistics? The only thing I see within the MIB files are just the ability to send snmp traps.

 

 

BSaunders

 

18 REPLIES 18

hooleylist
Cirrostratus
Cirrostratus
Hi,

 

 

What exactly are you trying to monitor via SNMP? Connection stats, resource utilization, policy names or other config, etc?

 

 

Aaron

Brian_Saunders1
Altostratus
Altostratus
Hey Aaron,

 

 

I think we would be interested in polling for the ASM Traffic Statistics (Blocked, Alarmed, Dropped), ASM Network Statistics (Transactions Per Second), and Anamoly Statistics (DoS Attacks, Brute Force Attacks, IP Enforcer, Web Scraping). We use PRTG for monitoring systems and wanted to setup some custom SNMP sensors based off of OID strings on the ASM. This a possibility on the ASM?

 

 

Thanks,

 

 

Brian

That's it Brian, things like this.

 

Thanks

 

Brian_Saunders1
Altostratus
Altostratus
So I guess you can't SNMP poll the LTM for stats on the ASM module?

Allen_Michael_C
Nimbostratus
Nimbostratus

I am interested in the same kind of metrics as Brian. Is it possible now?

 

Nik
Altostratus
Altostratus

also intersted in obtaining metrics for blocked, warned, etc.

 

adharkrader_164
Nimbostratus
Nimbostratus

Count me in. We're implementing the "new" DoS in ASM 11.6 and it appears that ltmDosAttackDataStatTable isn't actually being populated during an attack.

 

Beyond the attack itself, we'd like to know what the "normal" TPS is... say, average TPS and 95%ile. That would certainly help tune the DoS policies, up-front and as time goes on. Is that already being tracked somewhere?

 

boneyard
MVP
MVP

another vote for this. lots of statistics can be read, but ASM is severely lacking from this. blocked per minute / hour / day is quite useful to be able to see a sudden increase.

 

but seeing how security reporting is more and more pushed to external logging servers anyway i wonder if we are going to see it.

 

Is there any update for this topic. We want also implement DoS monitoring on our PRTG system

 

Dani_Gallardo
Nimbostratus
Nimbostratus

Count me in too, in fact we also want to add this into our PRTG.

 

Thanks in advance, Dani

 

Greg_Volk_34649
Nimbostratus
Nimbostratus

I am also looking for pollable SNMP objects related to ASM actions.

 

Typically F5 does a decent job of implementing detailed, accurate, and useful SNMP gauge and counter objects for time series monitoring. The only ASM related objects I can find in the MIBs appear to be traps which are not that effective for trending this kind of activity.

 

It would be nice to see a response from F5 on this very valid request that has been around for five years.

 

--

 

2017-05-10 adding new info

 

I opened a ticket on this and the engineer escalated it into feature request ID663539 - Add SNMP MIBs for collecting statistics from ASM.

 

Any news?

 

contact F5 support or your F5 sales team and inform about: feature request ID663539 - Add SNMP MIBs for collecting statistics from ASM.

 

Hi

Is it still under feature request?

 

it isnt implemented yet as far as im aware.

 

best way is to check with your F5 sales team and ask about ID663539. also be sure to report back here if you can.

F5 told me no ETA . so i don't think it will be available soon .

 

Ton_van_Oostvee
Altostratus
Altostratus

Would be great for our Customers user experience if we could monitor F5 ASM request blocks with a tool like PRT or Nagios.

The default F5 ASM reporting is far to slow and clumpsy to react fast on the many false positive blocked requests on our customer portal!

posting here helps people here but doesn't get a message towards F5 product management i believe, so be sure to contact your F5 sales team mention: feature request ID663539 - Add SNMP MIBs for collecting statistics from ASM.