Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Problem to generate ASM reports using iControl REST API

Joao_Luis
Nimbostratus
Nimbostratus

I'm having trouble to use iControl API do generate BIG-IP reports. I need to connect to IControl API to collect reports of ASM statistics to feed an external tool with monitoring dasboards. I managed to extract simple data such as Statistics of a LTM Pool, or details of an ASM Policy, but I could not use the reports endpoint provided by iControl API. For reference I can generate a basic report of ASM Violations using TMSH but could not do the same using iControl Rest API:

TMSH:
show analytics asm-violation report view-by policy limit 10 range now-1d

iControl:
POST https://Management-IP/mgmt/tm/analytics/asm-violation/report
JSON sent in the HTTP  BODY:
{
"limit": 10,
"range": "now-1d",
"viewBy": "policy"
}

I believe that I'm strugglin to generate a valid JSON with the parameters to use on the request. I'm getting the JSON reference to be used from the API itself, making a GET on /example at the end of the Endpoint. In this case: GET https://Management-IP/mgmt/tm/analytics/asm-violation/report/example

 

From the reference JSON retrieved I manage to shape it just with the necessary parameters  to use on the request to generate the report with the data that I need. For this specific case I'm having this response from iControl API:

{
"code": 403,
"message": "Operation is not allowed on component /analytics/asm-violation/report.",
"errorStack": [],
"apiError": 1
}

I'm using these documents as references to understand how to connect to iControl Rest API and generate reports:
https://cdn.f5.com/websites/devcentral.f5.com/downloads/bigip-analytics-rest-api-user-12-0-0.pdf
https://cdn.f5.com/websites/devcentral.f5.com/downloads/icontrol-rest-api-user-guide-16-1-0.pdf

 

P.S.: I'm using Postman to simulate the client during these tests to validate the request to be used by the external tool that will connect direct to iControl API to generate these reports.

4 REPLIES 4

JRahm
Community Manager
Community Manager

Hi @Joao_Luis...you stumped me! I've asked some folks internally. Seems by the AVR guide you need to generate the report in order to then query the prepared stats in a report, but that doesn't seem to apply to this particular endpoint, at least in my limited testing. I'll get back to you when I hear something.

Joseph_Martin
F5 Employee
F5 Employee

@Joao_Luis , it is hard to tell exactly what is your issue without seeing the JSOn body that you are POSTing.

If you can share that, we can provide more specific help.

For now, I was able to generate a very basic ASM report by POSTing to /mgmt/tm/analytics/application-security/generate-report/ with this JSON body:

{
    "reportFeatures": [
        "entities-count"
    ],
    "viewDimensions": [
        {
            "dimensionName": "policy"
        }
    ]
}

For which I got this reponse:

{
    "analyticsModule": "application-security",
    "reportFeatures": [
        "entities-count"
    ],
    "timeRange": {
        "from": 1675017375000000,
        "to": 1675020975000000
    },
    "viewDimensions": [
        {
            "dimensionName": "policy"
        }
    ],
    "pagination": {
        "numberOfResults": 10,
        "skipResults": 0
    },
    "partition": "[All]",
    "user": "admin",
    "queries": {},
    "queryStatuses": {},
    "queryResultLinks": {},
    "avrCategory": "application-security",
    "id": "08d94d8d-a44c-4a42-b62b-bfeac9141016",
    "status": "CREATED",
    "generation": 1,
    "lastUpdateMicros": 1675020975245532,
    "kind": "tm:analytics:application-security:generate-report:avrgeneratereporttaskitemstate",
    "selfLink": "https://localhost/mgmt/tm/analytics/application-security/generate-report/08d94d8d-a44c-4a42-b62b-bfeac9141016"
}

Note in the response the report id.  In my case, "08d94d8d-a44c-4a42-b62b-bfeac9141016".

Once the report is finished, you can view the report results by sending a GET request to /mgmt/tm/analytics/application-security/report-results/<report_id>.

Again, if you can provide the JSON body that you are sendign to the generate-report endpoint we can provide more specific guidance.

Hi @Joseph_Martin 

 

I'm using as reference the JSON returned by the API: GET https://Managment-IP/mgmt/tm/analytics/asm-violation/report/example

{
    "kind": "tm:analytics:asm-violation:report:reportstats",
    "selfLink": "https://localhost/mgmt/tm/analytics/asm-violation/report/example?ver=16.1.3.1",
    "propertyDescriptions": {
        "device": "Specifies a BIG-IP device to generate a report on.",
        "deviceGroup": "",
        "deviceList": "Specifies a custom list of BIG-IP devices to generate a report on.",
        "displayedMeasure": "When more than one measure is selected, this field specifies the measure that is shown in the timeseries chart and the bar/pie chart.",
        "drilldown": {
            "entity": "Specifies the entity that is used as a filter.",
            "values": "Specifies the values by which the entity will be filtered. Values that contain whitespace must be surrounded by single or double quotes."
        },
        "emailAddresses": "Specifies a list of email addresses which the report file is sent to.",
        "file": "Specifies the exported file path to be saved. The specified file name should be simple (not a full path).",
        "format": "Specifies the exported file format to be saved or sent.",
        "limit": "Specifies the (maximum) number of rows in the output result set. The default limit is 10 rows, not including the \"Total\" row. The maximum limit is 1000 rows.",
        "measures": "Specifies a list of measures that can be specified for the chosen entity type. Default setting is dependant on the selected \"view-by\" entity.",
        "orderBy": {
            "measure": "Specifies the measure by which the report results will be ordered.",
            "sortType": "Specifies the type of sorting (ascending/descending) that should be used."
        },
        "range": "Specifies the time/date range of the analytics information that you want to display.  The given results will reflect the time range chosen here. Default setting : last hour ( now--now-1h )",
        "smtpConfigOverride": "Specifies the SMTP configuration to use when sending reports by email. This overrides the default SMTP settings.",
        "viewBy": "The main entity by which the report will be viewed"
    },
    "device": "",
    "deviceGroup": "",
    "deviceList": "",
    "displayedMeasure": "",
    "drilldown": [],
    "emailAddresses": [],
    "file": "",
    "format": "",
    "limit": 0,
    "measures": [],
    "orderBy": [],
    "range": "",
    "smtpConfigOverride": "",
    "viewBy": "",
    "naturalKeyPropertyNames": []
}

Taking this JSON as reference I reduced it to this JSON below:

{
    "kind": "tm:analytics:asm-violation:report:reportstats",
    "selfLink": "https://localhost/mgmt/tm/analytics/asm-violation/report/example?ver=16.1.3.1",        
    "limit": 10,    
    "range": "now-1d",    
    "viewBy": "policy"
}

And the response that I receive is this:

{
    "code": 403,
    "message": "Operation is not allowed on component /analytics/asm-violation/report.",
    "errorStack": [],
    "apiError": 1
}

 

Did you manage to find the solution?

 

What about the article below as for a filter you can use not only the support id but also the request status etc. (what you see in the GUI basically).

K50284219: Exporting ASM Event Report in html using iControl Rest API

https://my.f5.com/manage/s/article/K50284219

 

 

Also in the link below I see only the urls that @Joseph_Martin  suggested to you https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_analytics.html