charts
4 TopicsASM Chart scheduler simplfication.
Hello Folks, Need some help on ASM Chart scheduler. The requirement is to get every IP logged by ASM violations in the email chart. Idea is to get exact information we see under Security > Event Logs > Application, such as IP address / name of violation / country the IP belongs from etc. The issue is that the report that he receives is different than the output he sees when go to Security >> Event Logs: Application: Requests. The reports the customer receives has aggregated value and counters. We tried to use Multi-leveled report instead of Predefined filter, the issue is that the more options you select in Chart Path, the report will have more aggregated value (when multilevel is selected in Chart scheduler). Any idea how can we have all IPs / URL / Country etc information within the emailed chart. Or if we can have at least the following information would work as well. Any help on this? Thank you, Darshan497Views0likes6CommentsSecurity Chart Scheduler per Partition
Hello there, I got an issue trying to create Security Chart Scheduler per Partition, when I go to Security > Charts > Chart Scheduler tab, I cant change the partition of this tab, If I create the schedule there without changing the partition it creates at the default one (Common). If I go to another tab like LTM > Virtual Server, change the partition then get back to the Chart Scheduler tab, It'll create the schedule at the partition I choose at VS. At the CLI I can check it and shows the right info as much as I move the partition and list the charts, but at GUI Charts Scheduler screen it shows all of them, but with no partition, so I cant check if it's created right without going to the CLI, change from partition to partitions listing the charts one by one. And any of the charts, sends the information of the entire box (all partitions). Is this right? Is it supposed to work like this or it's not supposed to work at all? May it be a GUI bug? Did anyone saw this behavior before? root@xxx(Active)(/Common)(tmos) cd /Common/ root@xxx(Active)(/Common)(tmos) list analytics application-security scheduled-report analytics application-security scheduled-report TESTCHART1 { email-addresses { xxxx } first-time 2016-04-25:21:00:00 frequency every-24-hours include-total enabled next-time 2016-04-25:21:00:00 predefined-report-name "/Common/Top alarmed URLs" } root@xxx(Active)(/Common)(tmos) cd /Cliente1/ root@xxx(Active)(/Cliente1)(tmos) list analytics application-security scheduled-report analytics application-security scheduled-report "Principais URLs" { email-addresses { henrykrauss@gmail.com } first-time 2016-03-16:00:00:00 frequency every-24-hours include-total enabled last-sent-time 2016-04-22:00:01:07 multi-leveled-report { time-diff last-year view-by url } next-time 2016-04-23:00:00:00 partition Cliente1 smtp-config /Common/BR-CIS-REPO-01 } Platform Name: BIG-IP 4200 Version: 11.4.1 Thanks for the help.Solved427Views0likes1CommentUsing tmsh to Get a Specific ASM Chart
Hi, We're running some F5s on 11.4.1 in our environment with the ASM module enabled for which I have some policies in place. Via the web GUI I'm able to view a really useful chart by drilling down through the "Top violations with critical severity" pre-defined chart and I want to schedule this specific chart to run and dump out regularly (ideally as a .csv file to a network location but e-mail is also fine). The chart in question is: Severity: Critical >> Violation: Attack signature detected >> Security Policy: /my_partition/my_vs Is there a way I can configure this using TMSH? I've had a read through the "Traffic Management Shell Reference Guide" but I can't seem to put the correct pieces together. Appreciate any help/guidance please! Thanks, Rich322Views0likes7Comments