F5 LTM

F5® BIG-IP® Local Traffic Manager™ (LTM) delivers applications to users in a reliable, secure, and optimized way. Events from LTM can be forwarded to DataBee via telemetry streaming.

Integration Method: HTTP Collector

Tables: HTTP Activity

DataBee Configuration

1. Start by adding the F5 datasource. Log into the DataBee console, navigate to the Data tab and click on Add Data Source. Search for F5 LTM and click it

2. Select HTTP Collector as the ingest mechanism

3. Fill in the basic contact information

4. Select the defaults on the next dialog box

5. Click on generate new API key. Save this API Key as it will be used later. Click Submit

6. Navigate back to the Data>Datasource tab and click on the newly created F5 LTM card and copy the ID. This is the datasource_id that will be used later.

7. From the console, navigate to the system

8. Go to the HTTP Collector box and copy the Endpoint URL. We will require the domain. In this example us-demo-2-api.demo.databee.buzz is the domain. It will be used at a later step. 

9. Navigate to “My Profile” and copy the Tenant ID value

BigIP Configuration

This integration leverages the DataBee HTTP collector. Events are sent via HTTPs. To leverage this transport mechanism, F5 telemetry streaming has to be set up.

In the sample diagram below, DVWA is the application protected by F5.

For more information on F5 telemetry streaming, refer to:

• https://clouddocs.f5.com/products/extensions/f5-telemetry-streaming/latest,

• https://clouddocs.f5.com/products/extensions/f5-telemetry-streaming/latest/userguide/event-listener.html#configure-logging-using-tmsh

Initial Setup

Downloading the RPM file

• Install Telemetry Streaming package into F5 BIG-IP. Refer to https://clouddocs.f5.com/products/extensions/f5-telemetry-streaming/latest/quick-start.html

• Navigate to iApps > Package Management LX and install the following packages:

  • F5-service-discovery
    https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/userguide/installation.html

  • F5-appsvcs
    https://github.com/F5Networks/f5-appsvcs-extension/releases/download/v3.53.0/f5-appsvcs-3.53.0-7.noarch.rpm

  • F5-telemetry https://clouddocs.f5.com/products/extensions/f5-telemetry-streaming/latest/installation.html

Configure Logging Manually

If you are using a standard BIG-IP system (one that does not have restrictions on the number of virtual servers like the Per-App VE), use the following guidance to initially configure the system.

1. Create an iRule (localhost forwarder).
   Local Traffic > iRules > iRule List

2. Create the virtual server for the local listener.
   Local Traffic > Virtual Servers > Virtual Server List

3. Create the pool.
   Local Traffic > Pools > Pool List

4. Create the Log Destination (Remote HSL):
   System > Logs > Configuration > Log Destinations

5. Create the Log Destination (Format):
   System > Logs > Configuration > Log Destinations

6. Create the Log Publisher:
   System > Logs > Configuration > Log Publisher

LTM Request Log profile

The Request Logging profile gives you the ability to configure data within a log file for HTTP requests and responses, in accordance with specified parameters.

Create an LTM Request Log Profile using the following TMSH command. Note: If you are creating the profile in the user interface, the \ are not required.

IMPORTANT: This step has been updated with the TS 1.18 release to include LTM response logging.

Create LTM Profile:

1. Create a LTM Request Log Profile:
   Local Traffic > Profiles > Other > Request Logging > New Request Logging Profile

2. Attach the profile to the virtual server:

Navigate to Local Traffic > Virtual Servers > Virtual Server List > [Virtual Server Name]
Go to Configuration: Advance search for “Request Logging Profile” add telemetry_traffic_log_profile

Declarations

This step is used to tell F5 BIGIP about the DataBee collector. It is pushed to F5 BigIP via a HTTP call. You will need to get the following information from DataBee. Refer to the DataBee configuration steps above

• HTTP domain - Only use the domain

• APIkey

• TenantID

• Datasource ID

Once you have this information, use a CURL command or tool like Postman to make the HTTP request.

CURL Command: 

• Replace the placeholders in the block below

  • F5 BigIP: <bigip_vm_username>, <bigip_vm_password>, <bigip_hostname>

  • DataBee: <Databee_http_collector_domain>, <API_Key_datasource>, <Databee_tenantid>, <Databee_datasrc_id>

curl -u <bigip_vm_username>:<bigip_vm_password> --location 'https: //<bigip_hostname>/mgmt/shared/telemetry/declare' \

--header 'Content-Type: application/json' \

--data '{

"class": "Telemetry",

"controls": {

"class": "Controls",

"logLevel": "debug"

},

"My_Listener": {

"class": "Telemetry_Listener",

"port": 6514

},

"DataBee_Consumer": {

"class": "Telemetry_Consumer",

"type": "Generic_HTTP",

"host": "<DataBee_http_collector_domain>",

"protocol": "https",

"path": "/http/ingest?v=1",

"headers": [

{

"name": "Authorization",

"value": "<API_Key_datasource>"

},

{

"name": "TenantID",

"value": "<DataBee_tenant_id>"

},

{

"name": "DatasourceID",

"value": "<DataBee_datasrc_id>"

}

]

}

}'

Postman

Body:

Replace the placeholders in the block below

• F5 BigIP: <bigip_vm_username>, <bigip_vm_password>, <bigip_hostname>

• DataBee: <Databee_http_collector_domain>, <API_Key_datasource>, <Databee_tenantid>, <Databee_datasrc_id>

{

"class": "Telemetry",

"controls": {

"class": "Controls",

"logLevel": "debug"

},

"My_Listener": {

"class": "Telemetry_Listener",

"port": 6514

},

"DataBee_Consumer": {

"class": "Telemetry_Consumer",

"type": "Generic_HTTP",

"host": "<Databee_http_collector_domain>",

"protocol": "https",

"path": "/http/ingest?v=1",

"headers": [

{

"name": "Authorization",

"value": "<API_Key_datasource>"

},

{

"name": "TenantID",

"value": "<Databee_tenant_id>"

},

{

"name": "DatasourceID",

"value": "<Databee_datasource_id >"

}

]

}

}

Optional step: Watch following path to verify that LTM logs have been generated:

tail -f /var/tmp/telemetry/