F5 BIG-IP LTM monitoring
Learn how to monitor F5 BIG-IP LTM devices using the F5 LTM ActiveGate extension.
Prerequisites
F5 BIG-IP LTM devices with iControl API support.
- Credentials for F5 admin account or non-admin account with
iControl_REST_API_Userrole. For F5 version 13.1+, any user with the access to the objects to monitor is sufficient. For more information, see K84925527: Overview of iControl permissions. - An Environment ActiveGate (version 1.155+) that has the ActiveGate plugin module installed, and isn't used for synthetic or mainframe monitoring.
- ActiveGate version 1.175+ is ready to accept and run extensions. If you are running an earlier version of ActiveGate, see Install ActiveGate plugin module for instructions on installing the plugin module.
- For Environment ActiveGate installation instructions, see Dynatrace ActiveGate.
One environment ActiveGate can typically support 30-50 F5 LTM devices.
Extension installation
-
In the Dynatrace menu, go to Hub.
-
Find and select F5 BIG-IP LTM.
-
Select Download to get the extension ZIP file. Don't rename the file.
-
Unzip the ZIP file to the
plugin_deploymentdirectory of your ActiveGate host. -
Restart the Dynatrace Remote Plugin Module service.
- On Linux, restart the service using the following commands with admin rights:
1systemctl restart remotepluginmodule.service
- On Windows, run these two commands in a Command Prompt launched as Admin:
1sc stop "Dynatrace Remote Plugin Module"2sc start "Dynatrace Remote Plugin Module"
- On Linux, restart the service using the following commands with admin rights:
-
In Dynatrace, select Settings, Add new technology monitoring, and Add ActiveGate extension.
-
Select Upload extension and upload
custom.remote.python.f5rest.zip. -
Enter the endpoint information requested for connecting to F5 device:
Setting Details Endpoint name
Enter a meaningful endpoint name.
Username
The username for connecting to the iControl REST API. The account must be an admin account or non-admin account with the
iControl_REST_API_Userrole).Password
The account password.
Use token authentication
Use token authentication instead of direct connection (required for LDAP-integrated and non-admin users, but may also be used with admin accounts).
Hostname/IP of management interface
The hostname/IP where the management interface is listening, defaults to port
443(HTTPS).Require a valid SSL certificate
Select if a valid SSL certificate is required. Note that even if the certificate validation is disabled the extension will still communicate via HTTPS, if the device is configured for that.
Path to a
CA_BUNDLEfile or directoryThe absolute path to self-signed certificates of trusted CAs.
Enable debug logging
Select this only if a Dynatrace product expert requests it to investigate an issue.
Comma-separated virtual servers
Allows for filtering of the virtual servers that are to be monitored.
Comma-separated pools
Allows for filtering of the pools that are to be monitored.
Comma-separated nodes
Allows for filtering of the nodes that are to be monitored.
Comma-separated rules
Allows for filtering of the rules that are to be monitored.
Comma-separated profiles
Allows for filtering of the profiles that are to be monitored.
Comma-separated interfaces
Allows for filtering of the interfaces that are to be monitored.
Comma-separated partitions
Allows for filtering of the partitions that are to be monitored.
Comma-separated additional IPs
Allows for filtering of any additional IPs that are to be monitored.
Name of the group
If the device is part of a cluster, type the name here to group the devices in the Dynatrace web UI.
Troubleshoot ActiveGate extensions
-
404 error when connecting to F5?
Starting in BIG-IP 11.6.0, a non-admin user account may be granted with the minimum permissions required to successfully query the iControl API (
iControl_REST_API_Userrole). This role may be granted by a BIG-IP admin, using the following command:1curl -sk -u <admin_username>:<admin_password> https://localhost/mgmt/shared/authz/roles/iControl_REST_API_User -H "Content-Type: application/json" -X PATCH -d '{ "userReferences":[{"link":"https://localhost/mgmt/shared/authz/users/<username>"}]}'
See also Troubleshoot ActiveGate extensions.
Metrics
The IP address of all network interfaces and the ports used by the services are automatically captured, as are the following metrics:
Device
Availability
Virtual servers (split by virtual server)
Status
Requests
Ephemeral/client-side connections
Ephemeral/client-side received bytes
Ephemeral/client-side transmitted bytes
Ephemeral/client-side received packets
Ephemeral/client-side transmitted packets
Ephemeral/client-side slow killed
Ephemeral/client-side evicted connections
CPU usage
Syncookie accepts
Syncookie rejects
Pools (split by pool)
Status
Requests
Connections
Received bytes
Transmitted bytes
Received packets
Transmitted packets
Member count
Current sessions
Nodes (split by node)
Status
Requests
Connections
Received bytes
Transmitted bytes
Received packets
Transmitted packets
Rules (split by rule)
Executions
Aborts
Failures
Network interfaces (split by interface)
Status
Received bytes
Transmitted bytes
Received packets
Transmitted packets
Dropped packages
Errors
Client and server SSL (split by profile)
Common connections
Native connections
Fatal alerts
Secure handshakes
Handshake failures
Insecure handshake accepts
Insecure handshake rejects
Insecure renegotiation rejects
Requests (split by protocol)
Disks (split by disks)
Free
Used
Reserved
CPU (split by CPUs)
Idle
IO wait
IRQ
Soft IRQ
Stolen
System
User
Memory
Total
Used
HTTP stats (split by profiles)
GET/POST requests
2xx responses
3xx responses
4xx responses
5xx responses