If left on the ACE Web Application Firewall Manager of a busy ACE Web Application Firewall system, performance data is eventually lost. When the amount of performance data reaches the Manager’s capacity, the oldest information is deleted to make space for new information. If you need to retain information indefinitely, you can export performance information to a file.
Chapter 14 Monitoring System Status
Monitoring Performance
In addition to providing a mechanism for saving performance data indefinitely, the performance data export feature provides access to richer information than that provided in the Performance Monitor interface, with additional statistical categories for message processing times.
Performance data can be exported as XML data or to a comma-separated values (CSV) file. As in the Performance Monitor, statistics in the exported file are grouped by handler.
Note When viewing performance monitor, note that handlers that have been moved between subpolicies are identified by internal object number, rather than by handler name, for their activity in the former subpolicy.
It is important to note that the information in exported files is presented differently from the performance monitor. The exported performance information should be considered raw data, in that it is not processed or organized for human-readability.
Note the following differences between exported data and the performance monitor:
• Virtual services that have received traffic in the selected time frame are listed in the file. Virtual services that have not received requests do not appear in the generated file.
• The performance monitor shows message processing totals for each handler group. The exported file does not show total values in the same way; instead, it contains a record for each virtual service. If identity reporting is enabled, it contains a record for each identity that accessed the service, with a request count for that identity.
• The exported data file includes records for requests that were not serviced due to an error. They are indicated by an error count field with a value greater than 1.
• In addition to the time to first byte measurement shown in the Performance Monitor, the exported file shows measurements for time-to-last-byte for each request and response.
To export performance data to an XML or CSV file:
Step 1 While logged into the web console as an Administrator user, Privileged user, or Policy View user, click
the Performance Monitor link in the Reports & Tools section of the navigation menu.
Step 2 Use the Firewall and time controls to filter the information to be exported to the exported file. In addition to affecting the view in the Performance Monitor, the filter controls, such as time spans, control what information is exported to a file.
Step 3 Click Update View.
Step 4 Choose the format of the output file, either:
• XML, for an XML format file
• CSV, for a comma delimited file
This choice does not affect what information is generated, only its format.
Step 5 Click Export Raw Data.
Step 6 In the File Save dialog, choose a file location and name for saving the export file.
After you save it, the file is generated and downloaded to the file location you specified. The exported file contains all of the information shown in the Performance Monitor, plus some additional statistical categories. This information includes message error counts, such as access failures,
Chapter 14 Monitoring System Status Monitoring Performance
The XML file indicates the time frame represented by the data in the file with the Report element. The
element has a queryStartTime and queryEndTime attribute, which indicates the time period for which
performance data was captured for the file.
The file provides extensive details on time-based performance measures. Note the following points on this performance data:
• Message timings are shown in microseconds (the Performance Monitor shows time in milliseconds).
• Time measurements include the following statistics:
– Time-to-first byte (TTFirst) is the time from when the Firewall receives the first byte of a message, off the network, until the time it starts sending the first byte of the message. The times shown in the Performance Monitor are time-to-first byte.
– Time-to-last byte (TTLast) is the time from when the Firewall receives the last byte of a message until it sends the last byte of the message
In the names of the statistics categories, you can determine the message processing stage measured by the following identifiers:
• Req is the request processing time, the amount of time the ACE Web Application Firewall spends
processing the consumer request. An example is MinReqTTFirst.
• Resp is the response processing time, the amount of time the ACE Web Application Firewall spends
processing the response from the backend service. An example is MinRespTTFirst.
• Source is the backend message roundtrip time, from when the outgoing request is sent to the service
until the response is received back from the service. An example is MinSourceTTFirst. • Roundtrip is the total message processing time, which includes request processing, response
processing, and the roundtrip to the backend service. An example is MinRoundtripTTFirst.
C H A P T E R