Frequently used tools for troubleshooting BIG-IP APM and Edge Gateway issues (10.x)

This article applies to BIG-IP APM version 10.x. For information about other versions, refer to the following article:

You can use many different tools and resources to troubleshoot issues for BIG-IP APM and Edge Gateway. The following list provides an overview of the most commonly used tools and resources.

The qkview utility

SOL1858: Overview of the qkview utility

Web Applications engine trace

SOL11125: Performing a web applications trace

Access Policy logging agent

SOL11253: Session variable logging within an access policy

Session variables

If you switch the log levels to Information for each individual session variable, you can see examples of internal session variables used in the /var/log/apm file. In addition, you can create your own customer session variables in the Access Policy.


You should not need to use iRules for general troubleshooting; however, in specialized cases you may be using them. For information about iRules, refer to the DevCentralsite.

Note: A separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).


You can access online help from the Configuration utility. In addition, the release notes for your version will have information regarding issues that are fixed in that release, outstanding issues, and new features.

Note: For more information, refer to the Configuration Guide for BIG-IP Access Policy Manager.

Logging level

The logging level for the Access Policy, SSO, and Web Applications can be increased on the System: Logs: Options page.

Important: Setting the log level to Information or debug will record a lot of data. F5 recommends that you avoid setting the log level that high on a production system. Increased logging levels should be reserved for testing and troubleshooting purposes only, to avoid increasing the load on the device.

Network trace

You can use the command line to take a network trace. To do so, perform the following procedure:

  1. Connect to the BIG-IP device using SSH.
  2. Type the following command:

    tcpdump -ni 0.0 -s0 -w /var/log/trace1

    This command will record all traffic on all interfaces and write it to the trace1 file.

  3. If you know the IP addresses of the backend servers and/or the self IPs of the VLANs, you can further limit the capture using the following command syntax:

    tcpdump -ni external -s0 host -w /var/log/trace1

    The trace files can be copied off the BIG-IP device with a utility, such as WinSCP.

Note: For more information, refer to SOL4714: Performing a packet trace and providing the results to F5 Networks Technical Support.

Log files

The following three logs files may be most relevant for troubleshooting purposes:

  • /var/log/apm
  • /var/log/rewrite0.log
  • /var/log/ltm

Web application packet log

You can inspect each packet that is sent using the Web Application resource. To do so, perform the following procedure:

  1. Log in to the BIG-IP Configuration utility.
  2. Navigate to the Access Policy: Web Applications: Web Applications List: Resource Items properties page.
  3. Change the Log drop-down menu to Packet.

    The logs are located in the /var/log/pktfilter file.

The mpidump utility

You can use the mpidump command to view product modules activity. It is especially useful in SSO and mixed module configuration debugging. To use the mpidumputility, perform the following procedure:

Note: The output from the mpidump utility may not be intuitively understandable, but is frequently requested by support engineers when you open a case.

  1. Connect to the BIG-IP device using SSH.
  2. Run the mpidump utility by typing the following command:

    mpidump -a -v -w /var/log/mtrace1

    Note: This command will save the output to the mtrace1 file in the /var/log directory.

  3. Optional: You can start a second SSH session to capture Single-Sign On sessions by typing the following command:

    mpidump -c “mem://websso” -v >/var/log/mtrace2

  4. Log in to the BIG-IP APM device from either a browser or your VPN client.
  5. Connect to the application or resource that you want to troubleshoot.
  6. Terminate the mpidump utility by pressing CONTL-C in the SSH connection.
  7. You can copy the file that was generated by the mpidump utility off the BIG-IP device with a utility, such as WinSCP for closer examination.

Admin Reports

You can use the Admin Reports utility feature of Access Policy Manager to view logon logs. To use Admin Reports, perform the following procedure:

  1. Connect to the BIG-IP device using SSH.
  2. Run the Admin Reports utility by typing the following command:

    /usr/bin/ -logonlogs

  3. If you are looking for a specific user’s session, you can grep for the user’s name with the following command:

Was this article helpful?

Related Articles

Leave A Comment?

You must be logged in to post a comment.