Troubleshooting Applications by Capturing Traffic

Overview: Troubleshooting applications by capturing traffic

This implementation describes how to set up the BIG-IP® system to collect application traffic so that you can troubleshoot problems that have become apparent by monitoring application statistics. For example, by examining captured requests and responses, you can investigate issues with latency, throughput, or reduced transactions per second to understand what is affecting application performance.

When Application Visibility and Reporting (AVR) is provisioned, you can create an analytics profile that includes traffic capturing instructions. The system can collect application traffic locally, remotely, or both. If the system is already monitoring applications, you can also update an existing analytics profile to make it so that it captures traffic.

The system logs the first 1000 transactions and displays charts based on the analysis of those transactions. To see additional application statistics, you can clear the existing data to display additional statistics.

Task Summary

Prerequisites for capturing application traffic

After you finish a basic networking configuration of the BIG-IP® system, you must complete the following tasks as prerequisites for setting up application statistics collection:

  • Provision Application Visibility and Reporting (AVR): System > Resource Provisioning
  • Create an iApps™ application service ( iApp > Application Services , or configure at least one virtual server with a pool pointing to one or more application servers.

You can set up the system for capturing traffic locally or remotely (or both).

Capturing traffic for troubleshooting

You can configure the BIG-IP® system to capture application traffic locally or remotely (on syslog servers or SIEM devices, such as Splunk). To do this, you create an Analytics profile designed for capturing traffic. The profile instructs the BIG-IP system to collect a portion of application traffic using the Application Visibility and Reporting module.

Note: You typically use traffic capturing if you notice an application issue, such as trouble with throughput or latency, discovered when examining application statistics, and want to troubleshoot the system by examining actual transactions.
  1. On the Main tab, click Local Traffic > Profiles > Analytics.
    Tip: If Analytics is not listed, this indicates that Application Visibility and Reporting (AVR) is not provisioned and you need to provision it first.

    The Analytics screen opens and lists all Analytics profiles that are on the system.

  2. Click Create. The New Analytics Profile screen opens.
  3. In the Profile Name field, type a name for the Analytics profile. Names must begin with a letter, and can contain only letters, numbers, and the underscore (_) character.
  4. To the right of the General Configuration area, click the Custom check box. The settings in the area become available for modification.
  5. For Traffic Capturing Logging Type, specify where to store captured traffic.
    Internal Stores traffic locally and you can view details on the Statistics: Captured Transactions screen. This option is selected by default.
    External Stores traffic on a remote logging server if one is already configured on your network. If you select this check box, configure the Remote Server IP Address and Server Port number.

    Tip: If you specify remote logging for multiple applications, you can use the Facility filter to sort the data for each.
  6. In the Included Objects area, specify the virtual servers for which to capture performance statistics:
    1. For the Virtual Servers setting, click Add. A popup lists the virtual servers that you can assign to the Analytics profile.
    2. From the Select Virtual Server popup list, select the virtual servers to include and click Done.
    Note: You need to have previously configured the virtual servers (with an HTTP profile) for them to appear in the list. Also, you can assign only one Analytics profile to a virtual server so only virtual servers that have not been assigned an Analytics profile are listed.
  7. In the Capture Filter area, from the Capture Requests and Capture Responses lists, select the options that indicate the part of the traffic to capture.
    None Specifies that the system does not capture request (or response) data.
    Header Specifies that the system captures request (or response) header data only.
    Body Specifies that the system captures the body of requests (or responses) only.
    All Specifies that the system captures all request (or response) data.
  8. Depending on the application, customize the remaining filter settings to capture the portion of traffic to use for troubleshooting.
    Tip: Focusing in on the data by limiting the type of information that is captured lets you troubleshoot particular areas of an application more quickly. For example, capture only requests or responses, specific status codes or methods, or headers containing a specific string.
  9. Click Finished.
The BIG-IP system captures the application traffic described by the Analytics profile for 1000 transactions (or until system limits are reached).

Note: System performance is affected when traffic is being captured.

Reviewing captured traffic

Before you can review captured traffic details on the BIG-IP® system, you need to have created an Analytics profile that is capturing application traffic internally. The settings you enable in the Capture Filter area of the profile determine what information the system captures. You need to associate the Analytics profile with one or more virtual servers, or with an iApps™ application service.
The system starts capturing application traffic as soon as you enable it on the Analytics profile. You can review the captured transactions locally on the BIG-IP system. The system logs the first 1000 transactions.
  1. On the Main tab, click Overview > Statistics > Captured Transactions. The Captured Transactions screen opens and lists all of the captured transactions.
  2. Optionally, use the Filter settings to limit which transactions are listed. For each setting you want change, perform these steps:
    1. Click Only.
    2. Click the adjacent field. A popup window opens listing items (that is, applications, virtual servers, pool members, and so on) from the captured traffic.
    3. Select the item whose traffic you want to examine.
  3. In the Captured Traffic area, click any transaction that you want to examine. Details of the request display on the screen below.
  4. Review the general details of the request.
    Tip: The general details, such as the response code or the size of the request and response, may help with troubleshooting.
  5. For more information, click Request or Response to view the contents of the actual transaction. Review the data for anything unexpected, and other details that will help with troubleshooting the application.
  6. On the Captured Transactions screen, click Clear All to clear the previously captured data and start collecting transactions again. The system captures up to 1000 transactions and displays them on the screen. Captured transactions are visible approximately 10 seconds after they occur.

Was this article helpful?

Related Articles

Leave A Comment?

You must be logged in to post a comment.