STATE_DISABLEDSTATE_ENABLEDANOMALY_TPS_BASEDANOMALY_LATENCY_BASEDOPERATION_MODE_UNKNOWNOPERATION_MODE_OFFOPERATION_MODE_TRANSPARENTOPERATION_MODE_BLOCKINGNETWORK_ATTACK_VECTOR_UNKNOWNNETWORK_ATTACK_VECTOR_TCP_SYN_FLOODNETWORK_ATTACK_VECTOR_TCP_RST_FLOODNETWORK_ATTACK_VECTOR_UDP_FLOODNETWORK_ATTACK_VECTOR_IP_OPT_FRAMESNETWORK_ATTACK_VECTOR_IP_FRAG_FLOODNETWORK_ATTACK_VECTOR_TOO_MANY_EXT_HDRSNETWORK_ATTACK_VECTOR_EXT_HDR_TOO_LARGENETWORK_ATTACK_VECTOR_IP_LOW_TTLNETWORK_ATTACK_VECTOR_HOP_CNT_LOWNETWORK_ATTACK_VECTOR_IPV6_EXT_HDR_FRAMESNETWORK_ATTACK_VECTOR_IPV6_FRAG_FLOODNETWORK_ATTACK_VECTOR_UNK_TCP_OPT_TYPENETWORK_ATTACK_VECTOR_OPT_PRESENT_WITH_ILLEGAL_LENNETWORK_ATTACK_VECTOR_TCP_OPT_OVERRUNS_TCP_HDRNETWORK_ATTACK_VECTOR_TCP_SYNACK_FLOODNETWORK_ATTACK_VECTOR_ICMPV4_FLOODNETWORK_ATTACK_VECTOR_ICMP_FRAGNETWORK_ATTACK_VECTOR_ICMPV6_FLOODNETWORK_ATTACK_VECTOR_HOST_UNREACHABLENETWORK_ATTACK_VECTOR_TIDCMPNETWORK_ATTACK_VECTOR_SWEEPNETWORK_ATTACK_VECTOR_TCP_BAD_URGENTNETWORK_ATTACK_VECTOR_TCP_WINDOW_SIZENETWORK_ATTACK_VECTOR_TCP_SYN_OVERSIZESTATISTIC_NO_NODE_ERRORSSTATISTIC_MINIMUM_CONNECTION_DURATIONSTATISTIC_MEAN_CONNECTION_DURATIONSTATISTIC_MAXIMUM_CONNECTION_DURATIONSTATISTIC_TOTAL_REQUESTSSTATISTIC_TOTAL_PVA_ASSISTED_CONNECTIONSSTATISTIC_CURRENT_PVA_ASSISTED_CONNECTIONSSTATISTIC_TIMEOUTSSTATISTIC_COLLISIONSSTATISTIC_DROPPED_PACKETS_INSTATISTIC_DROPPED_PACKETS_OUTSTATISTIC_DROPPED_PACKETS_TOTALSTATISTIC_ERRORS_INSTATISTIC_ERRORS_OUTSTATISTIC_TM_TOTAL_CYCLESSTATISTIC_TM_IDLE_CYCLESSTATISTIC_TM_SLEEP_CYCLESSTATISTIC_MAINTENANCE_MODE_DENIALSSTATISTIC_VIRTUAL_ADDRESS_MAXIMUM_CONNECTION_DENIALSSTATISTIC_VIRTUAL_SERVER_MAXIMUM_CONNECTION_DENIALSSTATISTIC_VIRTUAL_SERVER_NON_SYN_DENIALSSTATISTIC_NO_HANDLER_DENIALSSTATISTIC_LICENSE_DENIALSSTATISTIC_CONNECTION_FAILED_MEMORY_ERRORSSTATISTIC_ACTIVE_CPU_COUNTSTATISTIC_MULTI_PROCESSOR_MODESTATISTIC_MEMORY_TOTAL_BYTESSTATISTIC_MEMORY_USED_BYTESSTATISTIC_IP_TRANSMITTED_PACKETSSTATISTIC_IP_RECEIVED_PACKETSSTATISTIC_IP_DROPPED_PACKETSSTATISTIC_IP_TRANSMITTED_FRAGMENTSSTATISTIC_IP_DROPPED_TRANSMITTED_FRAGMENTSSTATISTIC_IP_RECEIVED_FRAGMENTSSTATISTIC_IP_DROPPED_RECEIVED_FRAGMENTSSTATISTIC_IP_REASSEMBLED_PACKETSSTATISTIC_IP_INVALID_CHECKSUM_ERRORSSTATISTIC_IP_INVALID_LENGTH_ERRORSSTATISTIC_IP_MEMORY_ERRORSSTATISTIC_IP_RETRANSMITTED_ERRORSSTATISTIC_IP_INVALID_PROTOCOL_ERRORSSTATISTIC_IP_OPTIONS_ERRORSSTATISTIC_IP_REASSEMBLED_TOO_LONG_ERRORSSTATISTIC_IPV6_TRANSMITTED_PACKETSSTATISTIC_IPV6_RECEIVED_PACKETSSTATISTIC_IPV6_DROPPED_PACKETSSTATISTIC_IPV6_TRANSMITTED_FRAGMENTSSTATISTIC_IPV6_DROPPED_TRANSMITTED_FRAGMENTSSTATISTIC_IPV6_RECEIVED_FRAGMENTSSTATISTIC_IPV6_DROPPED_RECEIVED_FRAGMENTSSTATISTIC_IPV6_REASSEMBLED_PACKETSSTATISTIC_IPV6_INVALID_CHECKSUM_ERRORSSTATISTIC_IPV6_INVALID_LENGTH_ERRORSSTATISTIC_IPV6_MEMORY_ERRORSSTATISTIC_IPV6_RETRANSMITTED_ERRORSSTATISTIC_IPV6_INVALID_PROTOCOL_ERRORSSTATISTIC_IPV6_OPTIONS_ERRORSSTATISTIC_IPV6_REASSEMBLED_TOO_LONG_ERRORSSTATISTIC_ICMP_TRANSMITTED_PACKETSSTATISTIC_ICMP_RETRANSMITTED_PACKETSSTATISTIC_ICMP_RECEIVED_PACKETSSTATISTIC_ICMP_FORWARDED_PACKETSSTATISTIC_ICMP_DROPPED_PACKETSSTATISTIC_ICMP_INVALID_CHECKSUM_ERRORSSTATISTIC_ICMP_INVALID_LENGTH_ERRORSSTATISTIC_ICMP_MEMORY_ERRORSSTATISTIC_ICMP_RETRANSMITTED_ERRORSSTATISTIC_ICMP_INVALID_PROTOCOL_ERRORSSTATISTIC_ICMP_OPTIONS_ERRORSSTATISTIC_ICMP_OTHER_ERRORSSTATISTIC_ICMPV6_TRANSMITTED_PACKETSSTATISTIC_ICMPV6_RETRANSMITTED_PACKETSSTATISTIC_ICMPV6_RECEIVED_PACKETSSTATISTIC_ICMPV6_FORWARDED_PACKETSSTATISTIC_ICMPV6_DROPPED_PACKETSSTATISTIC_ICMPV6_INVALID_CHECKSUM_ERRORSSTATISTIC_ICMPV6_INVALID_LENGTH_ERRORSSTATISTIC_ICMPV6_MEMORY_ERRORSSTATISTIC_ICMPV6_RETRANSMITTED_ERRORSSTATISTIC_ICMPV6_INVALID_PROTOCOL_ERRORSSTATISTIC_ICMPV6_OPTIONS_ERRORSSTATISTIC_ICMPV6_OTHER_ERRORSSTATISTIC_UDP_OPEN_CONNECTIONSSTATISTIC_UDP_ACCEPTED_CONNECTIONSSTATISTIC_UDP_ACCEPT_FAILURESSTATISTIC_UDP_ESTABLISHED_CONNECTIONSSTATISTIC_UDP_CONNECTION_FAILURESSTATISTIC_UDP_EXPIRED_CONNECTIONSSTATISTIC_UDP_TRANSMITTED_DATAGRAMSSTATISTIC_UDP_RECEIVED_DATAGRAMSSTATISTIC_UDP_RECEIVED_MALFORMED_DATAGRAMSSTATISTIC_UDP_RECEIVED_UNREACHABLE_ICMP_DATAGRAMSSTATISTIC_UDP_RECEIVED_BAD_CHECKSUM_DATAGRAMSSTATISTIC_UDP_RECEIVED_NO_CHECKSUM_DATAGRAMSSTATISTIC_TCP_OPEN_CONNECTIONSSTATISTIC_TCP_CLOSE_WAIT_CONNECTIONSSTATISTIC_TCP_FIN_WAIT_CONNECTIONSSTATISTIC_TCP_TIME_WAIT_CONNECTIONSSTATISTIC_TCP_ACCEPTED_CONNECTIONSSTATISTIC_TCP_ACCEPT_FAILURESSTATISTIC_TCP_ESTABLISHED_CONNECTIONSSTATISTIC_TCP_CONNECTION_FAILURESSTATISTIC_TCP_EXPIRED_CONNECTIONSSTATISTIC_TCP_ABANDONED_CONNECTIONSSTATISTIC_TCP_RECEIVED_RESETSSTATISTIC_TCP_RECEIVED_BAD_CHECKSUMSSTATISTIC_TCP_RECEIVED_BAD_SEGMENTSSTATISTIC_TCP_RECEIVED_OUT_OF_ORDER_SEGMENTSSTATISTIC_TCP_RECEIVED_SYN_COOKIESSTATISTIC_TCP_RECEIVED_BAD_SYN_COOKIESSTATISTIC_TCP_SYN_CACHE_OVERFLOWSSTATISTIC_TCP_RETRANSMITTED_SEGMENTSSTATISTIC_BYTES_INSTATISTIC_BYTES_OUTSTATISTIC_PACKETS_INSTATISTIC_PACKETS_OUTSTATISTIC_MULTICASTS_INSTATISTIC_MULTICASTS_OUTSTATISTIC_EPHEMERAL_BYTES_INSTATISTIC_EPHEMERAL_BYTES_OUTSTATISTIC_EPHEMERAL_PACKETS_INSTATISTIC_EPHEMERAL_PACKETS_OUTSTATISTIC_EPHEMERAL_CURRENT_CONNECTIONSSTATISTIC_EPHEMERAL_MAXIMUM_CONNECTIONSSTATISTIC_EPHEMERAL_TOTAL_CONNECTIONSSTATISTIC_CLIENT_SIDE_BYTES_INSTATISTIC_CLIENT_SIDE_BYTES_OUTSTATISTIC_CLIENT_SIDE_PACKETS_INSTATISTIC_CLIENT_SIDE_PACKETS_OUTSTATISTIC_CLIENT_SIDE_CURRENT_CONNECTIONSSTATISTIC_CLIENT_SIDE_MAXIMUM_CONNECTIONSSTATISTIC_CLIENT_SIDE_TOTAL_CONNECTIONSSTATISTIC_PVA_CLIENT_SIDE_BYTES_INSTATISTIC_PVA_CLIENT_SIDE_BYTES_OUTSTATISTIC_PVA_CLIENT_SIDE_PACKETS_INSTATISTIC_PVA_CLIENT_SIDE_PACKETS_OUTSTATISTIC_PVA_CLIENT_SIDE_CURRENT_CONNECTIONSSTATISTIC_PVA_CLIENT_SIDE_MAXIMUM_CONNECTIONSSTATISTIC_PVA_CLIENT_SIDE_TOTAL_CONNECTIONSSTATISTIC_SERVER_SIDE_BYTES_INSTATISTIC_SERVER_SIDE_BYTES_OUTSTATISTIC_SERVER_SIDE_PACKETS_INSTATISTIC_SERVER_SIDE_PACKETS_OUTSTATISTIC_SERVER_SIDE_CURRENT_CONNECTIONSSTATISTIC_SERVER_SIDE_MAXIMUM_CONNECTIONSSTATISTIC_SERVER_SIDE_TOTAL_CONNECTIONSSTATISTIC_PVA_SERVER_SIDE_BYTES_INSTATISTIC_PVA_SERVER_SIDE_BYTES_OUTSTATISTIC_PVA_SERVER_SIDE_PACKETS_INSTATISTIC_PVA_SERVER_SIDE_PACKETS_OUTSTATISTIC_PVA_SERVER_SIDE_CURRENT_CONNECTIONSSTATISTIC_PVA_SERVER_SIDE_MAXIMUM_CONNECTIONSSTATISTIC_PVA_SERVER_SIDE_TOTAL_CONNECTIONSSTATISTIC_PACKET_FILTER_HITSSTATISTIC_STREAM_REPLACEMENTSSTATISTIC_ONECONNECT_CURRENT_IDLE_CONNECTIONSSTATISTIC_ONECONNECT_MAXIMUM_IDLE_CONNECTIONSSTATISTIC_ONECONNECT_TOTAL_REUSESSTATISTIC_ONECONNECT_NEW_CONNECTIONSSTATISTIC_RATE_CLASS_BYTES_AT_BASE_RATESTATISTIC_RATE_CLASS_BYTES_DURING_BURSTSTATISTIC_RATE_CLASS_BYTES_DROPPEDSTATISTIC_RATE_CLASS_BYTES_QUEUEDSTATISTIC_RATE_CLASS_BYTES_PER_SECSTATISTIC_RULE_FAILURESSTATISTIC_RULE_ABORTSSTATISTIC_RULE_TOTAL_EXECUTIONSSTATISTIC_RULE_AVERAGE_CYCLESSTATISTIC_RULE_MAXIMUM_CYCLESSTATISTIC_RULE_MINIMUM_CYCLESSTATISTIC_HTTP_COOKIE_PERSIST_INSERTSSTATISTIC_HTTP_2XX_RESPONSESSTATISTIC_HTTP_3XX_RESPONSESSTATISTIC_HTTP_4XX_RESPONSESSTATISTIC_HTTP_5XX_RESPONSESSTATISTIC_HTTP_TOTAL_REQUESTSSTATISTIC_HTTP_GET_REQUESTSSTATISTIC_HTTP_POST_REQUESTSSTATISTIC_HTTP_V9_REQUESTSSTATISTIC_HTTP_V10_REQUESTSSTATISTIC_HTTP_V11_REQUESTSSTATISTIC_HTTP_V9_RESPONSESSTATISTIC_HTTP_V10_RESPONSESSTATISTIC_HTTP_V11_RESPONSESSTATISTIC_HTTP_MAXIMUM_KEEPALIVE_REQUESTSSTATISTIC_HTTP_BUCKET_1K_RESPONSESSTATISTIC_HTTP_BUCKET_4K_RESPONSESSTATISTIC_HTTP_BUCKET_16K_RESPONSESSTATISTIC_HTTP_BUCKET_32K_RESPONSESSTATISTIC_HTTP_BUCKET_64K_RESPONSESSTATISTIC_HTTP_PRE_COMPRESSION_BYTESSTATISTIC_HTTP_POST_COMPRESSION_BYTESSTATISTIC_HTTP_NULL_COMPRESSION_BYTESSTATISTIC_HTTP_HTML_PRE_COMPRESSION_BYTESSTATISTIC_HTTP_HTML_POST_COMPRESSION_BYTESSTATISTIC_HTTP_CSS_PRE_COMPRESSION_BYTESSTATISTIC_HTTP_CSS_POST_COMPRESSION_BYTESSTATISTIC_HTTP_JS_PRE_COMPRESSION_BYTESSTATISTIC_HTTP_JS_POST_COMPRESSION_BYTESSTATISTIC_HTTP_XML_PRE_COMPRESSION_BYTESSTATISTIC_HTTP_XML_POST_COMPRESSION_BYTESSTATISTIC_HTTP_SGML_PRE_COMPRESSION_BYTESSTATISTIC_HTTP_SGML_POST_COMPRESSION_BYTESSTATISTIC_HTTP_PLAIN_PRE_COMPRESSION_BYTESSTATISTIC_HTTP_PLAIN_POST_COMPRESSION_BYTESSTATISTIC_HTTP_OCTET_PRE_COMPRESSION_BYTESSTATISTIC_HTTP_OCTET_POST_COMPRESSION_BYTESSTATISTIC_HTTP_IMAGE_PRE_COMPRESSION_BYTESSTATISTIC_HTTP_IMAGE_POST_COMPRESSION_BYTESSTATISTIC_HTTP_VIDEO_PRE_COMPRESSION_BYTESSTATISTIC_HTTP_VIDEO_POST_COMPRESSION_BYTESSTATISTIC_HTTP_AUDIO_PRE_COMPRESSION_BYTESSTATISTIC_HTTP_AUDIO_POST_COMPRESSION_BYTESSTATISTIC_HTTP_OTHER_PRE_COMPRESSION_BYTESSTATISTIC_HTTP_OTHER_POST_COMPRESSION_BYTESSTATISTIC_SSL_CACHE_CURRENT_ENTRIESSTATISTIC_SSL_CACHE_MAXIMUM_ENTRIESSTATISTIC_SSL_CACHE_OVERFLOWSSTATISTIC_SSL_CIPHER_ADH_KEY_EXCHANGESTATISTIC_SSL_CIPHER_DH_DSS_KEY_EXCHANGESTATISTIC_SSL_CIPHER_DH_RSA_KEY_EXCHANGESTATISTIC_SSL_CIPHER_DSS_KEY_EXCHANGESTATISTIC_SSL_CIPHER_EDH_DSS_KEY_EXCHANGESTATISTIC_SSL_CIPHER_EDH_RSA_KEY_EXCHANGESTATISTIC_SSL_CIPHER_RSA_KEY_EXCHANGESTATISTIC_SSL_CIPHER_NULL_BULKSTATISTIC_SSL_CIPHER_AES_BULKSTATISTIC_SSL_CIPHER_DES_BULKSTATISTIC_SSL_CIPHER_IDEA_BULKSTATISTIC_SSL_CIPHER_RC2_BULKSTATISTIC_SSL_CIPHER_RC4_BULKSTATISTIC_SSL_CIPHER_NULL_DIGESTSTATISTIC_SSL_CIPHER_MD5_DIGESTSTATISTIC_SSL_CIPHER_SHA_DIGESTSTATISTIC_SSL_PROTOCOL_SSLV2STATISTIC_SSL_PROTOCOL_SSLV3STATISTIC_SSL_PROTOCOL_TLSV1STATISTIC_SSL_COMMON_CURRENT_CONNECTIONSSTATISTIC_SSL_COMMON_MAXIMUM_CONNECTIONSSTATISTIC_SSL_COMMON_CURRENT_NATIVE_CONNECTIONSSTATISTIC_SSL_COMMON_MAXIMUM_NATIVE_CONNECTIONSSTATISTIC_SSL_COMMON_TOTAL_NATIVE_CONNECTIONSSTATISTIC_SSL_COMMON_CURRENT_COMPATIBLE_MODE_CONNECTIONSSTATISTIC_SSL_COMMON_MAXIMUM_COMPATIBLE_MODE_CONNECTIONSSTATISTIC_SSL_COMMON_TOTAL_COMPATIBLE_MODE_CONNECTIONSSTATISTIC_SSL_COMMON_ENCRYPTED_BYTES_INSTATISTIC_SSL_COMMON_ENCRYPTED_BYTES_OUTSTATISTIC_SSL_COMMON_DECRYPTED_BYTES_INSTATISTIC_SSL_COMMON_DECRYPTED_BYTES_OUTSTATISTIC_SSL_COMMON_RECORDS_INSTATISTIC_SSL_COMMON_RECORDS_OUTSTATISTIC_SSL_COMMON_FULLY_HW_ACCELERATED_CONNECTIONSSTATISTIC_SSL_COMMON_PARTIALLY_HW_ACCELERATED_CONNECTIONSSTATISTIC_SSL_COMMON_NON_HW_ACCELERATED_CONNECTIONSSTATISTIC_SSL_COMMON_PREMATURE_DISCONNECTSSTATISTIC_SSL_COMMON_MIDSTREAM_RENEGOTIATIONSSTATISTIC_SSL_COMMON_SESSION_CACHE_CURRENT_ENTRIESSTATISTIC_SSL_COMMON_SESSION_CACHE_HITSSTATISTIC_SSL_COMMON_SESSION_CACHE_LOOKUPSSTATISTIC_SSL_COMMON_SESSION_CACHE_OVERFLOWSSTATISTIC_SSL_COMMON_SESSION_CACHE_INVALIDATIONSSTATISTIC_SSL_COMMON_VALID_PEER_CERTIFICATESSTATISTIC_SSL_COMMON_INVALID_PEER_CERTIFICATESSTATISTIC_SSL_COMMON_NO_PEER_CERTIFICATESSTATISTIC_SSL_COMMON_HANDSHAKE_FAILURESSTATISTIC_SSL_COMMON_BAD_RECORDSSTATISTIC_SSL_COMMON_FATAL_ALERTSSTATISTIC_AUTH_TOTAL_SESSIONSSTATISTIC_AUTH_CURRENT_SESSIONSSTATISTIC_AUTH_MAXIMUM_SESSIONSSTATISTIC_AUTH_SUCCESS_RESULTSSTATISTIC_AUTH_FAILURE_RESULTSSTATISTIC_AUTH_WANT_CREDENTIAL_RESULTSSTATISTIC_AUTH_ERROR_RESULTSSTATISTIC_XML_TOTAL_ERRORSSTATISTIC_FAST_HTTP_CLIENT_SYN_COOKIESSTATISTIC_FAST_HTTP_CLIENT_ACCEPTSSTATISTIC_FAST_HTTP_SERVER_CONNECTSSTATISTIC_FAST_HTTP_CONNECTION_POOL_CURRENT_SIZESTATISTIC_FAST_HTTP_CONNECTION_POOL_MAXIMUM_SIZESTATISTIC_FAST_HTTP_CONNECTION_POOL_REUSESSTATISTIC_FAST_HTTP_CONNECTION_POOL_EXHAUSTEDSTATISTIC_FAST_HTTP_TOTAL_REQUESTSSTATISTIC_FAST_HTTP_UNBUFFERED_REQUESTSSTATISTIC_FAST_HTTP_GET_REQUESTSSTATISTIC_FAST_HTTP_POST_REQUESTSSTATISTIC_FAST_HTTP_V9_REQUESTSSTATISTIC_FAST_HTTP_V10_REQUESTSSTATISTIC_FAST_HTTP_V11_REQUESTSSTATISTIC_FAST_HTTP_2XX_RESPONSESSTATISTIC_FAST_HTTP_3XX_RESPONSESSTATISTIC_FAST_HTTP_4XX_RESPONSESSTATISTIC_FAST_HTTP_5XX_RESPONSESSTATISTIC_FAST_HTTP_REQUEST_PARSE_ERRORSSTATISTIC_FAST_HTTP_RESPONSE_PARSE_ERRORSSTATISTIC_FAST_HTTP_CLIENTSIDE_BAD_SEGMENTSSTATISTIC_FAST_HTTP_SERVERSIDE_BAD_SEGMENTSSTATISTIC_FAST_HTTP_PIPELINED_REQUESTSSTATISTIC_SSL_COMMON_NOT_SSL_HANDSHAKE_FAILURESSTATISTIC_HTTP_RAM_CACHE_HITSSTATISTIC_HTTP_RAM_CACHE_MISSESSTATISTIC_HTTP_RAM_CACHE_TOTAL_MISSESSTATISTIC_HTTP_RAM_CACHE_HIT_BYTESSTATISTIC_HTTP_RAM_CACHE_MISS_BYTESSTATISTIC_HTTP_RAM_CACHE_TOTAL_MISS_BYTESSTATISTIC_HTTP_RAM_CACHE_SIZESTATISTIC_HTTP_RAM_CACHE_COUNTSTATISTIC_HTTP_RAM_CACHE_EVICTIONSSTATISTIC_VCOMPRESSION_QUEUED_BYTESSTATISTIC_VCOMPRESSION_PRE_COMPRESSION_BYTESSTATISTIC_VCOMPRESSION_POST_COMPRESSION_BYTESSTATISTIC_VCOMPRESSION_TOTAL_STREAMSSTATISTIC_VCOMPRESSION_CURRENT_STREAMSSTATISTIC_IIOP_TOTAL_REQUESTSSTATISTIC_IIOP_TOTAL_RESPONSESSTATISTIC_IIOP_TOTAL_CANCELSSTATISTIC_IIOP_TOTAL_ERRORSSTATISTIC_IIOP_TOTAL_FRAGMENTSSTATISTIC_RTSP_TOTAL_REQUESTSSTATISTIC_RTSP_TOTAL_RESPONSESSTATISTIC_RTSP_TOTAL_ERRORSSTATISTIC_RTSP_TOTAL_INTERLEAVED_DATASTATISTIC_GTM_METRICS_CPU_USAGESTATISTIC_GTM_METRICS_MEMORY_AVAILABLESTATISTIC_GTM_METRICS_BITS_PER_SECOND_INSTATISTIC_GTM_METRICS_BITS_PER_SECOND_OUTSTATISTIC_GTM_METRICS_PACKETS_PER_SECOND_INSTATISTIC_GTM_METRICS_PACKETS_PER_SECOND_OUTSTATISTIC_GTM_METRICS_TOTAL_CONNECTIONSSTATISTIC_GTM_METRICS_TOTAL_CONNECTION_RATESTATISTIC_GTM_LINK_TOTAL_BIT_RATESTATISTIC_GTM_LINK_TOTAL_GATEWAY_BIT_RATESTATISTIC_GTM_LINK_INBOUND_GATEWAY_BIT_RATESTATISTIC_GTM_LINK_OUTBOUND_GATEWAY_BIT_RATESTATISTIC_GTM_LINK_TOTAL_VS_BIT_RATESTATISTIC_GTM_LINK_INBOUND_VS_BIT_RATESTATISTIC_GTM_LINK_OUTBOUND_VS_BIT_RATESTATISTIC_GTM_LINK_TOTAL_INBOUND_BIT_RATESTATISTIC_GTM_LINK_TOTAL_OUTBOUND_BIT_RATESTATISTIC_GTM_LINK_LCS_OUTSTATISTIC_GTM_LINK_LCS_INSTATISTIC_GTM_POOL_PREFERRED_LB_METHODSSTATISTIC_GTM_POOL_ALTERNATE_LB_METHODSSTATISTIC_GTM_POOL_FALLBACK_LB_METHODSSTATISTIC_GTM_POOL_DROPPED_CONNECTIONSSTATISTIC_GTM_POOL_EXPLICIT_IPSTATISTIC_GTM_POOL_RETURN_TO_DNSSTATISTIC_GTM_POOL_MEMBER_PREFERRED_LB_METHODSSTATISTIC_GTM_POOL_MEMBER_ALTERNATE_LB_METHODSSTATISTIC_GTM_POOL_MEMBER_FALLBACK_LB_METHODSSTATISTIC_GTM_SERVER_VS_PICKSSTATISTIC_GTM_VIRTUAL_SERVER_PICKSSTATISTIC_GTM_WIDEIP_REQUESTSSTATISTIC_GTM_WIDEIP_RESOLUTIONSSTATISTIC_GTM_WIDEIP_PERSISTEDSTATISTIC_GTM_WIDEIP_PREFERRED_LB_METHODSSTATISTIC_GTM_WIDEIP_ALTERNATE_LB_METHODSSTATISTIC_GTM_WIDEIP_FALLBACK_LB_METHODSSTATISTIC_GTM_WIDEIP_DROPPED_CONNECTIONSSTATISTIC_GTM_WIDEIP_EXPLICIT_IPSTATISTIC_GTM_WIDEIP_RETURN_TO_DNSSTATISTIC_GTM_MEMORY_TOTAL_BYTESSTATISTIC_GTM_MEMORY_USED_BYTESSTATISTIC_GTM_IQUERY_RECONNECTSSTATISTIC_GTM_IQUERY_RECEIVED_BYTESSTATISTIC_GTM_IQUERY_SENT_BYTESSTATISTIC_GTM_BACKLOGGED_SENDSSTATISTIC_GTM_DROPPED_BYTESSTATISTIC_GTM_PATH_CURRENT_RTTSTATISTIC_GTM_PATH_AVERAGE_RTTSTATISTIC_GTM_PATH_CURRENT_HOPSSTATISTIC_GTM_PATH_AVERAGE_HOPSSTATISTIC_GTM_PATH_CURRENT_COMPENSATION_RATESTATISTIC_GTM_PATH_AVERAGE_COMPENSATION_RATESTATISTIC_GTM_LDNS_REQUESTSSTATISTIC_HTTPCLASS_COOKIE_PERSIST_INSERTSSTATISTIC_HTTPCLASS_2XX_RESPONSESSTATISTIC_HTTPCLASS_3XX_RESPONSESSTATISTIC_HTTPCLASS_4XX_RESPONSESSTATISTIC_HTTPCLASS_5XX_RESPONSESSTATISTIC_HTTPCLASS_TOTAL_REQUESTSSTATISTIC_HTTPCLASS_GET_REQUESTSSTATISTIC_HTTPCLASS_POST_REQUESTSSTATISTIC_HTTPCLASS_V9_REQUESTSSTATISTIC_HTTPCLASS_V10_REQUESTSSTATISTIC_HTTPCLASS_V11_REQUESTSSTATISTIC_HTTPCLASS_V9_RESPONSESSTATISTIC_HTTPCLASS_V10_RESPONSESSTATISTIC_HTTPCLASS_V11_RESPONSESSTATISTIC_HTTPCLASS_MAXIMUM_KEEPALIVE_REQUESTSSTATISTIC_HTTPCLASS_BUCKET_1K_RESPONSESSTATISTIC_HTTPCLASS_BUCKET_4K_RESPONSESSTATISTIC_HTTPCLASS_BUCKET_16K_RESPONSESSTATISTIC_HTTPCLASS_BUCKET_32K_RESPONSESSTATISTIC_HTTPCLASS_BUCKET_64K_RESPONSESSTATISTIC_HTTPCLASS_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_POST_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_NULL_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_HTML_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_HTML_POST_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_CSS_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_CSS_POST_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_JS_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_JS_POST_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_XML_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_XML_POST_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_SGML_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_SGML_POST_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_PLAIN_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_PLAIN_POST_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_OCTET_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_OCTET_POST_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_IMAGE_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_IMAGE_POST_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_VIDEO_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_VIDEO_POST_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_AUDIO_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_AUDIO_POST_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_OTHER_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_OTHER_POST_COMPRESSION_BYTESSTATISTIC_HTTPCLASS_RAM_CACHE_HITSSTATISTIC_HTTPCLASS_RAM_CACHE_MISSESSTATISTIC_HTTPCLASS_RAM_CACHE_TOTAL_MISSESSTATISTIC_HTTPCLASS_RAM_CACHE_HIT_BYTESSTATISTIC_HTTPCLASS_RAM_CACHE_MISS_BYTESSTATISTIC_HTTPCLASS_RAM_CACHE_TOTAL_MISS_BYTESSTATISTIC_SCTP_ACCEPTSSTATISTIC_SCTP_FAILED_ACCEPTSTATISTIC_SCTP_CONNECTIONSSTATISTIC_SCTP_FAILED_CONNECTIONSTATISTIC_SCTP_EXPIRED_CONNECTIONSSTATISTIC_SCTP_ABANDONED_CONNECTIONSSTATISTIC_SCTP_RESETSSTATISTIC_SCTP_BAD_CHECKSUMSSTATISTIC_SCTP_COOKIESSTATISTIC_SCTP_BAD_COOKIESSTATISTIC_GTM_LINK_PATHSSTATISTIC_GTM_TOTAL_LDNSESSTATISTIC_GTM_TOTAL_PATHSSTATISTIC_HARDWARE_SYN_COOKIES_GENERATEDSTATISTIC_HARDWARE_SYN_COOKIES_DETECTEDSTATISTIC_FASTL4_OPEN_CONNECTIONSSTATISTIC_FASTL4_ACCEPTED_CONNECTIONSSTATISTIC_FASTL4_ACCEPT_FAILURESSTATISTIC_FASTL4_EXPIRED_CONNECTIONSSTATISTIC_FASTL4_RECEIVED_BAD_PACKETSTATISTIC_FASTL4_ACCEPTED_ICMP_UNREACH_OR_TCP_RSTSTATISTIC_FASTL4_ACCEPTED_TCP_RST_OUT_OF_WINSTATISTIC_FASTL4_RECEIVED_BAD_CHECKSUMSSTATISTIC_FASTL4_RECEIVED_BAD_TXERRSTATISTIC_FASTL4_RECEIVED_SYN_COOKIES_ISSUEDSTATISTIC_FASTL4_RECEIVED_SYN_COOKIES_ACCEPTEDSTATISTIC_FASTL4_RECEIVED_SYN_COOKIES_REJECTEDSTATISTIC_FASTL4_RECEIVED_SYN_COOKIES_SYN_TO_SERVER_RETRANSSTATISTIC_TM_PIDSTATISTIC_TM_CPUSTATISTIC_TM_TMIDSTATISTIC_TM_NPUSSTATISTIC_TM_CMP_CONN_REDIRECTEDSTATISTIC_CPU_COUNTSTATISTIC_CPU_INFO_CPU_IDSTATISTIC_CPU_INFO_USERSTATISTIC_CPU_INFO_NICEDSTATISTIC_CPU_INFO_SYSTEMSTATISTIC_CPU_INFO_IDLESTATISTIC_CPU_INFO_IRQSTATISTIC_CPU_INFO_SOFTIRQSTATISTIC_CPU_INFO_IOWAITSTATISTIC_CPU_INFO_USAGE_RATIOSTATISTIC_SIP_REQUESTSSTATISTIC_SIP_RESPONSESSTATISTIC_SIP_BAD_MESSAGESSTATISTIC_SIP_DROPSSTATISTIC_CPU_INFO_FIVE_SEC_AVG_USERSTATISTIC_CPU_INFO_FIVE_SEC_AVG_NICEDSTATISTIC_CPU_INFO_FIVE_SEC_AVG_SYSTEMSTATISTIC_CPU_INFO_FIVE_SEC_AVG_IDLESTATISTIC_CPU_INFO_FIVE_SEC_AVG_IRQSTATISTIC_CPU_INFO_FIVE_SEC_AVG_SOFTIRQSTATISTIC_CPU_INFO_FIVE_SEC_AVG_IOWAITSTATISTIC_CPU_INFO_FIVE_SEC_AVG_USAGE_RATIOSTATISTIC_CPU_INFO_ONE_MIN_AVG_USERSTATISTIC_CPU_INFO_ONE_MIN_AVG_NICEDSTATISTIC_CPU_INFO_ONE_MIN_AVG_SYSTEMSTATISTIC_CPU_INFO_ONE_MIN_AVG_IDLESTATISTIC_CPU_INFO_ONE_MIN_AVG_IRQSTATISTIC_CPU_INFO_ONE_MIN_AVG_SOFTIRQSTATISTIC_CPU_INFO_ONE_MIN_AVG_IOWAITSTATISTIC_CPU_INFO_ONE_MIN_AVG_USAGE_RATIOSTATISTIC_CPU_INFO_FIVE_MIN_AVG_USERSTATISTIC_CPU_INFO_FIVE_MIN_AVG_NICEDSTATISTIC_CPU_INFO_FIVE_MIN_AVG_SYSTEMSTATISTIC_CPU_INFO_FIVE_MIN_AVG_IDLESTATISTIC_CPU_INFO_FIVE_MIN_AVG_IRQSTATISTIC_CPU_INFO_FIVE_MIN_AVG_SOFTIRQSTATISTIC_CPU_INFO_FIVE_MIN_AVG_IOWAITSTATISTIC_CPU_INFO_FIVE_MIN_AVG_USAGE_RATIOSTATISTIC_TM_SLOT_IDSTATISTIC_GTM_METRICS_VIRTUAL_SERVER_SCORESTATISTIC_CPU_INFO_STOLENSTATISTIC_CPU_INFO_FIVE_SEC_AVG_STOLENSTATISTIC_CPU_INFO_ONE_MIN_AVG_STOLENSTATISTIC_CPU_INFO_FIVE_MIN_AVG_STOLENSTATISTIC_TM_FIVE_SEC_AVG_USAGE_RATIOSTATISTIC_TM_ONE_MIN_AVG_USAGE_RATIOSTATISTIC_TM_FIVE_MIN_AVG_USAGE_RATIOSTATISTIC_HTTP_BUCKET_128K_RESPONSESSTATISTIC_HTTP_BUCKET_512K_RESPONSESSTATISTIC_HTTP_BUCKET_2M_RESPONSESSTATISTIC_HTTP_BUCKET_LARGE_RESPONSESSTATISTIC_HTTPCLASS_BUCKET_128K_RESPONSESSTATISTIC_HTTPCLASS_BUCKET_512K_RESPONSESSTATISTIC_HTTPCLASS_BUCKET_2M_RESPONSESSTATISTIC_HTTPCLASS_BUCKET_LARGE_RESPONSESSTATISTIC_DIAMETER_TOT_CAPABILITIES_EXCHANGE_REQUESTSSTATISTIC_DIAMETER_TOT_CAPABILITIES_EXCHANGE_ANSWERSSTATISTIC_DIAMETER_TOT_DEVICE_WATCHDOG_REQUESTSSTATISTIC_DIAMETER_TOT_DEVICE_WATCHDOG_ANSWERSSTATISTIC_DIAMETER_TOT_DISCONNECT_PEER_REQUESTSSTATISTIC_DIAMETER_TOT_DISCONNECT_PEER_ANSWERSSTATISTIC_DIAMETER_TOT_ACCOUNTING_REQUESTSSTATISTIC_DIAMETER_TOT_ACCOUNTING_ANSWERSSTATISTIC_DIAMETER_TOT_CREDIT_CONTROL_REQUESTSSTATISTIC_DIAMETER_TOT_CREDIT_CONTROL_ANSWERSSTATISTIC_DIAMETER_TOT_USER_AUTHORIZATION_REQUESTSSTATISTIC_DIAMETER_TOT_USER_AUTHORIZATION_ANSWERSSTATISTIC_DIAMETER_TOT_OTHER_REQUESTSSTATISTIC_DIAMETER_TOT_OTHER_ANSWERSSTATISTIC_DIAMETER_TOT_BAD_MESSAGESSTATISTIC_RADIUS_REQUESTSSTATISTIC_RADIUS_ACCEPTSSTATISTIC_RADIUS_REJECTSSTATISTIC_RADIUS_CHALLENGESSTATISTIC_RADIUS_ACCOUNTING_REQUESTSSTATISTIC_RADIUS_ACCOUNTING_RESPONSESSTATISTIC_RADIUS_OTHER_MESSAGESSTATISTIC_RADIUS_DROPSSTATISTIC_CLIENT_SIDE_FIVE_SEC_AVG_BYTES_INSTATISTIC_CLIENT_SIDE_FIVE_SEC_AVG_BYTES_OUTSTATISTIC_CLIENT_SIDE_FIVE_SEC_AVG_PACKETS_INSTATISTIC_CLIENT_SIDE_FIVE_SEC_AVG_PACKETS_OUTSTATISTIC_CLIENT_SIDE_FIVE_SEC_AVG_CURRENT_CONNECTIONSSTATISTIC_CLIENT_SIDE_FIVE_SEC_AVG_MAXIMUM_CONNECTIONSSTATISTIC_CLIENT_SIDE_FIVE_SEC_AVG_TOTAL_CONNECTIONSSTATISTIC_CLIENT_SIDE_ONE_MIN_AVG_BYTES_INSTATISTIC_CLIENT_SIDE_ONE_MIN_AVG_BYTES_OUTSTATISTIC_CLIENT_SIDE_ONE_MIN_AVG_PACKETS_INSTATISTIC_CLIENT_SIDE_ONE_MIN_AVG_PACKETS_OUTSTATISTIC_CLIENT_SIDE_ONE_MIN_AVG_CURRENT_CONNECTIONSSTATISTIC_CLIENT_SIDE_ONE_MIN_AVG_MAXIMUM_CONNECTIONSSTATISTIC_CLIENT_SIDE_ONE_MIN_AVG_TOTAL_CONNECTIONSSTATISTIC_CLIENT_SIDE_FIVE_MIN_AVG_BYTES_INSTATISTIC_CLIENT_SIDE_FIVE_MIN_AVG_BYTES_OUTSTATISTIC_CLIENT_SIDE_FIVE_MIN_AVG_PACKETS_INSTATISTIC_CLIENT_SIDE_FIVE_MIN_AVG_PACKETS_OUTSTATISTIC_CLIENT_SIDE_FIVE_MIN_AVG_CURRENT_CONNECTIONSSTATISTIC_CLIENT_SIDE_FIVE_MIN_AVG_MAXIMUM_CONNECTIONSSTATISTIC_CLIENT_SIDE_FIVE_MIN_AVG_TOTAL_CONNECTIONSSTATISTIC_SERVER_SIDE_FIVE_SEC_AVG_BYTES_INSTATISTIC_SERVER_SIDE_FIVE_SEC_AVG_BYTES_OUTSTATISTIC_SERVER_SIDE_FIVE_SEC_AVG_PACKETS_INSTATISTIC_SERVER_SIDE_FIVE_SEC_AVG_PACKETS_OUTSTATISTIC_SERVER_SIDE_FIVE_SEC_AVG_CURRENT_CONNECTIONSSTATISTIC_SERVER_SIDE_FIVE_SEC_AVG_MAXIMUM_CONNECTIONSSTATISTIC_SERVER_SIDE_FIVE_SEC_AVG_TOTAL_CONNECTIONSSTATISTIC_SERVER_SIDE_ONE_MIN_AVG_BYTES_INSTATISTIC_SERVER_SIDE_ONE_MIN_AVG_BYTES_OUTSTATISTIC_SERVER_SIDE_ONE_MIN_AVG_PACKETS_INSTATISTIC_SERVER_SIDE_ONE_MIN_AVG_PACKETS_OUTSTATISTIC_SERVER_SIDE_ONE_MIN_AVG_CURRENT_CONNECTIONSSTATISTIC_SERVER_SIDE_ONE_MIN_AVG_MAXIMUM_CONNECTIONSSTATISTIC_SERVER_SIDE_ONE_MIN_AVG_TOTAL_CONNECTIONSSTATISTIC_SERVER_SIDE_FIVE_MIN_AVG_BYTES_INSTATISTIC_SERVER_SIDE_FIVE_MIN_AVG_BYTES_OUTSTATISTIC_SERVER_SIDE_FIVE_MIN_AVG_PACKETS_INSTATISTIC_SERVER_SIDE_FIVE_MIN_AVG_PACKETS_OUTSTATISTIC_SERVER_SIDE_FIVE_MIN_AVG_CURRENT_CONNECTIONSSTATISTIC_SERVER_SIDE_FIVE_MIN_AVG_MAXIMUM_CONNECTIONSSTATISTIC_SERVER_SIDE_FIVE_MIN_AVG_TOTAL_CONNECTIONSSTATISTIC_PVA_CLIENT_SIDE_FIVE_SEC_AVG_BYTES_INSTATISTIC_PVA_CLIENT_SIDE_FIVE_SEC_AVG_BYTES_OUTSTATISTIC_PVA_CLIENT_SIDE_FIVE_SEC_AVG_PACKETS_INSTATISTIC_PVA_CLIENT_SIDE_FIVE_SEC_AVG_PACKETS_OUTSTATISTIC_PVA_CLIENT_SIDE_FIVE_SEC_AVG_CURRENT_CONNECTIONSSTATISTIC_PVA_CLIENT_SIDE_FIVE_SEC_AVG_MAXIMUM_CONNECTIONSSTATISTIC_PVA_CLIENT_SIDE_FIVE_SEC_AVG_TOTAL_CONNECTIONSSTATISTIC_PVA_CLIENT_SIDE_ONE_MIN_AVG_BYTES_INSTATISTIC_PVA_CLIENT_SIDE_ONE_MIN_AVG_BYTES_OUTSTATISTIC_PVA_CLIENT_SIDE_ONE_MIN_AVG_PACKETS_INSTATISTIC_PVA_CLIENT_SIDE_ONE_MIN_AVG_PACKETS_OUTSTATISTIC_PVA_CLIENT_SIDE_ONE_MIN_AVG_CURRENT_CONNECTIONSSTATISTIC_PVA_CLIENT_SIDE_ONE_MIN_AVG_MAXIMUM_CONNECTIONSSTATISTIC_PVA_CLIENT_SIDE_ONE_MIN_AVG_TOTAL_CONNECTIONSSTATISTIC_PVA_CLIENT_SIDE_FIVE_MIN_AVG_BYTES_INSTATISTIC_PVA_CLIENT_SIDE_FIVE_MIN_AVG_BYTES_OUTSTATISTIC_PVA_CLIENT_SIDE_FIVE_MIN_AVG_PACKETS_INSTATISTIC_PVA_CLIENT_SIDE_FIVE_MIN_AVG_PACKETS_OUTSTATISTIC_PVA_CLIENT_SIDE_FIVE_MIN_AVG_CURRENT_CONNECTIONSSTATISTIC_PVA_CLIENT_SIDE_FIVE_MIN_AVG_MAXIMUM_CONNECTIONSSTATISTIC_PVA_CLIENT_SIDE_FIVE_MIN_AVG_TOTAL_CONNECTIONSSTATISTIC_PVA_SERVER_SIDE_FIVE_SEC_AVG_BYTES_INSTATISTIC_PVA_SERVER_SIDE_FIVE_SEC_AVG_BYTES_OUTSTATISTIC_PVA_SERVER_SIDE_FIVE_SEC_AVG_PACKETS_INSTATISTIC_PVA_SERVER_SIDE_FIVE_SEC_AVG_PACKETS_OUTSTATISTIC_PVA_SERVER_SIDE_FIVE_SEC_AVG_CURRENT_CONNECTIONSSTATISTIC_PVA_SERVER_SIDE_FIVE_SEC_AVG_MAXIMUM_CONNECTIONSSTATISTIC_PVA_SERVER_SIDE_FIVE_SEC_AVG_TOTAL_CONNECTIONSSTATISTIC_PVA_SERVER_SIDE_ONE_MIN_AVG_BYTES_INSTATISTIC_PVA_SERVER_SIDE_ONE_MIN_AVG_BYTES_OUTSTATISTIC_PVA_SERVER_SIDE_ONE_MIN_AVG_PACKETS_INSTATISTIC_PVA_SERVER_SIDE_ONE_MIN_AVG_PACKETS_OUTSTATISTIC_PVA_SERVER_SIDE_ONE_MIN_AVG_CURRENT_CONNECTIONSSTATISTIC_PVA_SERVER_SIDE_ONE_MIN_AVG_MAXIMUM_CONNECTIONSSTATISTIC_PVA_SERVER_SIDE_ONE_MIN_AVG_TOTAL_CONNECTIONSSTATISTIC_PVA_SERVER_SIDE_FIVE_MIN_AVG_BYTES_INSTATISTIC_PVA_SERVER_SIDE_FIVE_MIN_AVG_BYTES_OUTSTATISTIC_PVA_SERVER_SIDE_FIVE_MIN_AVG_PACKETS_INSTATISTIC_PVA_SERVER_SIDE_FIVE_MIN_AVG_PACKETS_OUTSTATISTIC_PVA_SERVER_SIDE_FIVE_MIN_AVG_CURRENT_CONNECTIONSSTATISTIC_PVA_SERVER_SIDE_FIVE_MIN_AVG_MAXIMUM_CONNECTIONSSTATISTIC_PVA_SERVER_SIDE_FIVE_MIN_AVG_TOTAL_CONNECTIONSSTATISTIC_SSL_FIVE_SEC_AVG_TOT_CONNSSTATISTIC_SSL_ONE_MIN_AVG_TOT_CONNSSTATISTIC_SSL_FIVE_MIN_AVG_TOT_CONNSSTATISTIC_HTTP_RAM_CACHE_INTER_STRIPE_HITSSTATISTIC_HTTP_RAM_CACHE_INTER_STRIPE_MISSESSTATISTIC_HTTP_RAM_CACHE_INTER_STRIPE_HIT_BYTESSTATISTIC_HTTP_RAM_CACHE_INTER_STRIPE_CACHE_SIZESTATISTIC_HTTP_RAM_CACHE_INTER_STRIPE_ENTITIESSTATISTIC_HTTP_RAM_CACHE_INTER_STRIPE_EVICTIONSSTATISTIC_HTTP_RAM_CACHE_REMOTE_HITSSTATISTIC_HTTP_RAM_CACHE_REMOTE_MISSESSTATISTIC_HTTP_RAM_CACHE_REMOTE_HIT_BYTESSTATISTIC_HTTPCLASS_RAM_CACHE_INTER_STRIPE_HITSSTATISTIC_HTTPCLASS_RAM_CACHE_INTER_STRIPE_MISSESSTATISTIC_HTTPCLASS_RAM_CACHE_INTER_STRIPE_HIT_BYTESSTATISTIC_HTTPCLASS_RAM_CACHE_REMOTE_HITSSTATISTIC_HTTPCLASS_RAM_CACHE_REMOTE_MISSESSTATISTIC_HTTPCLASS_RAM_CACHE_REMOTE_HIT_BYTESSTATISTIC_RATE_CLASS_BYTES_DROPPED_TAILSTATISTIC_RATE_CLASS_PACKETS_DROPPED_TAILSTATISTIC_RATE_CLASS_BYTES_DROPPED_RANDSTATISTIC_RATE_CLASS_PACKETS_DROPPED_RANDSTATISTIC_RATE_CLASS_PACKETS_DROPPEDSTATISTIC_GTM_WIDEIP_A_REQUESTSSTATISTIC_GTM_WIDEIP_AAAA_REQUESTSSTATISTIC_HTTPCOMPRESSION_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_POST_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_NULL_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_HTML_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_HTML_POST_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_CSS_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_CSS_POST_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_JS_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_JS_POST_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_XML_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_XML_POST_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_SGML_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_SGML_POST_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_PLAIN_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_PLAIN_POST_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_OCTET_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_OCTET_POST_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_IMAGE_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_IMAGE_POST_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_VIDEO_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_VIDEO_POST_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_AUDIO_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_AUDIO_POST_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_OTHER_PRE_COMPRESSION_BYTESSTATISTIC_HTTPCOMPRESSION_OTHER_POST_COMPRESSION_BYTESSTATISTIC_WEBACCELERATION_CACHE_HITSSTATISTIC_WEBACCELERATION_CACHE_MISSESSTATISTIC_WEBACCELERATION_CACHE_TOTAL_MISSESSTATISTIC_WEBACCELERATION_CACHE_HIT_BYTESSTATISTIC_WEBACCELERATION_CACHE_MISS_BYTESSTATISTIC_WEBACCELERATION_CACHE_TOTAL_MISS_BYTESSTATISTIC_WEBACCELERATION_CACHE_SIZESTATISTIC_WEBACCELERATION_CACHE_COUNTSTATISTIC_WEBACCELERATION_CACHE_EVICTIONSSTATISTIC_WEBACCELERATION_CACHE_INTER_STRIPE_HITSSTATISTIC_WEBACCELERATION_CACHE_INTER_STRIPE_MISSESSTATISTIC_WEBACCELERATION_CACHE_INTER_STRIPE_HIT_BYTESSTATISTIC_WEBACCELERATION_CACHE_INTER_STRIPE_CACHE_SIZESTATISTIC_WEBACCELERATION_CACHE_INTER_STRIPE_ENTITIESSTATISTIC_WEBACCELERATION_CACHE_INTER_STRIPE_EVICTIONSSTATISTIC_WEBACCELERATION_CACHE_REMOTE_HITSSTATISTIC_WEBACCELERATION_CACHE_REMOTE_MISSESSTATISTIC_WEBACCELERATION_CACHE_REMOTE_HIT_BYTESSTATISTIC_GTM_PROBER_POOL_TOTAL_PROBESSTATISTIC_GTM_PROBER_POOL_SUCCESSFUL_PROBESSTATISTIC_GTM_PROBER_POOL_FAILED_PROBESSTATISTIC_DNS_EXPRESS_SOA_SERIAL_NUMBERSTATISTIC_DNS_EXPRESS_SOA_REFRESH_INTERVALSTATISTIC_DNS_EXPRESS_SOA_RETRY_INTERVALSTATISTIC_DNS_EXPRESS_SOA_EXPIRE_INTERVALSTATISTIC_DNS_EXPRESS_ZONE_DB_RESOURCE_RECORDSSTATISTIC_VIRTUAL_SERVER_TOTAL_CPU_CYCLESSTATISTIC_VIRTUAL_SERVER_FIVE_SEC_AVG_CPU_USAGESTATISTIC_VIRTUAL_SERVER_ONE_MIN_AVG_CPU_USAGESTATISTIC_VIRTUAL_SERVER_FIVE_MIN_AVG_CPU_USAGESTATISTIC_CONNQUEUE_CONNECTIONSSTATISTIC_CONNQUEUE_AGE_OLDEST_ENTRYSTATISTIC_CONNQUEUE_AGE_MAXSTATISTIC_CONNQUEUE_AGE_MOVING_AVGSTATISTIC_CONNQUEUE_AGE_EXPONENTIAL_DECAY_MAXSTATISTIC_CONNQUEUE_SERVICEDSTATISTIC_CONNQUEUE_AGGR_CONNECTIONSSTATISTIC_CONNQUEUE_AGGR_AGE_OLDEST_ENTRYSTATISTIC_CONNQUEUE_AGGR_AGE_MAXSTATISTIC_CONNQUEUE_AGGR_AGE_MOVING_AVGSTATISTIC_CONNQUEUE_AGGR_AGE_EXPONENTIAL_DECAY_MAXSTATISTIC_CONNQUEUE_AGGR_SERVICEDSTATISTIC_DNS_REQUESTSSTATISTIC_DNS_RESPONSESSTATISTIC_DNS_RESPONSES_PER_SECONDSTATISTIC_DNS_REQUESTS_TO_GTMSTATISTIC_DNS_REQUESTS_TO_BACKEND_DNSSTATISTIC_DNS_DNS64_REQUESTSSTATISTIC_DNS_DNS64_TRANSLATIONSSTATISTIC_DNS_DNS64_FAILSSTATISTIC_DNS_EXPRESS_REQUESTSSTATISTIC_DNS_EXPRESS_NOTIFIESSTATISTIC_DNS_HINTSSTATISTIC_DNS_REJECTSSTATISTIC_DNS_NOERRORSSTATISTIC_DNS_DROPSSTATISTIC_XML_DOCUMENTS_INSPECTEDSTATISTIC_XML_DOCUMENTS_ONE_XPATH_MATCHSTATISTIC_XML_DOCUMENTS_TWO_XPATH_MATCHESSTATISTIC_XML_DOCUMENTS_THREE_XPATH_MATCHESSTATISTIC_XML_DOCUMENTS_NOMATCHSTATISTIC_XML_DOCUMENTS_MALFORMEDSTATISTIC_WAM_APPLICATION_PROXIEDSTATISTIC_WAM_APPLICATION_PROXIED_BYTESSTATISTIC_WAM_APPLICATION_PROXIED_1500STATISTIC_WAM_APPLICATION_PROXIED_10KSTATISTIC_WAM_APPLICATION_PROXIED_50KSTATISTIC_WAM_APPLICATION_PROXIED_100KSTATISTIC_WAM_APPLICATION_PROXIED_500KSTATISTIC_WAM_APPLICATION_PROXIED_1MSTATISTIC_WAM_APPLICATION_PROXIED_5MSTATISTIC_WAM_APPLICATION_PROXIED_LARGESTATISTIC_WAM_APPLICATION_PROXIED_NEWSTATISTIC_WAM_APPLICATION_PROXIED_EXPIREDSTATISTIC_WAM_APPLICATION_PROXIED_PER_POLICYSTATISTIC_WAM_APPLICATION_PROXIED_PER_IRULESTATISTIC_WAM_APPLICATION_PROXIED_PER_INVALIDATIONSTATISTIC_WAM_APPLICATION_PROXIED_PER_CLIENT_REQUESTSTATISTIC_WAM_APPLICATION_PROXIED_BYPASSSTATISTIC_WAM_APPLICATION_FROM_CACHESTATISTIC_WAM_APPLICATION_FROM_CACHE_BYTESSTATISTIC_WAM_APPLICATION_FROM_CACHE_1500STATISTIC_WAM_APPLICATION_FROM_CACHE_10KSTATISTIC_WAM_APPLICATION_FROM_CACHE_50KSTATISTIC_WAM_APPLICATION_FROM_CACHE_100KSTATISTIC_WAM_APPLICATION_FROM_CACHE_500KSTATISTIC_WAM_APPLICATION_FROM_CACHE_1MSTATISTIC_WAM_APPLICATION_FROM_CACHE_5MSTATISTIC_WAM_APPLICATION_FROM_CACHE_LARGESTATISTIC_WAM_APPLICATION_OWS_2XXSTATISTIC_WAM_APPLICATION_OWS_3XXSTATISTIC_WAM_APPLICATION_OWS_4XXSTATISTIC_WAM_APPLICATION_OWS_5XXSTATISTIC_WAM_APPLICATION_OWS_DROPPEDSTATISTIC_WAM_APPLICATION_OWS_REJECTEDSTATISTIC_WAM_APPLICATION_WAM_2XXSTATISTIC_WAM_APPLICATION_WAM_3XXSTATISTIC_WAM_APPLICATION_WAM_4XXSTATISTIC_WAM_APPLICATION_WAM_5XXSTATISTIC_WAM_APPLICATION_WAM_503STATISTIC_WAM_APPLICATION_WAM_DROPPEDSTATISTIC_SSL_COMMON_SECURE_HANDSHAKESSTATISTIC_SSL_COMMON_INSECURE_HANDSHAKE_ACCEPTSSTATISTIC_SSL_COMMON_INSECURE_HANDSHAKE_REJECTSSTATISTIC_SSL_COMMON_INSECURE_RENEGOTIATION_REJECTSSTATISTIC_SSL_COMMON_SNI_REJECTSSTATISTIC_SSL_PROTOCOL_TLSV1_1STATISTIC_SSL_PROTOCOL_TLSV1_2STATISTIC_SSL_PROTOCOL_DTLSV1STATISTIC_CURRENT_SESSIONSSTATISTIC_DNS_CACHE_RESOLVER_QUERIESSTATISTIC_DNS_CACHE_RESOLVER_RESPONSESSTATISTIC_DNS_CACHE_RESOLVER_SYNCSTATISTIC_DNS_CACHE_RESOLVER_ASYNCSTATISTIC_DNS_CACHE_RESOLVER_FAILURE_RESOLVESTATISTIC_DNS_CACHE_RESOLVER_FAILURE_CONNSTATISTIC_DNS_CACHE_RESOLVER_FAILURE_SERVERSTATISTIC_DNS_CACHE_RESOLVER_FAILURE_SENDSTATISTIC_DNS_CACHE_RESOLVER_MSG_HITSSTATISTIC_DNS_CACHE_RESOLVER_MSG_MISSESSTATISTIC_DNS_CACHE_RESOLVER_MSG_INSERTSSTATISTIC_DNS_CACHE_RESOLVER_MSG_UPDATESSTATISTIC_DNS_CACHE_RESOLVER_MSG_EVICTIONSSTATISTIC_DNS_CACHE_RESOLVER_RRSET_HITSSTATISTIC_DNS_CACHE_RESOLVER_RRSET_MISSESSTATISTIC_DNS_CACHE_RESOLVER_RRSET_INSERTSSTATISTIC_DNS_CACHE_RESOLVER_RRSET_UPDATESSTATISTIC_DNS_CACHE_RESOLVER_RRSET_EVICTIONSSTATISTIC_DNS_CACHE_RESOLVER_NAMESERVER_HITSSTATISTIC_DNS_CACHE_RESOLVER_NAMESERVER_MISSESSTATISTIC_DNS_CACHE_RESOLVER_NAMESERVER_INSERTSSTATISTIC_DNS_CACHE_RESOLVER_NAMESERVER_UPDATESSTATISTIC_DNS_CACHE_RESOLVER_NAMESERVER_EVICTIONSSTATISTIC_DNS_CACHE_RESOLVER_KEY_HITSSTATISTIC_DNS_CACHE_RESOLVER_KEY_MISSESSTATISTIC_DNS_CACHE_RESOLVER_KEY_INSERTSSTATISTIC_DNS_CACHE_RESOLVER_KEY_UPDATESSTATISTIC_DNS_CACHE_RESOLVER_KEY_EVICTIONSSTATISTIC_DNS_CACHE_RESOLVER_UDP_BYTES_INSTATISTIC_DNS_CACHE_RESOLVER_UDP_BYTES_OUTSTATISTIC_DNS_CACHE_RESOLVER_UDP_PACKETS_INSTATISTIC_DNS_CACHE_RESOLVER_UDP_PACKETS_OUTSTATISTIC_DNS_CACHE_RESOLVER_UDP_CURRENT_CONNSSTATISTIC_DNS_CACHE_RESOLVER_UDP_MAX_CONNSSTATISTIC_DNS_CACHE_RESOLVER_UDP_TOTAL_CONNSSTATISTIC_DNS_CACHE_RESOLVER_TCP_BYTES_INSTATISTIC_DNS_CACHE_RESOLVER_TCP_BYTES_OUTSTATISTIC_DNS_CACHE_RESOLVER_TCP_PACKETS_INSTATISTIC_DNS_CACHE_RESOLVER_TCP_PACKETS_OUTSTATISTIC_DNS_CACHE_RESOLVER_TCP_CURRENT_CONNSSTATISTIC_DNS_CACHE_RESOLVER_TCP_MAX_CONNSSTATISTIC_DNS_CACHE_RESOLVER_TCP_TOTAL_CONNSSTATISTIC_DNS_CACHE_RESOLVER_UNSOLICITED_REPLIESSTATISTIC_DNS_CACHE_RESOLVER_SEC_UNCHECKEDSTATISTIC_DNS_CACHE_RESOLVER_SEC_BOGUSSTATISTIC_DNS_CACHE_RESOLVER_SEC_INDETERMINATESTATISTIC_DNS_CACHE_RESOLVER_SEC_INSECURESTATISTIC_DNS_CACHE_RESOLVER_SEC_SECURESTATISTIC_DNS_CACHE_RESOLVER_RPZ_REWRITESSTATISTIC_DNS_REQUESTS_TO_CACHESTATISTIC_DNS_MALFORMEDSTATISTIC_DNS_SUSPENDSSTATISTIC_DIAMETERROUTING_PEER_CAPABILITIES_EXCHANGE_REQUESTS_INSTATISTIC_DIAMETERROUTING_PEER_CAPABILITIES_EXCHANGE_ANSWERS_INSTATISTIC_DIAMETERROUTING_PEER_DEVICE_WATCHDOG_REQUESTS_INSTATISTIC_DIAMETERROUTING_PEER_DEVICE_WATCHDOG_ANSWERS_INSTATISTIC_DIAMETERROUTING_PEER_DISCONNECT_PEER_REQUESTS_INSTATISTIC_DIAMETERROUTING_PEER_DISCONNECT_PEER_ANSWERS_INSTATISTIC_DIAMETERROUTING_PEER_CAPABILITIES_EXCHANGE_REQUESTS_OUTSTATISTIC_DIAMETERROUTING_PEER_CAPABILITIES_EXCHANGE_ANSWERS_OUTSTATISTIC_DIAMETERROUTING_PEER_DEVICE_WATCHDOG_REQUESTS_OUTSTATISTIC_DIAMETERROUTING_PEER_DEVICE_WATCHDOG_ANSWERS_OUTSTATISTIC_DIAMETERROUTING_PEER_DISCONNECT_PEER_REQUESTS_OUTSTATISTIC_DIAMETERROUTING_PEER_DISCONNECT_PEER_ANSWERS_OUTSTATISTIC_DIAMETERROUTING_PEER_REQUESTS_INSTATISTIC_DIAMETERROUTING_PEER_REQUESTS_OUTSTATISTIC_DIAMETERROUTING_PEER_ANSWERS_INSTATISTIC_DIAMETERROUTING_PEER_ANSWERS_OUTSTATISTIC_DIAMETERROUTING_PEER_DETECTED_LOOPSSTATISTIC_DIAMETERROUTING_PEER_ACTIVE_SESSIONSSTATISTIC_DIAMETERROUTING_PEER_BYTES_SENTSTATISTIC_DIAMETERROUTING_PEER_BYTES_RECEIVEDSTATISTIC_DIAMETERROUTING_PEER_ERRORSSTATISTIC_DIAMETERROUTING_CAPABILITIES_EXCHANGE_REQUESTS_INSTATISTIC_DIAMETERROUTING_CAPABILITIES_EXCHANGE_ANSWERS_INSTATISTIC_DIAMETERROUTING_DEVICE_WATCHDOG_REQUESTS_INSTATISTIC_DIAMETERROUTING_DEVICE_WATCHDOG_ANSWERS_INSTATISTIC_DIAMETERROUTING_DISCONNECT_PEER_REQUESTS_INSTATISTIC_DIAMETERROUTING_DISCONNECT_PEER_ANSWERS_INSTATISTIC_DIAMETERROUTING_CAPABILITIES_EXCHANGE_REQUESTS_OUTSTATISTIC_DIAMETERROUTING_CAPABILITIES_EXCHANGE_ANSWERS_OUTSTATISTIC_DIAMETERROUTING_DEVICE_WATCHDOG_REQUESTS_OUTSTATISTIC_DIAMETERROUTING_DEVICE_WATCHDOG_ANSWERS_OUTSTATISTIC_DIAMETERROUTING_DISCONNECT_PEER_REQUESTS_OUTSTATISTIC_DIAMETERROUTING_DISCONNECT_PEER_ANSWERS_OUTSTATISTIC_DIAMETERROUTING_REQUESTS_INSTATISTIC_DIAMETERROUTING_REQUESTS_OUTSTATISTIC_DIAMETERROUTING_ANSWERS_INSTATISTIC_DIAMETERROUTING_ANSWERS_OUTSTATISTIC_DIAMETERROUTING_RETRANSMITSSTATISTIC_DIAMETERROUTING_DETECTED_LOOPSSTATISTIC_DIAMETERROUTING_DETECTED_DUPLICATESSTATISTIC_DIAMETERROUTING_ACTIVE_SESSIONSSTATISTIC_DIAMETERROUTING_QUEUE_OVERFLOW_DROPSSTATISTIC_DIAMETERROUTING_BYTES_SENTSTATISTIC_DIAMETERROUTING_BYTES_RECEIVEDSTATISTIC_DIAMETERROUTING_ERRORSSTATISTIC_DIAMETERROUTING_BAD_MESSAGESSTATISTIC_DIAMETERROUTING_UNCONFIGURED_PEERSSTATISTIC_DIAMETERROUTING_UNCONFIGURED_PEER_MESSAGESSTATISTIC_VCMP_DISK_USESTATISTIC_VCMP_MEMORY_USESTATISTIC_VCMP_UPTIMESTATISTIC_VCMP_PACKETS_INSTATISTIC_VCMP_BYTES_INSTATISTIC_VCMP_PACKETS_OUTSTATISTIC_VCMP_BYTES_OUTSTATISTIC_VCMP_MULTICASTS_INSTATISTIC_VCMP_MULTICASTS_OUTSTATISTIC_VCMP_DROPS_INSTATISTIC_VCMP_DROPS_OUTSTATISTIC_VIRTUAL_DISK_DISK_USESTATISTIC_GTM_POOL_RETURN_FROM_DNSSTATISTIC_GTM_WIDEIP_RETURN_FROM_DNSSTATISTIC_SSL_SESSTICK_REUSEDSTATISTIC_SSL_SESSTICK_REUSE_FAILEDSTATISTIC_SSL_CIPHER_ECDHE_RSA_KEY_EXCHANGESTATISTIC_DNS_HDR_RDSTATISTIC_DNS_HDR_CDSTATISTIC_DNS_HDR_EDNS0STATISTIC_DNS_OP_QUERYSTATISTIC_DNS_OP_NOTIFYSTATISTIC_DNS_OP_UPDATESTATISTIC_DNS_OP_OTHERSTATISTIC_DNS_ZONE_IXFRSTATISTIC_DNS_ZONE_AXFRSTATISTIC_DNS_HDR_AASTATISTIC_DNS_HDR_RASTATISTIC_DNS_HDR_ADSTATISTIC_DNS_HDR_TCSTATISTIC_DNS_RC_NOERRORSTATISTIC_DNS_RC_NXDOMAINSTATISTIC_DNS_RC_SERVFAILSTATISTIC_DNS_RC_REFUSEDSTATISTIC_ICAP_CURRENT_CONNECTIONSSTATISTIC_ICAP_TOTAL_REQMODE_REQUESTSTATISTIC_ICAP_TOTAL_REQMODE_RESPONSESTATISTIC_ICAP_TOTAL_RSPMODE_REQUESTSTATISTIC_ICAP_TOTAL_RSPMODE_RESPONSESTATISTIC_ADAPT_CURRENT_CONNECTIONSSTATISTIC_ADAPT_RECORDS_INSTATISTIC_ADAPT_RECORDS_OUTSTATISTIC_ADAPT_RECORDS_SENT_FOR_ADAPTATIONSTATISTIC_ADAPT_RECORDS_ADAPTEDSTATISTIC_ADAPT_TIMEOUT_ERRORSSTATISTIC_ADAPT_ADAPTATION_ERRORSSTATISTIC_ACL_NO_MATCHSTATISTIC_SSL_COMMON_FWDP_CONNSSTATISTIC_SSL_COMMON_FWDP_CACHED_CERTSSTATISTIC_GTM_POOL_CNAME_RESOLUTIONSSTATISTIC_GTM_WIDEIP_CNAME_RESOLUTIONSSTATISTIC_SPDY_CONNECTIONS_ACCEPTEDSTATISTIC_SPDY_CONNECTIONS_CURRENTSTATISTIC_SPDY_CONNECTIONS_MAXSTATISTIC_SPDY_DATA_FRAMES_RECEIVEDSTATISTIC_SPDY_DATA_FRAMES_SENTSTATISTIC_SPDY_FLOWS_CREATEDSTATISTIC_SPDY_FLOWS_CURRENTSTATISTIC_SPDY_FLOWS_MAXSTATISTIC_SPDY_GOAWAY_FRAMES_RECEIVEDSTATISTIC_SPDY_GOAWAY_FRAMES_SENTSTATISTIC_SPDY_HEADERS_FRAMES_RECEIVEDSTATISTIC_SPDY_HEADERS_FRAMES_SENTSTATISTIC_SPDY_HTTP_REQUEST_BYTESSTATISTIC_SPDY_HTTP_RESPONSE_BYTESSTATISTIC_SPDY_NOOP_FRAMES_RECEIVEDSTATISTIC_SPDY_NOOP_FRAMES_SENTSTATISTIC_SPDY_PING_FRAMES_RECEIVEDSTATISTIC_SPDY_PING_FRAMES_SENTSTATISTIC_SPDY_RST_STREAM_FRAMES_RECEIVEDSTATISTIC_SPDY_RST_STREAM_FRAMES_SENTSTATISTIC_SPDY_SETTINGS_FRAMES_RECEIVEDSTATISTIC_SPDY_SETTINGS_FRAMES_SENTSTATISTIC_SPDY_SPDY_REQUEST_BYTESSTATISTIC_SPDY_SPDY_REQUEST_FRAMESSTATISTIC_SPDY_SPDY_RESPONSE_BYTESSTATISTIC_SPDY_SPDY_RESPONSE_FRAMESSTATISTIC_SPDY_SYN_REPLY_FRAMES_RECEIVEDSTATISTIC_SPDY_SYN_REPLY_FRAMES_SENTSTATISTIC_SPDY_SYN_STREAM_FRAMES_RECEIVEDSTATISTIC_SPDY_SYN_STREAM_FRAMES_SENTSTATISTIC_SPDY_V2_STREAMS_CREATEDSTATISTIC_SPDY_V2_STREAMS_CURRENTSTATISTIC_SPDY_V2_STREAMS_MAXSTATISTIC_SPDY_V3_STREAMS_CREATEDSTATISTIC_SPDY_V3_STREAMS_CURRENTSTATISTIC_SPDY_V3_STREAMS_MAXSTATISTIC_SPDY_WINDOW_UPDATE_FRAMES_RECEIVEDSTATISTIC_SPDY_WINDOW_UPDATE_FRAMES_SENTSTATISTIC_LSN_POOL_TRANSLATION_REQUESTSSTATISTIC_LSN_POOL_HAIRPIN_CONNECTION_REQUESTSSTATISTIC_LSN_POOL_ACTIVE_TRANSLATIONSSTATISTIC_LSN_POOL_ACTIVE_HAIRPIN_CONNECTIONSSTATISTIC_LSN_POOL_TRANSLATION_REQUEST_FAILURESSTATISTIC_LSN_POOL_PERSISTENCE_MAPPING_FAILURESSTATISTIC_LSN_POOL_HAIRPIN_CONNECTION_FAILURESSTATISTIC_LSN_POOL_BACKUP_POOL_TRANSLATIONSSTATISTIC_LSN_POOL_ACTIVE_PERSISTENCE_MAPPINGSSTATISTIC_LSN_POOL_ACTIVE_INBOUND_RESERVATIONSSTATISTIC_LSN_POOL_LOG_ATTEMPTSSTATISTIC_LSN_POOL_LOG_FAILURESSTATISTIC_DNS_MALICIOUSSTATISTIC_DNS_A_REQSSTATISTIC_DNS_AAAA_REQSSTATISTIC_DNS_ANY_REQSSTATISTIC_DNS_CNAME_REQSSTATISTIC_DNS_MX_REQSSTATISTIC_DNS_NS_REQSSTATISTIC_DNS_PTR_REQSSTATISTIC_DNS_SOA_REQSSTATISTIC_DNS_SRV_REQSSTATISTIC_DNS_TXT_REQSSTATISTIC_DNS_OTHER_REQSSTATISTIC_DNS_FILTERED_DROPSSTATISTIC_DNS_A_DROPSSTATISTIC_DNS_AAAA_DROPSSTATISTIC_DNS_ANY_DROPSSTATISTIC_DNS_CNAME_DROPSSTATISTIC_DNS_MX_DROPSSTATISTIC_DNS_NS_DROPSSTATISTIC_DNS_PTR_DROPSSTATISTIC_DNS_SOA_DROPSSTATISTIC_DNS_SRV_DROPSSTATISTIC_DNS_TXT_DROPSSTATISTIC_DNS_OTHER_DROPSSTATISTIC_IP_INTELLIGENCE_SPAM_SOURCES_WARNINGSSTATISTIC_IP_INTELLIGENCE_SPAM_SOURCES_REJECTSSTATISTIC_IP_INTELLIGENCE_WINDOWS_EXPLOITS_WARNINGSSTATISTIC_IP_INTELLIGENCE_WINDOWS_EXPLOITS_REJECTSSTATISTIC_IP_INTELLIGENCE_WEB_ATTACKS_WARNINGSSTATISTIC_IP_INTELLIGENCE_WEB_ATTACKS_REJECTSSTATISTIC_IP_INTELLIGENCE_BOTNETS_WARNINGSSTATISTIC_IP_INTELLIGENCE_BOTNETS_REJECTSSTATISTIC_IP_INTELLIGENCE_SCANNERS_WARNINGSSTATISTIC_IP_INTELLIGENCE_SCANNERS_REJECTSSTATISTIC_IP_INTELLIGENCE_DENIAL_OF_SERVICE_WARNINGSSTATISTIC_IP_INTELLIGENCE_DENIAL_OF_SERVICE_REJECTSSTATISTIC_IP_INTELLIGENCE_INFECTED_SOURCES_WARNINGSSTATISTIC_IP_INTELLIGENCE_INFECTED_SOURCES_REJECTSSTATISTIC_IP_INTELLIGENCE_PHISHING_WARNINGSSTATISTIC_IP_INTELLIGENCE_PHISHING_REJECTSSTATISTIC_IP_INTELLIGENCE_PROXY_WARNINGSSTATISTIC_IP_INTELLIGENCE_PROXY_REJECTSSTATISTIC_DNS_EFFECTIVE_LICENSED_RATESTATISTIC_DNS_LICENSED_OBJECT_COUNTSTATISTIC_DNS_RATE_LIMITED_REQUESTSSTATISTIC_GTM_EFFECTIVE_LICENSED_RATESTATISTIC_GTM_LICENSED_OBJECT_COUNTSTATISTIC_GTM_RATE_LIMITED_REQUESTSSTATISTIC_VIRTUAL_SERVER_SYNCOOKIE_HW_INSTANCESSTATISTIC_VIRTUAL_SERVER_SYNCOOKIE_SW_INSTANCESSTATISTIC_VIRTUAL_SERVER_SYNCOOKIE_CACHE_USAGESTATISTIC_VIRTUAL_SERVER_SYNCOOKIE_CACHE_OVERFLOWSSTATISTIC_VIRTUAL_SERVER_SYNCOOKIE_SW_TOTALSTATISTIC_VIRTUAL_SERVER_SYNCOOKIE_SW_ACCEPTSSTATISTIC_VIRTUAL_SERVER_SYNCOOKIE_SW_REJECTSSTATISTIC_VIRTUAL_SERVER_SYNCOOKIE_HW_TOTALSTATISTIC_VIRTUAL_SERVER_SYNCOOKIE_HW_ACCEPTSSTATISTIC_DOS_ATTACK_DETECTEDSTATISTIC_DOS_ATTACKSSTATISTIC_DOS_PACKETS_RECEIVED_ONE_HOUR_SAMPLESSTATISTIC_DOS_PACKETS_RECEIVEDSTATISTIC_DOS_PACKETS_RECEIVED_RATE_ONE_SECSTATISTIC_DOS_PACKETS_RECEIVED_ONE_MINSTATISTIC_DOS_PACKETS_RECEIVED_ONE_HOURSTATISTIC_DOS_DROPSSTATISTIC_DOS_DROPS_RATE_ONE_SECSTATISTIC_DOS_DROPS_ONE_MINSTATISTIC_DOS_DROPS_ONE_HOURSTATISTIC_DOS_INTERNAL_DROPSSTATISTIC_DOS_INTERNAL_DROPS_RATE_ONE_SECSTATISTIC_DOS_INTERNAL_DROPS_ONE_MINSTATISTIC_DOS_INTERNAL_DROPS_ONE_HOURSTATISTIC_DIAMETER_ENDPOINT_CONNECTION_ATTEMPTSSTATISTIC_DIAMETER_ENDPOINT_TOTAL_OPENSSTATISTIC_DIAMETER_ENDPOINT_TOTAL_DISCONNECTSSTATISTIC_DIAMETER_ENDPOINT_TOTAL_RX_MSGSTATISTIC_DIAMETER_ENDPOINT_TOTAL_RX_BYTESSTATISTIC_DIAMETER_ENDPOINT_TOTAL_RX_MSG_REQUESTSSTATISTIC_DIAMETER_ENDPOINT_TOTAL_RX_MSG_ERRORSSTATISTIC_DIAMETER_ENDPOINT_TOTAL_RX_MSG_ANSWERSSTATISTIC_DIAMETER_ENDPOINT_TOTAL_RX_UNMATCHED_ANSWERSSTATISTIC_DIAMETER_ENDPOINT_TOTAL_RX_INVALIDSTATISTIC_DIAMETER_ENDPOINT_TOTAL_TX_MSGSTATISTIC_DIAMETER_ENDPOINT_TOTAL_TX_BYTESSTATISTIC_DIAMETER_ENDPOINT_TOTAL_TX_MSG_REQUESTSSTATISTIC_DIAMETER_ENDPOINT_TOTAL_TX_MSG_ERRORSSTATISTIC_DIAMETER_ENDPOINT_TOTAL_TX_MSG_ANSWERSSTATISTIC_DIAMETER_ENDPOINT_TOTAL_TX_MSG_REXMITSTATISTIC_DIAMETER_ENDPOINT_TOTAL_TX_MSG_REXMIT_LIMIT_EXCEEDEDSTATISTIC_DIAMETER_ENDPOINT_TOTAL_TX_REQUESTS_PENDINGSTATISTIC_DIAMETER_ENDPOINT_TOTAL_TX_CERSTATISTIC_DIAMETER_ENDPOINT_TOTAL_TX_CEASTATISTIC_DIAMETER_ENDPOINT_TOTAL_RX_CERSTATISTIC_DIAMETER_ENDPOINT_TOTAL_RX_CEASTATISTIC_DIAMETER_ENDPOINT_TOTAL_TX_DWRSTATISTIC_DIAMETER_ENDPOINT_TOTAL_TX_DWASTATISTIC_DIAMETER_ENDPOINT_TOTAL_RX_DWRSTATISTIC_DIAMETER_ENDPOINT_TOTAL_RX_DWASTATISTIC_DIAMETER_ENDPOINT_TOTAL_TX_DPRSTATISTIC_DIAMETER_ENDPOINT_TOTAL_TX_DPASTATISTIC_DIAMETER_ENDPOINT_TOTAL_RX_DPRSTATISTIC_DIAMETER_ENDPOINT_TOTAL_RX_DPASTATISTIC_DIAMETER_ENDPOINT_TOTAL_STATE_MACHINE_ERRORSSTATISTIC_FW_RULE_HITSSTATISTIC_PEM_ACTION_BWC_UPLINKSSTATISTIC_PEM_ACTION_BWC_DOWNLINKSSTATISTIC_PEM_ACTION_CLONESSTATISTIC_PEM_ACTION_DROPSSTATISTIC_PEM_ACTION_DSCP_MARKING_UPLINKSSTATISTIC_PEM_ACTION_DSCP_MARKING_DOWNLINKSSTATISTIC_PEM_ACTION_FLOW_REPORTSSTATISTIC_PEM_ACTION_L2_MARKING_UPLINKSSTATISTIC_PEM_ACTION_L2_MARKING_DOWNLINKSSTATISTIC_PEM_ACTION_REDIRECTSSTATISTIC_PEM_ACTION_REEVAL_COUNTSTATISTIC_PEM_ACTION_REEVAL_MAXSTATISTIC_PEM_ACTION_STEERINGSTATISTIC_PEM_ACTION_STEERING_ENDPOINTSTATISTIC_PEM_SESSION_ACTIVE_CURRENTSTATISTIC_PEM_SESSION_ACTIVE_MAXIMUMSTATISTIC_PEM_SESSION_FAILED_PROVISIONING_CURRENTSTATISTIC_PEM_SESSION_FAILED_PROVISIONING_MAXIMUMSTATISTIC_PEM_SESSION_LIMITS_EXCEEDSTATISTIC_PEM_SESSION_MARKED_DELETED_CURRENTSTATISTIC_PEM_SESSION_MARKED_DELETED_MAXIMUMSTATISTIC_PEM_SESSION_PENDING_PROVISIONING_RESPONSES_CURRENTSTATISTIC_PEM_SESSION_PENDING_PROVISIONING_RESPONSES_MAXIMUMSTATISTIC_PEM_SESSION_PROVISIONED_AS_UNKNOWN_CURRENTSTATISTIC_PEM_SESSION_PROVISIONED_AS_UNKNOWN_MAXIMUMSTATISTIC_PEM_SESSION_PROVISIONED_CURRENTSTATISTIC_PEM_SESSION_PROVISIONED_MAXIMUMSTATISTIC_PEM_SESSION_SESSIONS_TOTALSTATISTIC_PEM_SESSION_FAILURES_SPM_QUEUE_FULLSTATISTIC_PEM_GX_CURRENT_ACTIVE_SESSIONSSTATISTIC_PEM_GX_MAXIMUM_ACTIVE_SESSIONSSTATISTIC_PEM_GX_CCA_RECEIVEDSTATISTIC_PEM_GX_CCR_SENTSTATISTIC_PEM_GX_CURRENT_SESSIONS_CLOSE_INITIATEDSTATISTIC_PEM_GX_MAXIMUM_SESSIONS_CLOSE_INITIATEDSTATISTIC_PEM_GX_CURRENT_INACTIVE_WITH_PROVISIONING_ERRORSSTATISTIC_PEM_GX_MAXIMUM_INACTIVE_WITH_PROVISIONING_ERRORSSTATISTIC_PEM_GX_CURRENT_SESSIONS_INITIATEDSTATISTIC_PEM_GX_MAXIMUM_SESSIONS_INITIATEDSTATISTIC_PEM_GX_ERROR_MESSAGES_RECEIVEDSTATISTIC_PEM_GX_REPORT_MESSAGES_DROPPEDSTATISTIC_PEM_GX_POLICY_UPDATES_RECEIVEDSTATISTIC_PEM_GX_POLICY_REQUESTS_SENTSTATISTIC_PEM_GX_RAA_MESSAGES_SENTSTATISTIC_PEM_GX_RAR_MESSAGES_RECEIVEDSTATISTIC_PEM_GX_SESSIONS_CREATEDSTATISTIC_PEM_GX_SESSIONS_TERMINATEDSTATISTIC_PEM_GX_USAGE_REPORT_MESSAGES_SENTSTATISTIC_PEM_SESSIONDB_BYTES_UPLINKSTATISTIC_PEM_SESSIONDB_BYTES_DOWNLINKSTATISTIC_PEM_SESSIONDB_FLOWS_TOTALSTATISTIC_PEM_SESSIONDB_FLOWS_CURRENTSTATISTIC_PEM_SESSIONDB_FLOWS_MAXSTATISTIC_FTP_LOGIN_REQUESTSSTATISTIC_FTP_UPLOAD_REQUESTSSTATISTIC_FTP_DOWNLOAD_REQUESTSSTATISTIC_PPTP_ACTIVE_CALLSSTATISTIC_PPTP_TOTAL_CALLSSTATISTIC_PPTP_FAILED_CALLSSTATISTIC_PPTP_START_REQUESTSSTATISTIC_PPTP_START_REPLIESSTATISTIC_PPTP_STOP_REQUESTSSTATISTIC_PPTP_STOP_REPLIESSTATISTIC_PPTP_ECHO_REQUESTSSTATISTIC_PPTP_ECHO_REPLIESSTATISTIC_PPTP_OUTGOING_CALL_REQUESTSSTATISTIC_PPTP_OUTGOING_CALL_REPLIESSTATISTIC_PPTP_CALL_CLEAR_REQUESTSSTATISTIC_PPTP_CALL_DISCONNECT_NOTIFIESSTATISTIC_PPTP_SET_LINK_INFOSTATISTIC_PPTP_WAN_ERROR_NOTIFIESSTATISTIC_PEM_ACTION_PASSESSTATISTIC_PEM_ACTION_HTTP_REDIRECTSSTATISTIC_PEM_ACTION_SERVICE_CHAINSSTATISTIC_PEM_ACTION_STEERING_ON_RESPONSESTATISTIC_PEM_ACTION_QOS_UPLINKSTATISTIC_PEM_ACTION_QOS_DOWNLINKSTATISTIC_PEM_ACTION_HTTP_HEADER_MODIFICATIONSSTATISTIC_PEM_ACTION_FLOW_REPORTINGSTATISTIC_PEM_ACTION_SESSION_REPORTINGSTATISTIC_PEM_ACTION_POLICY_REEVALUATION_RATESTATISTIC_PEM_ACTION_POLICY_REEVALUATION_RATE_MAXIMUMSTATISTIC_PEM_GX_CONCURRENT_SESSIONSSTATISTIC_PEM_GX_NON_PROVISIONED_SESSIONSSTATISTIC_PEM_GX_NON_PROVISIONED_SESSIONS_MAXIMUMSTATISTIC_PEM_GX_PROVISIONING_INITIATEDSTATISTIC_PEM_GX_PROVISIONING_INITIATED_MAXIMUMSTATISTIC_PEM_GX_TERMINATIONS_INITIATEDSTATISTIC_PEM_GX_TERMINATIONS_INITIATED_MAXIMUMSTATISTIC_PEM_GX_CCR_INITIALS_SENTSTATISTIC_PEM_GX_CCA_INITIALS_RECEIVEDSTATISTIC_PEM_GX_CCR_UPDATES_SENTSTATISTIC_PEM_GX_CCA_UPDATES_RECEIVEDSTATISTIC_PEM_GX_RAR_RECEIVEDSTATISTIC_PEM_GX_RAA_SENTSTATISTIC_PEM_GX_CCR_USAGE_MONITORING_SENTSTATISTIC_PEM_GX_CCA_USAGE_MONITORING_RECEIVEDSTATISTIC_PEM_GX_CCR_TERMINATIONS_SENTSTATISTIC_PEM_GX_CCA_TERMINATIONS_RECEIVEDSTATISTIC_PEM_GY_CONCURRENT_SESSIONSSTATISTIC_PEM_GY_TOTAL_SESSIONSSTATISTIC_PEM_GY_SESSIONS_CREATEDSTATISTIC_PEM_GY_NON_PROVISIONED_SESSIONSSTATISTIC_PEM_GY_NON_PROVISIONED_SESSIONS_MAXIMUMSTATISTIC_PEM_GY_PROVISIONING_INITIATEDSTATISTIC_PEM_GY_PROVISIONING_INITIATED_MAXIMUMSTATISTIC_PEM_GY_ERROR_MESSAGES_RECEIVEDSTATISTIC_PEM_GY_TERMINATIONS_INITIATEDSTATISTIC_PEM_GY_TERMINATIONS_INITIATED_MAXIMUMSTATISTIC_PEM_GY_SESSIONS_TERMINATEDSTATISTIC_PEM_GY_CCR_SENTSTATISTIC_PEM_GY_CCA_RECEIVEDSTATISTIC_PEM_GY_CCR_INITIALS_SENTSTATISTIC_PEM_GY_CCA_INITIALS_RECEIVEDSTATISTIC_PEM_GY_CCR_UPDATES_SENTSTATISTIC_PEM_GY_CCA_UPDATES_RECEIVEDSTATISTIC_PEM_GY_RAR_RECEIVEDSTATISTIC_PEM_GY_RAA_SENTSTATISTIC_PEM_GY_CCR_TERMINATIONS_SENTSTATISTIC_PEM_GY_CCA_TERMINATIONS_RECEIVEDSTATISTIC_PEM_HSL_SESSION_RECORDSSTATISTIC_PEM_HSL_FLOW_START_RECORDSSTATISTIC_PEM_HSL_FLOW_INTERIM_RECORDSSTATISTIC_PEM_HSL_FLOW_STOP_RECORDSSTATISTIC_PEM_RADIUS_ACCOUNTING_STARTSTATISTIC_PEM_RADIUS_ACCOUNTING_STOPSTATISTIC_PEM_RADIUS_ACCOUNTING_INTERIMSTATISTIC_PEM_RADIUS_ACCOUNTING_RETRANSMISSIONSSTATISTIC_PEM_SUBSCRIBER_CONCURRENT_SUBSCRIBERSSTATISTIC_PEM_SUBSCRIBER_CONCURRENT_SUBSCRIBERS_MAXIMUMSTATISTIC_PEM_SUBSCRIBER_TOTAL_SUBSCRIBERSSTATISTIC_PEM_SUBSCRIBER_SUBSCRIBER_LIMIT_EXCEEDEDSTATISTIC_PEM_SUBSCRIBER_NO_RADIUS_INFOSTATISTIC_PEM_SUBSCRIBER_NO_RADIUS_INFO_MAXIMUMSTATISTIC_PEM_SUBSCRIBER_PROVISIONING_PENDINGSTATISTIC_PEM_SUBSCRIBER_PROVISIONING_PENDING_MAXIMUMSTATISTIC_PEM_SUBSCRIBER_NOT_PROVISIONEDSTATISTIC_PEM_SUBSCRIBER_NOT_PROVISIONED_MAXIMUMSTATISTIC_PEM_SUBSCRIBER_FAILED_PROVISIONING_ATTEMPTSSTATISTIC_PEM_SUBSCRIBER_UNKNOWNSTATISTIC_PEM_SUBSCRIBER_UNKNOWN_MAXIMUMSTATISTIC_PEM_SUBSCRIBER_PROVISIONEDSTATISTIC_PEM_SUBSCRIBER_PROVISIONED_MAXIMUMSTATISTIC_PEM_SUBSCRIBER_INACTIVE_SUBSCRIBERS_REMOVEDSTATISTIC_PEM_SUBSCRIBER_MARKED_FOR_DELETIONSTATISTIC_PEM_SUBSCRIBER_MARKED_FOR_DELETION_MAXIMUMSTATISTIC_SMTPS_CONNECTIONS_ACCEPTEDSTATISTIC_SMTPS_CONNECTIONS_CURRENTSTATISTIC_SMTPS_CONNECTIONS_MAXIMUMSTATISTIC_SMTPS_BLOCKED_COMMANDSSTATISTIC_DNS_EXPRESS_QUERIESSTATISTIC_DNS_EXPRESS_RESPONSESSTATISTIC_DNS_EXPRESS_XFR_MESSAGESSTATISTIC_DNS_EXPRESS_NOTIFIES_RECEIVEDSTATISTIC_DNS_XFR_NOTIFIES_SENTSTATISTIC_DNS_XFR_NOTIFIES_FAILURESSTATISTIC_DNS_AXFR_QUERIESSTATISTIC_DNS_IXFR_QUERIESSTATISTIC_DNS_XFR_QUERIES_ACL_FAILURESSTATISTIC_DNS_TSIG_MISSINGSTATISTIC_DNS_TSIG_NOT_REQUIREDSTATISTIC_DNS_TSIG_VERIFIEDSTATISTIC_DNS_TSIG_BAD_KEYSTATISTIC_DNS_TSIG_BAD_SIGSTATISTIC_DNS_TSIG_BAD_TIMESTATISTIC_DNSSEC_ZONE_NSEC3_RRSTATISTIC_DNSSEC_ZONE_NSEC3_NODATASTATISTIC_DNSSEC_ZONE_NSEC3_NXDOMAINSTATISTIC_DNSSEC_ZONE_NSEC3_REFERRALSTATISTIC_DNSSEC_ZONE_NSEC3_RESALTSTATISTIC_DNSSEC_ZONE_SIGNED_RESPONSESSTATISTIC_DNSSEC_ZONE_DNSKEY_QUERIESSTATISTIC_DNSSEC_ZONE_NSEC3PARAM_QUERIESSTATISTIC_DNSSEC_ZONE_DS_QUERIESSTATISTIC_DNSSEC_ZONE_SIG_CRYPTO_FAILEDSTATISTIC_DNSSEC_ZONE_SIG_SUCCESSSTATISTIC_DNSSEC_ZONE_SIG_FAILEDSTATISTIC_DNSSEC_ZONE_SIG_RRSET_FAILEDSTATISTIC_DNSSEC_ZONE_CONNECT_FLOW_FAILEDSTATISTIC_DNSSEC_ZONE_TO_WIRE_FAILEDSTATISTIC_DNSSEC_ZONE_XFR_STARTEDSTATISTIC_DNSSEC_ZONE_XFR_COMPLETEDSTATISTIC_DNSSEC_ZONE_XFR_MSGSSTATISTIC_DNSSEC_ZONE_XFR_MASTER_MSGSSTATISTIC_DNSSEC_ZONE_XFR_AXFR_QUERIESSTATISTIC_DNSSEC_ZONE_XFR_IXFR_QUERIESSTATISTIC_DNSSEC_ZONE_XFR_RESPONSE_AVERAGE_SIZESTATISTIC_DNSSEC_ZONE_XFR_EXTERNAL_SERIALSTATISTIC_DNSSEC_ZONE_XFR_MASTER_SERIALSTATISTIC_DNS_SERVER_XFR_QUERIESSTATISTIC_DNS_SERVER_XFR_RESPONSESSTATISTIC_DNS_SERVER_XFR_NOTIFIESSTATISTIC_DNS_SERVER_XFR_NOTIFY_FAILURESSTATISTIC_DNS_CACHE_RESOLVER_FORWARD_QUERIESSTATISTIC_DNS_CACHE_RESOLVER_FORWARD_RESPONSESSTATISTIC_HTTP_PASSTHROUGH_IRULESSTATISTIC_HTTP_PASSTHROUGH_CONNECTSSTATISTIC_HTTP_PASSTHROUGH_WEB_SOCKETSSTATISTIC_HTTP_PASSTHROUGH_OVERSIZE_CLIENT_HEADERSSTATISTIC_HTTP_PASSTHROUGH_EXCESS_CLIENT_HEADERSSTATISTIC_HTTP_PASSTHROUGH_OVERSIZE_SERVER_HEADERSSTATISTIC_HTTP_PASSTHROUGH_EXCESS_SERVER_HEADERSSTATISTIC_HTTP_PASSTHROUGH_UNKNOWN_METHODSSTATISTIC_HTTP_PASSTHROUGH_PIPELINESSTATISTIC_SSL_CIPHER_ECDH_RSA_KEY_EXCHANGESTATISTIC_SSL_CIPHER_ECDHE_ECDSA_KEY_EXCHANGESTATISTIC_SSL_CIPHER_ECDH_ECDSA_KEY_EXCHANGESTATISTIC_SSL_CIPHER_DHE_DSS_KEY_EXCHANGESTATISTIC_SSL_CIPHER_AES_GCM_BULKSTATISTIC_FIX_CURRENT_CONNECTIONSSTATISTIC_FIX_NUMBER_OF_MESSAGESSTATISTIC_FIX_TOTAL_SIZESTATISTIC_FIX_NUMBER_OF_MESSAGES_LAST_INTERVALSTATISTIC_SSL_COMMON_FWDP_DESTINATION_IP_BYPASSESSTATISTIC_SSL_COMMON_FWDP_SOURCE_IP_BYPASSESSTATISTIC_SSL_COMMON_FWDP_HOSTNAME_BYPASSESSTATISTIC_LSN_POOL_TOTAL_END_POINTSSTATISTIC_DNS_REQUESTS_GTM_REWRITESSTATISTIC_CLIENTLDAP_CONNECTIONS_ACCEPTEDSTATISTIC_CLIENTLDAP_CONNECTIONS_CURRENTSTATISTIC_CLIENTLDAP_CONNECTIONS_MAXIMUMSTATISTIC_CLIENTLDAP_BLOCKED_COMMANDSSTATISTIC_SERVERLDAP_CONNECTIONS_CONNECTEDSTATISTIC_SERVERLDAP_CONNECTIONS_CURRENTSTATISTIC_SERVERLDAP_CONNECTIONS_MAXIMUMSTATISTIC_SERVERLDAP_CONNECTIONS_FAILEDSTATISTIC_SSL_COMMON_RENEGOTIATIONS_REJECTEDSTATISTIC_FASTL4_LATE_BINDING_SUCCESSFUL_CONNECTIONSSTATISTIC_FASTL4_LATE_BINDING_TIMED_OUT_CONNECTIONSSTATISTIC_SSL_COMMON_OCSP_STAPLING_CONNECTIONSSTATISTIC_SSL_COMMON_OCSP_STAPLING_RESPONSE_STATUS_ERRORSSTATISTIC_SSL_COMMON_OCSP_STAPLING_RESPONSE_VALIDATION_ERRORSSTATISTIC_SSL_COMMON_OCSP_STAPLING_CERTIFICATE_STATUS_ERRORSSTATISTIC_SSL_COMMON_OCSP_STAPLING_OCSP_CONNECTION_HTTP_ERRORSSTATISTIC_SSL_COMMON_OCSP_STAPLING_OCSP_CONNECTION_TIMEOUTSSTATISTIC_SSL_COMMON_OCSP_STAPLING_OCSP_CONNECTION_FAILURESSTATISTIC_LSN_POOL_PBA_ACTIVE_PORT_BLOCKSSTATISTIC_LSN_POOL_PBA_ACTIVE_CLIENTS_REACHED_LIMITSTATISTIC_LSN_POOL_PBA_ACTIVE_ZOMBIE_PORT_BLOCKSSTATISTIC_LSN_POOL_PBA_TOTAL_CLIENTS_REACHED_LIMITSTATISTIC_LSN_POOL_PBA_TOTAL_PORT_BLOCK_ALLOCATIONSSTATISTIC_LSN_POOL_PBA_TOTAL_PORT_BLOCK_ALLOCATION_FAILURESSTATISTIC_LSN_POOL_PBA_TOTAL_PORT_BLOCK_DEALLOCATIONSSTATISTIC_LSN_POOL_PBA_TOTAL_ZOMBIE_PORT_BLOCKS_CREATEDSTATISTIC_LSN_POOL_PBA_TOTAL_ZOMBIE_PORT_BLOCKS_DELETEDSTATISTIC_LSN_POOL_PBA_TOTAL_ZOMBIE_PORT_BLOCK_CONNECTIONS_KILLEDSTATISTIC_DNS_RAPID_RESPONSE_QUERIESSTATISTIC_DNS_RAPID_RESPONSE_RESPONSESSTATISTIC_DNS_RAPID_RESPONSE_ALLOWEDSTATISTIC_DNS_RAPID_RESPONSE_DROPSSTATISTIC_DNS_RAPID_RESPONSE_TRUNCATEDSTATISTIC_DNS_RAPID_RESPONSE_NXDOMAINSTATISTIC_DNS_RAPID_RESPONSE_NOERRORSTATISTIC_DNS_RAPID_RESPONSE_REFUSEDSTATISTIC_SIPROUTER_INSTATISTIC_SIPROUTER_IN_RESUBMITTED_FOR_RETRYSTATISTIC_SIPROUTER_OUTSTATISTIC_SIPROUTER_FAILED_AND_NOT_DELIVERABLE_TO_ORIGINATORSTATISTIC_SIPROUTER_ROUTEDSTATISTIC_SIPROUTER_UNROUTABLESTATISTIC_SIPROUTER_DROPPEDSTATISTIC_SIPROUTER_FAILED_DUE_TO_A_FULL_QUEUESTATISTIC_SIPROUTER_FAILED_DUE_TO_CONNECTION_DROPPEDSTATISTIC_SIPROUTER_FAILED_DUE_TO_CONNECTION_CLOSEDSTATISTIC_SIPROUTER_FAILED_DUE_TO_AN_INTERNAL_ERRORSTATISTIC_SIPROUTER_FAILED_DUE_TO_PERSIST_KEY_IN_USESTATISTIC_SIPSESSION_REQUESTSSTATISTIC_SIPSESSION_RESPONSESSTATISTIC_SIPSESSION_BADMSGSSTATISTIC_SIPSESSION_DROPSSTATISTIC_SIPSESSION_INVITESTATISTIC_SIPSESSION_ACKSTATISTIC_SIPSESSION_OPTIONSSTATISTIC_SIPSESSION_BYESTATISTIC_SIPSESSION_CANCELSTATISTIC_SIPSESSION_REGISTER_REQSTATISTIC_SIPSESSION_PUBLISHSTATISTIC_SIPSESSION_NOTIFYSTATISTIC_SIPSESSION_SUBSCRIBESTATISTIC_SIPSESSION_MESSAGESTATISTIC_SIPSESSION_PRACKSTATISTIC_SIPSESSION_OTHERSTATISTIC_SIPSESSION_PROVISIONALSTATISTIC_SIPSESSION_SUCCESSFULSTATISTIC_SIPSESSION_REDIRECTIONSTATISTIC_SIPSESSION_CLIENT_FAILURESSTATISTIC_SIPSESSION_SERVER_FAILURESSTATISTIC_SIPSESSION_GLOBAL_FAILURESSTATISTIC_SIPSESSION_MESSAGE_LIMIT_EXCEEDEDSTATISTIC_SIPSESSION_LOOP_DETECTIONSTATISTIC_SIPSESSION_MAX_FORWARDS_CHECKSTATISTIC_SIPSESSION_BAD_REQUESTSTATISTIC_SIPSESSION_NOT_FOUNDSTATISTIC_SIPSESSION_REQUEST_TIMEOUTSTATISTIC_SIPSESSION_TRANSACTION_DOES_NOT_EXISTSTATISTIC_SIPSESSION_LOOP_DETECTEDSTATISTIC_SIPSESSION_TOO_MANY_HOPSSTATISTIC_SIPSESSION_SERVER_INTERNAL_ERRORSTATISTIC_SIPSESSION_NOT_ACCEPTABLESTATISTIC_SIPSESSION_TEMPORARILY_UNAVAILABLESTATISTIC_SIPSESSION_SERVICE_UNAVAILABLESTATISTIC_SIPSESSION_VERSION_NOT_SUPPORTEDSTATISTIC_SIPSESSION_UNKNOWN_PARSE_ERRORSTATISTIC_SIPSESSION_CONTENT_LENGTH_MISMATCHSTATISTIC_SIPSESSION_EXTRANEOUS_HEADER_FIELDSTATISTIC_SIPSESSION_INVALID_CONTENT_LENGTHSTATISTIC_SIPSESSION_REQ_FIELD_OVERLARGE_VALUESSTATISTIC_SIPSESSION_RESP_FIELD_OVERLARGE_VALUESSTATISTIC_SIPSESSION_UNTERMINATED_QUOTED_STRINGSTATISTIC_SIPSESSION_MALFORMED_REQUEST_URISTATISTIC_SIPSESSION_UNKNOWN_PROTOCOL_VERSIONSTATISTIC_SIPSESSION_CSEQ_METHOD_MISMATCHSTATISTIC_CRYPTO_CLIENT_BYTES_INSTATISTIC_CRYPTO_CLIENT_BYTES_OUTSTATISTIC_CRYPTO_CLIENT_PACKETS_INSTATISTIC_CRYPTO_CLIENT_PACKETS_OUTSTATISTIC_CRYPTO_SERVER_BYTES_INSTATISTIC_CRYPTO_SERVER_BYTES_OUTSTATISTIC_CRYPTO_SERVER_PACKETS_INSTATISTIC_CRYPTO_SERVER_PACKETS_OUTSTATISTIC_EVICTION_POLICY_EVICTEDSTATISTIC_CONNECTION_FLOW_MISSSTATISTIC_SYNCOOKIE_STATS_SYNCOOKIESSTATISTIC_SYNCOOKIE_STATS_ACCEPTSSTATISTIC_SYNCOOKIE_STATS_REJECTSSTATISTIC_SYNCOOKIE_STATS_HW_SYNCOOKIESSTATISTIC_SYNCOOKIE_STATS_HW_ACCEPTSSTATISTIC_SYNCOOKIE_STATS_WL_HITSSTATISTIC_SYNCOOKIE_STATS_WL_ACCEPTSSTATISTIC_SYNCOOKIE_STATS_WL_REJECTSSTATISTIC_FW_RULE_LAST_HIT_TIMESTATISTIC_SCTP_ASSOCIATIONSSTATISTIC_SCTP_CLOSINGSTATISTIC_SCTP_CONFIRMED_ADDRESSESSTATISTIC_SCTP_UNCONFIRMED_ADDRESSESSTATISTIC_SCTP_ACTIVE_PATHSSTATISTIC_SCTP_INACTIVE_PATHSSTATISTIC_CLIENTLDAP_CONNECTIONS_TLSSTATISTIC_SERVERLDAP_CONNECTIONS_TLSSTATISTIC_SSL_COMMON_AGGREGATE_RENEGOTIATIONS_REJECTEDSTATISTIC_FTP_FTPS_SESSIONSSTATISTIC_TFTP_READ_REQUESTSSTATISTIC_TFTP_WRITE_REQUESTSSTATISTIC_FTP_PASSTHRU_TRANSITIONSSTATISTIC_TFTP_DISCARDED_REQUESTSSTATISTIC_DNS_HW_INSPECTEDSTATISTIC_DNS_HW_MALFORMEDSTATISTIC_DNS_HW_CACHE_LOOKUPSSTATISTIC_DNS_HW_CACHE_RESPONSESSTATISTIC_VCMP_RED_PACKETS_INSTATISTIC_SSL_COMMON_SESSION_MIRRORING_SUCCESSSTATISTIC_SSL_COMMON_SESSION_MIRRORING_FAILURESTATISTIC_SSL_COMMON_CONNECTION_MIRRORING_HA_PEER_READYSTATISTIC_SSL_COMMON_CONNECTION_MIRRORING_HA_CTX_SENTSTATISTIC_SSL_COMMON_CONNECTION_MIRRORING_HA_CTX_RECVSTATISTIC_SSL_COMMON_CONNECTION_MIRRORING_HA_HS_SUCCESSSTATISTIC_SSL_COMMON_CONNECTION_MIRRORING_HA_FAILURESTATISTIC_SSL_COMMON_CONNECTION_MIRRORING_HA_TIMEOUTSTATISTIC_SSL_COMMON_DTLS_TX_PUSHBACKSSTATISTIC_SSL_CIPHER_CAMELLIA_BULKSTATISTIC_DNS_NAPTR_REQSSTATISTIC_IP_MULTICAST_TRANSMITTED_PACKETSSTATISTIC_IP_MULTICAST_RECEIVED_PACKETSSTATISTIC_IP_MULTICAST_DROPPED_RPFSTATISTIC_IP_MULTICAST_DROPPED_WRONG_INTERFACESTATISTIC_IP_MULTICAST_DROPPED_NO_ROUTESTATISTIC_IP_MULTICAST_DROPPED_ROUTE_LOOKUP_TIMEOUTSTATISTIC_IP_MULTICAST_DROPPED_MAX_PENDING_PACKETSSTATISTIC_IP_MULTICAST_DROPPED_MAX_PENDING_ROUTESSTATISTIC_IPV6_MULTICAST_TRANSMITTED_PACKETSSTATISTIC_IPV6_MULTICAST_RECEIVED_PACKETSSTATISTIC_IPV6_MULTICAST_DROPPED_RPFSTATISTIC_IPV6_MULTICAST_DROPPED_WRONG_INTERFACESTATISTIC_IPV6_MULTICAST_DROPPED_NO_ROUTESTATISTIC_IPV6_MULTICAST_DROPPED_ROUTE_LOOKUP_TIMEOUTSTATISTIC_IPV6_MULTICAST_DROPPED_MAX_PENDING_PACKETSSTATISTIC_IPV6_MULTICAST_DROPPED_MAX_PENDING_ROUTESSTATISTIC_SSL_COMMON_ACTIVE_HANDSHAKES_REJECTEDSTATISTIC_SSL_COMMON_CURRENT_ACTIVE_HANDSHAKESSTATISTIC_SSL_DYNAMIC_RECORD_1KSTATISTIC_SSL_DYNAMIC_RECORD_2KSTATISTIC_SSL_DYNAMIC_RECORD_3KSTATISTIC_SSL_DYNAMIC_RECORD_4KSTATISTIC_SSL_DYNAMIC_RECORD_5KSTATISTIC_SSL_DYNAMIC_RECORD_6KSTATISTIC_SSL_DYNAMIC_RECORD_7KSTATISTIC_SSL_DYNAMIC_RECORD_8KSTATISTIC_SSL_DYNAMIC_RECORD_9KSTATISTIC_SSL_DYNAMIC_RECORD_10KSTATISTIC_SSL_DYNAMIC_RECORD_11KSTATISTIC_SSL_DYNAMIC_RECORD_12KSTATISTIC_SSL_DYNAMIC_RECORD_13KSTATISTIC_SSL_DYNAMIC_RECORD_14KSTATISTIC_SSL_DYNAMIC_RECORD_15KSTATISTIC_SSL_DYNAMIC_RECORD_16KSTATISTIC_SIPROUTER_STANDBY_DROPPEDSTATISTIC_SIPSESSION_REQUEST_ENTITY_TOO_LARGESTATISTIC_SIPSESSION_REQUEST_ENTITY_TOO_LARGE_413_SENTSTATISTIC_SIPSESSION_UNSUPPORTED_URI_SCHEMESTATISTIC_SIPSESSION_UNSUPPORTED_URI_SCHEME_416_SENTSTATISTIC_SIPSESSION_TEMPORARILY_UNAVAILABLE_480_SENTSTATISTIC_SIPSESSION_LOOP_DETECTED_482_SENTSTATISTIC_SIPSESSION_TOO_MANY_HOPS_483_SENTSTATISTIC_SIPSESSION_ADDRESS_INCOMPLETESTATISTIC_SIPSESSION_ADDRESS_INCOMPLETE_484_SENTSTATISTIC_SIPSESSION_NOT_ACCEPTABLE_HERESTATISTIC_SIPSESSION_NOT_ACCEPTABLE_HERE_488_SENTSTATISTIC_SIPSESSION_SERVER_INTERNAL_ERROR_500_SENTSTATISTIC_SIPSESSION_NOT_IMPLEMENTEDSTATISTIC_SIPSESSION_NOT_IMPLEMENTED_501_SENTSTATISTIC_SIPSESSION_SERVICE_UNAVAILABLE_503_SENTSTATISTIC_SIPSESSION_VERSION_NOT_SUPPORTED_505_SENTSTATISTIC_SIPSESSION_BADMSGS_REQSTATISTIC_SIPSESSION_DROPS_REQSTATISTIC_SIPSESSION_INFOSTATISTIC_SIPSESSION_REFERSTATISTIC_SIPSESSION_UPDATE_REQSTATISTIC_SIPSESSION_BAD_REQUEST_400_SENTSTATISTIC_SIPSESSION_NOT_FOUND_404_SENTSIP_ATTACK_VECTOR_UNKNOWNSIP_ATTACK_VECTOR_INVITESIP_ATTACK_VECTOR_ACKSIP_ATTACK_VECTOR_OPTIONSSIP_ATTACK_VECTOR_BYESIP_ATTACK_VECTOR_CANCELSIP_ATTACK_VECTOR_REGISTERSIP_ATTACK_VECTOR_PUBLISHSIP_ATTACK_VECTOR_NOTIFYSIP_ATTACK_VECTOR_SUBSCRIBESIP_ATTACK_VECTOR_MESSAGESIP_ATTACK_VECTOR_PRACKSIP_ATTACK_VECTOR_OTHERSIP_ATTACK_VECTOR_MALFORMEDDNS_QUERY_UNKNOWNDNS_QUERY_ADNS_QUERY_PTRDNS_QUERY_NSDNS_QUERY_SOADNS_QUERY_CNAMEDNS_QUERY_MXDNS_QUERY_AAAADNS_QUERY_TXTDNS_QUERY_SRVDNS_QUERY_AXFRDNS_QUERY_IXFRDNS_QUERY_ANYDNS_QUERY_OTHER
Gets a list of all DoS profiles.
Creates the specified DoS profiles.
Deletes the specified DoS profiles.
Deletes all DoS profiles.
Determines whether the specified DoS profiles are system profiles.
A system profile is a profile pre-configured on the system, ready
for use. Non-system profiles are profiles created or modified by a
user. Note that if a system profile is modified, it is no longer
considered a system profile.
Sets the description for a set of DoS profiles.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for a set of DoS profiles.
Gets a list of Application Security sub-profiles for a list of given profiles.
Adds a list of Application Security sub-profiles to given profiles.
Note: Only one Application Security sub-profile can exist per profile.
Removes specific Application Security sub-profiles from the specified profiles.
Removes all Application Security sub-profiles from the specified profiles.
Gets the Protocol DNS Security sub-profile for a list of given profiles.
A Protocol DNS Security sub-profile allows you to add DNS Query Vectors to a
DoS Profile for attack detection purposes. It also allows dropping
of Malformed and Malicious DNS packets (and the thresholds for
these drops).
Note: Only one Protocol DNS Security sub-profile can exist per profile.
Adds specific Protocol DNS Security sub-profiles to the specified profiles.
Note: Only one Protocol DNS Security sub-profile can exist per profile.
Removes specific Protocol DNS Security sub-profiles from the specified profiles.
Removes all Protocol DNS Security sub-profiles from the specified profiles.
Sets the trigger DoS iRule event state in Application Security.
Trigger DoS iRule event specifies, when enabled, that the system activates an Application DoS iRule event.
The default is disabled.
Enable it if you have written iRules that process this event, and assigned them to a specific virtual server.
Gets the trigger DoS iRule event state in Application Security.
Sets the operation mode of the specified anomaly.
The available operation modes are mentioned under the OperationMode enumeration.
Gets the operation mode of the specified anomaly.
Sets the Source IP-based client side integrity defense state in the specified anomaly.
Prevention policy consisting of six methods specifies how the system handles an attack.
The system begins with the first method that you enabled in this list.
If the system finds this method not effective enough to stop the attack,
it uses the next method that you enabled in this list.
- Source IP-based client side integrity defense: Specifies, when enabled,
that the system determines whether the client is a legal browser or an illegal script
by sending a JavaScript challenge to each suspicious IP address and waiting for a response.
(Legal browsers are able to respond, while illegal scripts cannot.) The default is disabled.
- URL-based client side integrity defense
- Site-wide client side integrity defense
- Source IP-based rate limiting
- URL-based rate limiting
- Site-wide rate limiting
Gets the Source IP-based client side integrity defense state in the specified anomaly.
Sets the URL-based client side integrity defense state in the specified anomaly.
Please see set_source_ip_based_client_side_integrity_defense_state for more information about prevention policy.
- URL-based client side integrity defense: Specifies, when enabled,
that the system determines whether the client is a legal browser or an illegal script
by sending a JavaScript challenge to each suspicious URL and waiting for a response.
(Legal browsers are able to respond, while illegal scripts cannot.) The default is disabled.
Gets the URL-based client side integrity defense state in the specified anomaly.
Sets the Site-wide client side integrity defense state in the specified anomaly.
Please see set_source_ip_based_client_side_integrity_defense_state for more information about prevention policy.
- Site-wide client side integrity defense: Specifies, when enabled,
that the system determines whether the client is a legal browser or an illegal script
by sending a JavaScript challenge to each suspicious site and waiting for a response.
(Legal browsers are able to respond, while illegal scripts cannot.) The default is disabled.
Gets the Site-wide client side integrity defense state in the specified anomaly.
Sets the Source IP-based rate limiting state in the specified anomaly.
Please see set_source_ip_based_client_side_integrity_defense_state for more information about prevention policy.
- Source IP-based rate limiting: Specifies, when enabled,
that the system drops transactions from suspicious IP addresses.
The system allows requests from that IP address when its request rate per second
is less than the legitimate history interval (before the attack started),
or less than the threshold you configure in the maximum TPS. The default is enabled.
Gets the Source IP-based rate limiting state in the specified anomaly.
Sets the URL-based rate limiting state in the specified anomaly.
Please see set_source_ip_based_client_side_integrity_defense_state for more information about prevention policy.
- URL-based rate limiting: Specifies, when enabled,
that the system drops transactions for suspicious URLs,
regardless of whether the IP address is suspicious or not.
The system allows requests for that URL when the request rate per second
is less than the legitimate history interval (before the attack started),
or less than the threshold you configure in the maximum TPS. The default is enabled.
Gets the URL-based rate limiting state in the specified anomaly.
Sets the Site-wide rate limiting state in the specified anomaly.
Please see set_source_ip_based_client_side_integrity_defense_state for more information about prevention policy.
- Site-wide rate limiting: Specifies, when enabled,
that the system drops transactions for suspicious sites,
regardless of whether the IP address is suspicious or not.
The system allows requests for that site when the request rate per second
is less than the legitimate history interval (before the attack started),
or less than the threshold you configure in the maximum TPS. The default is enabled.
Gets the Site-wide rate limiting state in the specified anomaly.
Sets the TPS increase rate value in IP detection criteria (or suspicious IP criteria) of the specified anomaly.
IP detection criteria setting is only available in TPS-based anomaly.
It specifies that if at least one of the following criteria is met, the system treats the IP address as an attacker.
If these numbers are reached, the system prevents further attacks by limiting the number of requests per second to the history interval.
The system does not return the blocking response page.
Suspicious IP criteria setting is only available in Latency-based anomaly.
It specifies that if at least one of the following criteria is met, the system treats the IP address as suspicious (suspects the IP address to be an attacker).
If an attack was detected according to the detection criteria, IP rate limiting will be done on the suspicious IP addresses.
The system prevents the attack by limiting the number of requests per second to the history interval.
The system does not return the blocking response page.
- TPS increase rate: Specifies that the system considers an IP address to be an attacker (or treats as suspicious)
if the ratio between the transaction rate detection interval and the transaction rate history interval,
for one IP address, is greater than this number. The default setting is 500 percent.
- Maximum TPS
- Minimum TPS
Gets the TPS increase rate value in IP detection criteria (or suspicious IP criteria) of the specified anomaly.
Sets the maximum TPS value in IP detection criteria (or suspicious IP criteria) of the specified anomaly.
Please see set_ip_tps_increase_rate for more information about IP detection criteria and suspicious IP criteria.
- Maximum TPS: Specifies that the system considers an IP address to be an attacker (or treats as suspicious)
if the number of requests sent, per second, from an IP address is equal to or greater than this number.
The default setting is 200 requests per second.
Gets the maximum TPS value in IP detection criteria (or suspicious IP criteria) of the specified anomaly.
Sets the minimum TPS value in IP detection criteria (or suspicious IP criteria) of the specified anomaly.
Please see set_ip_tps_increase_rate for more information about IP detection criteria and suspicious IP criteria.
- Minimum TPS: Specifies that the system considers an IP address to be an attacker (or treats as suspicious)
if the detected TPS for a specific IP address equals, or is greater than, this number,
and the TPS increase rate was reached. If the detected TPS is lower than this number,
the system does not consider this IP address to be an attacker (or suspicious) even if
the TPS increase rate was reached. The default setting is 40 transactions per second.
Gets the minimum TPS value in IP detection criteria (or suspicious IP criteria) of the specified anomaly.
Sets the TPS increase rate value in URL detection criteria (or suspicious URL criteria) of the specified anomaly.
URL detection criteria setting is only available in TPS-based anomaly.
It specifies that if at least one of the following criteria is met, the system treats a URL to be under attack.
If these numbers are reached, the system prevents further attacks by limiting the number of requests per second to the history interval.
The system does not return the blocking response page.
Suspicious URL criteria setting is only available in Latency-based anomaly.
It specifies that if at least one of the following criteria is met, the system treats the URL as suspicious (suspects the URL to be attacked).
If an attack was detected according to the detection criteria, URL rate limiting will be done on the suspicious URLs.
The system prevents the attack by limiting the number of requests per second to the history interval.
The system does not return the blocking response page.
- TPS increase rate: Specifies that the system considers a URL to be under attack (or treats as suspicious)
if the ratio between the transaction rate detection interval and the transaction rate history interval,
for one URL, is greater than this number. The default setting is 500 percent.
- Maximum TPS
- Minimum TPS
Gets the TPS increase rate value in URL detection criteria (or suspicious URL criteria) of the specified anomaly.
Sets the maximum TPS value in URL detection criteria (or suspicious URL criteria) of the specified anomaly.
Please see set_url_tps_increase_rate for more information about URL detection criteria and suspicious URL criteria.
- Maximum TPS: Specifies that the system considers a URL to be under attack (or treats as suspicious)
if the number of requests sent, per second, for the URL is equal to or greater than this number.
The default setting is 1000 requests per second.
Gets the maximum TPS value in URL detection criteria (or suspicious URL criteria) of the specified anomaly.
Sets the minimum TPS value in URL detection criteria (or suspicious URL criteria) of the specified anomaly.
Please see set_url_tps_increase_rate for more information about URL detection criteria and suspicious URL criteria.
- Minimum TPS: Specifies that the system considers a URL to be under attack (or treats as suspicious)
if the detected TPS for a specific URL equals, or is greater than, this number,
and the TPS increase rate was reached. If the detected TPS is lower than this number,
the system does not consider this URL to be under attack (or suspicious) even if
the TPS increase rate was reached. The default setting is 200 transactions per second.
Gets the minimum TPS value in URL detection criteria (or suspicious URL criteria) of the specified anomaly.
Sets the TPS increase rate value in Site-wide detection criteria (or suspicious Site-wide criteria) of the specified anomaly.
Site-wide detection criteria setting is only available in TPS-based anomaly.
It specifies that if at least one of the following criteria is met, the system treats the whole site to be under attack.
If these numbers are reached, the system prevents further attacks by limiting the number of requests per second to the history interval.
The system does not return the blocking response page.
Suspicious Site-wide criteria setting is only available in Latency-based anomaly.
It specifies that if at least one of the following criteria is met, the system treats a site as suspicious (suspects the whole site to be attacked).
If an attack was detected according to the detection criteria, Site-wide rate limiting will be done on the suspicious sites.
The system prevents the attack by limiting the number of requests per second to the history interval.
The system does not return the blocking response page.
- TPS increase rate: Specifies that the system considers a whole site to be under attack (or treats as suspicious)
if the ratio between the transaction rate detection interval and the transaction rate history interval,
for one site, is greater than this number. The default setting is 500 percent.
- Maximum TPS
- Minimum TPS
Gets the TPS increase rate value in Site-wide detection criteria (or suspicious Site-wide criteria) of the specified anomaly.
Sets the maximum TPS value in Site-wide detection criteria (or suspicious Site-wide criteria) of the specified anomaly.
Please see set_site_wide_tps_increase_rate for more information about Site-wide detection criteria and suspicious Site-wide criteria.
- Maximum TPS: Specifies that the system considers a whole site to be under attack (or treats as suspicious)
if the number of requests sent, per second, for the site is equal to or greater than this number.
The default setting is 10000 requests per second.
Gets the maximum TPS value in Site-wide detection criteria (or suspicious Site-wide criteria) of the specified anomaly.
Sets the minimum TPS value in Site-wide detection criteria (or suspicious Site-wide criteria) of the specified anomaly.
Please see set_site_wide_tps_increase_rate for more information about Site-wide detection criteria and suspicious Site-wide criteria.
- Minimum TPS: Specifies that the system considers a whole site to be under attack (or treats as suspicious)
if the detected TPS for a specific site equals, or is greater than, this number,
and the TPS increase rate was reached. If the detected TPS is lower than this number,
the system does not consider this whole site to be under attack (or suspicious) even if
the TPS increase rate was reached. The default setting is 2000 transactions per second.
Gets the minimum TPS value in Site-wide detection criteria (or suspicious Site-wide criteria) of the specified anomaly.
Sets the escalation period (in seconds) in the specified anomaly.
Escalation period specifies for how long the system spends in each step until deciding to move to the next step
when preventing attacks against an attacker IP address or an attacked URL.
The system prevents attacks by rejecting requests either from the attacking IP address, or for the attacked URL.
After the system detects and stops a DoS attack, it performs attack prevention for the amount of time configured here
in every method that you enabled in prevention policy (see set_source_ip_based_client_side_integrity_defense_state)
even if the system detects that the attack continues. The default setting is 120 seconds.
Gets the escalation period (in seconds) in the specified anomaly.
Sets the de-escalation period (in seconds) in the specified anomaly.
De-escalation period specifies for how long the system spends in the final escalation step until retrying the steps from the top
when preventing attacks against an attacker IP address or an attacked URL. Zero value specifies that no de-escalation occurs.
Please see set_escalation_period for more information about escalation. The default setting is 7200 seconds.
Gets the de-escalation period (in seconds) in the specified anomaly.
This method has been deprecated. Please use set_escalation_period / set_deescalation_period instead.
Sets the maximum prevention duration (in seconds) in the specified anomaly.
Prevention duration specifies for how long the system prevents attacks against an attacker IP address or an attacked URL.
The system prevents attacks by rejecting requests either from the attacking IP address, or for the attacked URL.
- Unlimited (zero value): Specifies that after the system detects and stops a DoS attack,
it performs attack prevention until it detects the end of the attack. This is the default.
- Number of seconds (positive value): Specifies that after the system detects and stops a DoS attack,
it performs attack prevention either for the amount of time configured here even if the system detects
that the attack continues, or until the system detects the end of the attack, whichever is earlier.
This method has been deprecated. Please use get_escalation_period / get_deescalation_period instead.
Gets the maximum prevention duration (in seconds) in the specified anomaly.
Sets the latency increase rate value in detection criteria of Latency-based anomaly.
Detection criteria setting is only available in Latency-based anomaly.
It specifies the criteria under which the system considers traffic to be an attack.
First, the minimum latency must be reached, and then either the latency increase rate or the maximum latency must be reached.
- Latency increase rate: Specifies that the system considers traffic to be an attack if
the ratio of the latency detection interval to the latency history interval,
for one URL, is greater than this number. The default setting is 500 percent.
- Maximum latency
- Minimum latency
Gets the latency increase rate value in detection criteria of Latency-based anomaly.
Sets the maximum latency value in detection criteria of Latency-based anomaly.
Please see set_latency_increase_rate for more information about detection criteria.
- Maximum latency: Specifies that the system considers traffic to be an attack if
the latency detection interval for a specific URL is greater than this number.
The default setting is 10000 milliseconds.
Gets the maximum latency value in detection criteria of Latency-based anomaly.
Sets the minimum latency value in detection criteria of Latency-based anomaly.
Please see set_latency_increase_rate for more information about detection criteria.
- Minimum latency: Specifies that the system considers traffic to be an attack if
the detection interval for a specific URL equals, or is greater than, this number,
and at least one of the latency increase rate or maximum latency was reached.
If the detection interval is lower than this number, the system does not consider
this traffic to be an attack even if one of the latency increase rate or maximum latency was reached.
The default setting is 200 milliseconds.
Gets the minimum latency value in detection criteria of Latency-based anomaly.
Sets the heavy URL protection state in Application Security.
Heavy URLs are those ones that may consume considerable server resources per request,
thus it takes only low rate requests to those URLs in order to cause DoS attacks.
Attacks will continue to be detected using the TPS-based and Latency-based anomalies.
Heavy URL protection specifies, when enabled, that whenever an attack is detected,
the system protects the heavy URLs using the URL-based methods that you enabled in prevention policy
(see set_source_ip_based_client_side_integrity_defense_state). If no such prevention method is enabled,
attacks will be only reported. The default is enabled.
Gets the heavy URL protection state in Application Security.
Sets the automatic heavy URL detection state in Application Security.
Automatic heavy URL detection specifies, when enabled, that the system automatically detects heavy URLs,
in addition to the manually configured ones (see set_heavy_url_includes and set_heavy_url_excludes).
For the sake of detecting heavy URLs, the system measures the latency tail weight, defined as
the ratio of transactions that have latency beyond the latency threshold (see set_heavy_url_latency_threshold)
out of all the transactions. A URL is considered heavy if the tail is considerably above the global average
in the long run. In order to enable this setting, you must first enable heavy URL protection.
The default is enabled.
Gets the automatic heavy URL detection state in Application Security.
Gets the included heavy URLs in Application Security.
Adds a list of URLs to the manually-configured (included) heavy URLs in Application Security.
Included heavy URLs specify URLs that are expected to be heavy from a-priori knowledge
even if they are not automatically detected as heavy.
Replaces the existing included heavy URLs with new ones in Application Security.
Removes specific URLs from the included heavy URLs in Application Security.
Gets the excluded heavy URLs in Application Security.
Adds a list of URLs to the ignored (excluded) heavy URLs in Application Security.
Excluded heavy URLs specify URLs that are not considered heavy even if automatically detected.
The exclude list can contain prefix wildcards.
Replaces the existing excluded heavy URLs with new ones in Application Security.
Removes specific URLs from the excluded heavy URLs in Application Security.
Sets latency threshold for automatic heavy URL detection (in milliseconds) in Application Security.
Please see set_heavy_url_automatic_detection_state for more information about automatic heavy URL detection.
You must enable automatic heavy URL detection in order to configure the latency threshold.
You can increase or decrease this number to improve accuracy of the automatically detected heavy URLs,
if too many or too few URLs are found by the system to be heavy. The default setting is 1000 milliseconds.
Gets the latency threshold for automatic heavy URL detection (in milliseconds) in Application Security.
Sets the TCP dump record traffic state in Application Security.
Specifies when enabled that the system records traffic (performs a TCP dump)
when a DoS attack is underway. The system records traffic during DoS attacks
on the virtual server in which the attack was detected. The TCP dump files can be collected
into the QuickView file so that F5 support can use it for solving customer cases.
The files are located in the system in the following file path: /shared/dosl7/tcpdumps,
and have a pcap extension.
The default is disabled.
Gets the TCP dump record traffic state in Application Security.
Sets the TCP dump maximum duration (in seconds) in Application Security.
The maximum time for one dump cycle. Legal values are between 1 and 300.
Please see set_tcp_dump_record_traffic_state for more information about recording the traffic/TCP dump.
The default setting is 30 seconds.
Gets the TCP dump maximum duration (in seconds) in Application Security.
Sets the TCP dump maximum size (in megabytes) in Application Security.
The maximum size for a dump cycle. Legal values are between 1 and 50.
Please see set_tcp_dump_record_traffic_state for more information about recording the traffic/TCP dump.
The default setting is 10 megabytes.
Gets the TCP dump maximum size (in megabytes) in Application Security.
Sets the TCP dump repetition interval (in seconds) in Application Security.
Specifies whether the system performs one dump for each DoS attack, or multiple dumps.
When value is 0: Specifies that the system performs one dump for each DoS attack.
When value is greater than 0: Specifies that the system performs multiple dumps for each DoS attack,
and how long the system waits after finishing a dump cycle before starting a new cycle.
Legal values are between 0 and 2600 seconds.
Please see set_tcp_dump_record_traffic_state for more information about recording the traffic/TCP dump.
The default setting is 120 seconds.
Gets the TCP dump repetition interval (in seconds) in Application Security.
Gets the entire IP address whitelist of DoS profile Application Security.
Adds a list of IP addresses with subnet masks to the whitelist of DoS profile Application Security.
IP address whitelist specifies IP addresses, including subnet masks, that the system considers
legitimate and does not examine when performing DoS prevention.
Removes specific IP addresses with subnet masks from the whitelist of DoS profile Application Security.
Removes the entire IP address whitelist of DoS profile Application Security.
Gets the Protocol SIP Security sub-profile for a list of given profiles.
Adds a list of Protocol SIP Security sub-profiles to given profiles.
Note: Only one Protocol SIP Security sub-profile can exist per profile.
Removes specific Protocol SIP Security sub-profiles from the specified profiles.
Removes all Protocol SIP Security sub-profiles from the specified profiles.
Gets all SIP Attack Vectors that are enabled for the specified Protocol SIP Security sub-profiles.
Adds SIP Attack Vectors to the specified Protocol SIP Security sub-profiles.
A SIP Attack Vector allows the user to enable DoS attack detection on a specific attack vector and
also lets the user configure attack sensitivity (rate increase & threshold).
Removes SIP Attack Vectors from the specified Protocol SIP Security sub-profiles.
Removes all SIP Attack Vectors from the specified Protocol SIP Security sub-profiles.
Sets the rate increase percentage for the specified SIP Attack Vectors. When the rate increases
above this percentage then BIG-IP will detect the specified SIP Attack Vectors.
Note: This value cannot be set below 100.
Gets the rate increase percentage for the specified SIP Attack Vectors.
Sets the rate threshold for the specified SIP Attack Vectors. When the rate increases above this threshold
then BIG-IP will detect the specified SIP Attack Vectors.
Gets the rate threshold for the specified SIP Attack Vectors.
Sets the rate increase for SIP protocol errors DoS attack vector. When the rate increases above this percentage
then BIG-IP will detect a protocol errors SIP DoS attack.
Gets the rate increase for SIP protocol errors DoS attack vector.
Sets the rate threshold for SIP protocol errors DoS attack vector. When the rate increases above this threshold
then BIG-IP will detect a protocol errors SIP DoS attack.
Gets the rate threshold for SIP protocol errors DoS attack vector.
Sets the Protocol SIP Error Attack Detection state in Protocol SIP Security. This allows
the user to configure BIG-IP to detect SIP protocol errors DoS attacks.
Gets the SIP Protocol Error Attack Detection state in Protocol SIP Security.
Resets the statistics for the specified SIP Attack Vectors.
Gets the statistics for all SIP Attack Vectors (of the specified Protocol SIP Security sub-profiles).
Gets the statistics for the specified SIP Attack Vectors.
Gets all the DNS Query Vectors for a set of Protocol DNS Security sub-profiles.
Adds DNS Query Vectors to the specified Protocol DNS Security sub-profiles.
Removes DNS Query Vectors from the specified Protocol DNS Security sub-profiles.
Removes all DNS Query Vectors from the specified Protocol DNS Security sub-profiles.
Sets the rate increase percentage for the specified DNS Query Vectors.
The system calculates the rate increase percentage for a given
vector by comparing the 1 minute average to the 1 hour average, and
compares the result to the percentage set. If the set percentage is
less than or equal to the calculated value, a DoS attack is registered.
Note that this value cannot be set below 100.
The attack ends when this condition is no longer true.
Gets the rate increase percentage for the specified DNS Query Vectors.
Sets the query vectors rate threshold for the specified DNS Query Vectors.
This is the absolute number of packets per second before registering a DoS attack.
Gets the query vector rate threshold for the specified DNS Query Vectors.
Sets the DNS Protocol error attack rate increase for the specified Protocol DNS Security sub-profiles.
This is the rate increase (as a percentage) of traffic for Malformed and Malicious
DNS packets to register a DoS attack. This number is calculated by comparing the 1
minute average to the 1 hour average.
Gets the DNS Protocol error attack rate increase for the specified Protocol DNS Security sub-profiles.
Sets the Protocol DNS Error Attack Detection state for the specified Protocol DNS Security sub-profiles.
This Determines whether or not to include Malformed and Malicious DNS packets
in DoS attack detection.
Gets the DNS Protocol Error Attack Detection state for the specified Protocol DNS Security sub-profiles.
Resets the statistics for the specified DNS Query Vectors.
Gets the statistics for all DNS Query Vectors for the specified Protocol DNS Security sub-profiles.
Gets the statistics for the specified DNS Query Vectors.
Gets the DoS Network sub-profiles for the specified DoS profiles.
With this sub-profile, the Layer 4 attacks are detected and
actions are taken to drop the packets over the limit in one
second.
Adds a list of DoS Network sub-profiles for the specified DoS
profiles. Note: Only one Security DoS Network sub-profile can
exist per profile.
Removes a list of DoS Network sub-profiles from the specified
DoS profiles.
Removes all DoS Network sub-profiles from the specified DoS
profiles.
Gets the Network Attack Vectors for the specified DoS Network
sub-profiles.
A Network Attack Vector allows the user to enable DoS attack
detection on a specific attack vector and also lets the user
configure attack sensitivity (rate limit & threshold).
Adds a list of Network Attack Vectors for the specified DoS
Network sub-profiles.
Removes a list of Network Attack Vectors from the specified DoS
Network sub-profiles.
Removes all Network Attack Vectors from the specified DoS
Network sub-profiles.
Sets the Rate Limits for the specified Network Attack Vectors.
When the incoming packet number per second for the specified
Network Attack Vectors is over this limit then the system will
drop all the over limit packets in this second. The limit number
of incoming packets will be allowed again in the next second.
Gets the Rate Limits for the specified Network Attack Vectors.
Sets the Rate Thresholds for the specified Network Attack
Vectors.
When the incoming packet number per second for the specified
Network Attack Vectors goes above this threshold then the system
will detect this kind of Layer 4 attack and take the action to
log.
Gets the Rate Thresholds for the specified Network Attack
Vectors.
Resets the statistics for the specified Network Attack Vectors.
Gets the statistics for all Network Attack Vectors of the
specified DoS Network sub-profiles.
Gets the statistics for the specified Network Attack Vectors.
Sets the auto blacklisting state for the specified Network Attack Vectors.
If auto blacklisting is enabled, offending IPs will be automatically
blocked for the specified blacklist duration. See
set_network_attack_vector_blacklist_duration for more details.
Gets the auto blacklisting state for the specified Network Attack Vectors.
Sets the blacklist detection value (seconds) for the specified Network Attack Vectors.
The blacklist detection value is the time that a given IP must be offending before
being added to the blacklist.
Gets the blacklist detection value for the specified Network Attack Vectors.
Sets the blacklist duration (seconds) for the specified Network Attack Vectors.
The blacklist duration is the time that an offending IP will remain in the blacklist.
Gets the blacklist duration for the specified Network Attack Vectors.
Sets the blacklist categories for the specified Network Attack Vectors.
The blacklist categories which blacklisted IPs should be added to.
Gets the blacklist category for the specified Network Attack Vectors.
Gets the version information for this interface.
Gets a list of all DoS profiles.
Creates the specified DoS profiles.
Deletes the specified DoS profiles.
Deletes all DoS profiles.
Determines whether the specified DoS profiles are system profiles.
A system profile is a profile pre-configured on the system, ready
for use. Non-system profiles are profiles created or modified by a
user. Note that if a system profile is modified, it is no longer
considered a system profile.
Sets the description for a set of DoS profiles.
This is an arbitrary field which can be used for any purpose.
Gets the descriptions for a set of DoS profiles.
Gets a list of Application Security sub-profiles for a list of given profiles.
Adds a list of Application Security sub-profiles to given profiles.
Note: Only one Application Security sub-profile can exist per profile.
Removes specific Application Security sub-profiles from the specified profiles.
Removes all Application Security sub-profiles from the specified profiles.
Gets the Protocol DNS Security sub-profile for a list of given profiles.
A Protocol DNS Security sub-profile allows you to add DNS Query Vectors to a
DoS Profile for attack detection purposes. It also allows dropping
of Malformed and Malicious DNS packets (and the thresholds for
these drops).
Note: Only one Protocol DNS Security sub-profile can exist per profile.
Adds specific Protocol DNS Security sub-profiles to the specified profiles.
Note: Only one Protocol DNS Security sub-profile can exist per profile.
Removes specific Protocol DNS Security sub-profiles from the specified profiles.
Removes all Protocol DNS Security sub-profiles from the specified profiles.
Sets the trigger DoS iRule event state in Application Security.
Trigger DoS iRule event specifies, when enabled, that the system activates an Application DoS iRule event.
The default is disabled.
Enable it if you have written iRules that process this event, and assigned them to a specific virtual server.
Gets the trigger DoS iRule event state in Application Security.
Sets the operation mode of the specified anomaly.
The available operation modes are mentioned under the OperationMode enumeration.
Gets the operation mode of the specified anomaly.
Sets the Source IP-based client side integrity defense state in the specified anomaly.
Prevention policy consisting of six methods specifies how the system handles an attack.
The system begins with the first method that you enabled in this list.
If the system finds this method not effective enough to stop the attack,
it uses the next method that you enabled in this list.
- Source IP-based client side integrity defense: Specifies, when enabled,
that the system determines whether the client is a legal browser or an illegal script
by sending a JavaScript challenge to each suspicious IP address and waiting for a response.
(Legal browsers are able to respond, while illegal scripts cannot.) The default is disabled.
- URL-based client side integrity defense
- Site-wide client side integrity defense
- Source IP-based rate limiting
- URL-based rate limiting
- Site-wide rate limiting
Gets the Source IP-based client side integrity defense state in the specified anomaly.
Sets the URL-based client side integrity defense state in the specified anomaly.
Please see set_source_ip_based_client_side_integrity_defense_state for more information about prevention policy.
- URL-based client side integrity defense: Specifies, when enabled,
that the system determines whether the client is a legal browser or an illegal script
by sending a JavaScript challenge to each suspicious URL and waiting for a response.
(Legal browsers are able to respond, while illegal scripts cannot.) The default is disabled.
Gets the URL-based client side integrity defense state in the specified anomaly.
Sets the Site-wide client side integrity defense state in the specified anomaly.
Please see set_source_ip_based_client_side_integrity_defense_state for more information about prevention policy.
- Site-wide client side integrity defense: Specifies, when enabled,
that the system determines whether the client is a legal browser or an illegal script
by sending a JavaScript challenge to each suspicious site and waiting for a response.
(Legal browsers are able to respond, while illegal scripts cannot.) The default is disabled.
Gets the Site-wide client side integrity defense state in the specified anomaly.
Sets the Source IP-based rate limiting state in the specified anomaly.
Please see set_source_ip_based_client_side_integrity_defense_state for more information about prevention policy.
- Source IP-based rate limiting: Specifies, when enabled,
that the system drops transactions from suspicious IP addresses.
The system allows requests from that IP address when its request rate per second
is less than the legitimate history interval (before the attack started),
or less than the threshold you configure in the maximum TPS. The default is enabled.
Gets the Source IP-based rate limiting state in the specified anomaly.
Sets the URL-based rate limiting state in the specified anomaly.
Please see set_source_ip_based_client_side_integrity_defense_state for more information about prevention policy.
- URL-based rate limiting: Specifies, when enabled,
that the system drops transactions for suspicious URLs,
regardless of whether the IP address is suspicious or not.
The system allows requests for that URL when the request rate per second
is less than the legitimate history interval (before the attack started),
or less than the threshold you configure in the maximum TPS. The default is enabled.
Gets the URL-based rate limiting state in the specified anomaly.
Sets the Site-wide rate limiting state in the specified anomaly.
Please see set_source_ip_based_client_side_integrity_defense_state for more information about prevention policy.
- Site-wide rate limiting: Specifies, when enabled,
that the system drops transactions for suspicious sites,
regardless of whether the IP address is suspicious or not.
The system allows requests for that site when the request rate per second
is less than the legitimate history interval (before the attack started),
or less than the threshold you configure in the maximum TPS. The default is enabled.
Gets the Site-wide rate limiting state in the specified anomaly.
Sets the TPS increase rate value in IP detection criteria (or suspicious IP criteria) of the specified anomaly.
IP detection criteria setting is only available in TPS-based anomaly.
It specifies that if at least one of the following criteria is met, the system treats the IP address as an attacker.
If these numbers are reached, the system prevents further attacks by limiting the number of requests per second to the history interval.
The system does not return the blocking response page.
Suspicious IP criteria setting is only available in Latency-based anomaly.
It specifies that if at least one of the following criteria is met, the system treats the IP address as suspicious (suspects the IP address to be an attacker).
If an attack was detected according to the detection criteria, IP rate limiting will be done on the suspicious IP addresses.
The system prevents the attack by limiting the number of requests per second to the history interval.
The system does not return the blocking response page.
- TPS increase rate: Specifies that the system considers an IP address to be an attacker (or treats as suspicious)
if the ratio between the transaction rate detection interval and the transaction rate history interval,
for one IP address, is greater than this number. The default setting is 500 percent.
- Maximum TPS
- Minimum TPS
Gets the TPS increase rate value in IP detection criteria (or suspicious IP criteria) of the specified anomaly.
Sets the maximum TPS value in IP detection criteria (or suspicious IP criteria) of the specified anomaly.
Please see set_ip_tps_increase_rate for more information about IP detection criteria and suspicious IP criteria.
- Maximum TPS: Specifies that the system considers an IP address to be an attacker (or treats as suspicious)
if the number of requests sent, per second, from an IP address is equal to or greater than this number.
The default setting is 200 requests per second.
Gets the maximum TPS value in IP detection criteria (or suspicious IP criteria) of the specified anomaly.
Sets the minimum TPS value in IP detection criteria (or suspicious IP criteria) of the specified anomaly.
Please see set_ip_tps_increase_rate for more information about IP detection criteria and suspicious IP criteria.
- Minimum TPS: Specifies that the system considers an IP address to be an attacker (or treats as suspicious)
if the detected TPS for a specific IP address equals, or is greater than, this number,
and the TPS increase rate was reached. If the detected TPS is lower than this number,
the system does not consider this IP address to be an attacker (or suspicious) even if
the TPS increase rate was reached. The default setting is 40 transactions per second.
Gets the minimum TPS value in IP detection criteria (or suspicious IP criteria) of the specified anomaly.
Sets the TPS increase rate value in URL detection criteria (or suspicious URL criteria) of the specified anomaly.
URL detection criteria setting is only available in TPS-based anomaly.
It specifies that if at least one of the following criteria is met, the system treats a URL to be under attack.
If these numbers are reached, the system prevents further attacks by limiting the number of requests per second to the history interval.
The system does not return the blocking response page.
Suspicious URL criteria setting is only available in Latency-based anomaly.
It specifies that if at least one of the following criteria is met, the system treats the URL as suspicious (suspects the URL to be attacked).
If an attack was detected according to the detection criteria, URL rate limiting will be done on the suspicious URLs.
The system prevents the attack by limiting the number of requests per second to the history interval.
The system does not return the blocking response page.
- TPS increase rate: Specifies that the system considers a URL to be under attack (or treats as suspicious)
if the ratio between the transaction rate detection interval and the transaction rate history interval,
for one URL, is greater than this number. The default setting is 500 percent.
- Maximum TPS
- Minimum TPS
Gets the TPS increase rate value in URL detection criteria (or suspicious URL criteria) of the specified anomaly.
Sets the maximum TPS value in URL detection criteria (or suspicious URL criteria) of the specified anomaly.
Please see set_url_tps_increase_rate for more information about URL detection criteria and suspicious URL criteria.
- Maximum TPS: Specifies that the system considers a URL to be under attack (or treats as suspicious)
if the number of requests sent, per second, for the URL is equal to or greater than this number.
The default setting is 1000 requests per second.
Gets the maximum TPS value in URL detection criteria (or suspicious URL criteria) of the specified anomaly.
Sets the minimum TPS value in URL detection criteria (or suspicious URL criteria) of the specified anomaly.
Please see set_url_tps_increase_rate for more information about URL detection criteria and suspicious URL criteria.
- Minimum TPS: Specifies that the system considers a URL to be under attack (or treats as suspicious)
if the detected TPS for a specific URL equals, or is greater than, this number,
and the TPS increase rate was reached. If the detected TPS is lower than this number,
the system does not consider this URL to be under attack (or suspicious) even if
the TPS increase rate was reached. The default setting is 200 transactions per second.
Gets the minimum TPS value in URL detection criteria (or suspicious URL criteria) of the specified anomaly.
Sets the TPS increase rate value in Site-wide detection criteria (or suspicious Site-wide criteria) of the specified anomaly.
Site-wide detection criteria setting is only available in TPS-based anomaly.
It specifies that if at least one of the following criteria is met, the system treats the whole site to be under attack.
If these numbers are reached, the system prevents further attacks by limiting the number of requests per second to the history interval.
The system does not return the blocking response page.
Suspicious Site-wide criteria setting is only available in Latency-based anomaly.
It specifies that if at least one of the following criteria is met, the system treats a site as suspicious (suspects the whole site to be attacked).
If an attack was detected according to the detection criteria, Site-wide rate limiting will be done on the suspicious sites.
The system prevents the attack by limiting the number of requests per second to the history interval.
The system does not return the blocking response page.
- TPS increase rate: Specifies that the system considers a whole site to be under attack (or treats as suspicious)
if the ratio between the transaction rate detection interval and the transaction rate history interval,
for one site, is greater than this number. The default setting is 500 percent.
- Maximum TPS
- Minimum TPS
Gets the TPS increase rate value in Site-wide detection criteria (or suspicious Site-wide criteria) of the specified anomaly.
Sets the maximum TPS value in Site-wide detection criteria (or suspicious Site-wide criteria) of the specified anomaly.
Please see set_site_wide_tps_increase_rate for more information about Site-wide detection criteria and suspicious Site-wide criteria.
- Maximum TPS: Specifies that the system considers a whole site to be under attack (or treats as suspicious)
if the number of requests sent, per second, for the site is equal to or greater than this number.
The default setting is 10000 requests per second.
Gets the maximum TPS value in Site-wide detection criteria (or suspicious Site-wide criteria) of the specified anomaly.
Sets the minimum TPS value in Site-wide detection criteria (or suspicious Site-wide criteria) of the specified anomaly.
Please see set_site_wide_tps_increase_rate for more information about Site-wide detection criteria and suspicious Site-wide criteria.
- Minimum TPS: Specifies that the system considers a whole site to be under attack (or treats as suspicious)
if the detected TPS for a specific site equals, or is greater than, this number,
and the TPS increase rate was reached. If the detected TPS is lower than this number,
the system does not consider this whole site to be under attack (or suspicious) even if
the TPS increase rate was reached. The default setting is 2000 transactions per second.
Gets the minimum TPS value in Site-wide detection criteria (or suspicious Site-wide criteria) of the specified anomaly.
Sets the escalation period (in seconds) in the specified anomaly.
Escalation period specifies for how long the system spends in each step until deciding to move to the next step
when preventing attacks against an attacker IP address or an attacked URL.
The system prevents attacks by rejecting requests either from the attacking IP address, or for the attacked URL.
After the system detects and stops a DoS attack, it performs attack prevention for the amount of time configured here
in every method that you enabled in prevention policy (see set_source_ip_based_client_side_integrity_defense_state)
even if the system detects that the attack continues. The default setting is 120 seconds.
Gets the escalation period (in seconds) in the specified anomaly.
Sets the de-escalation period (in seconds) in the specified anomaly.
De-escalation period specifies for how long the system spends in the final escalation step until retrying the steps from the top
when preventing attacks against an attacker IP address or an attacked URL. Zero value specifies that no de-escalation occurs.
Please see set_escalation_period for more information about escalation. The default setting is 7200 seconds.
Gets the de-escalation period (in seconds) in the specified anomaly.
This method has been deprecated. Please use set_escalation_period / set_deescalation_period instead.
Sets the maximum prevention duration (in seconds) in the specified anomaly.
Prevention duration specifies for how long the system prevents attacks against an attacker IP address or an attacked URL.
The system prevents attacks by rejecting requests either from the attacking IP address, or for the attacked URL.
- Unlimited (zero value): Specifies that after the system detects and stops a DoS attack,
it performs attack prevention until it detects the end of the attack. This is the default.
- Number of seconds (positive value): Specifies that after the system detects and stops a DoS attack,
it performs attack prevention either for the amount of time configured here even if the system detects
that the attack continues, or until the system detects the end of the attack, whichever is earlier.
This method has been deprecated. Please use get_escalation_period / get_deescalation_period instead.
Gets the maximum prevention duration (in seconds) in the specified anomaly.
Sets the latency increase rate value in detection criteria of Latency-based anomaly.
Detection criteria setting is only available in Latency-based anomaly.
It specifies the criteria under which the system considers traffic to be an attack.
First, the minimum latency must be reached, and then either the latency increase rate or the maximum latency must be reached.
- Latency increase rate: Specifies that the system considers traffic to be an attack if
the ratio of the latency detection interval to the latency history interval,
for one URL, is greater than this number. The default setting is 500 percent.
- Maximum latency
- Minimum latency
Gets the latency increase rate value in detection criteria of Latency-based anomaly.
Sets the maximum latency value in detection criteria of Latency-based anomaly.
Please see set_latency_increase_rate for more information about detection criteria.
- Maximum latency: Specifies that the system considers traffic to be an attack if
the latency detection interval for a specific URL is greater than this number.
The default setting is 10000 milliseconds.
Gets the maximum latency value in detection criteria of Latency-based anomaly.
Sets the minimum latency value in detection criteria of Latency-based anomaly.
Please see set_latency_increase_rate for more information about detection criteria.
- Minimum latency: Specifies that the system considers traffic to be an attack if
the detection interval for a specific URL equals, or is greater than, this number,
and at least one of the latency increase rate or maximum latency was reached.
If the detection interval is lower than this number, the system does not consider
this traffic to be an attack even if one of the latency increase rate or maximum latency was reached.
The default setting is 200 milliseconds.
Gets the minimum latency value in detection criteria of Latency-based anomaly.
Sets the heavy URL protection state in Application Security.
Heavy URLs are those ones that may consume considerable server resources per request,
thus it takes only low rate requests to those URLs in order to cause DoS attacks.
Attacks will continue to be detected using the TPS-based and Latency-based anomalies.
Heavy URL protection specifies, when enabled, that whenever an attack is detected,
the system protects the heavy URLs using the URL-based methods that you enabled in prevention policy
(see set_source_ip_based_client_side_integrity_defense_state). If no such prevention method is enabled,
attacks will be only reported. The default is enabled.
Gets the heavy URL protection state in Application Security.
Sets the automatic heavy URL detection state in Application Security.
Automatic heavy URL detection specifies, when enabled, that the system automatically detects heavy URLs,
in addition to the manually configured ones (see set_heavy_url_includes and set_heavy_url_excludes).
For the sake of detecting heavy URLs, the system measures the latency tail weight, defined as
the ratio of transactions that have latency beyond the latency threshold (see set_heavy_url_latency_threshold)
out of all the transactions. A URL is considered heavy if the tail is considerably above the global average
in the long run. In order to enable this setting, you must first enable heavy URL protection.
The default is enabled.
Gets the automatic heavy URL detection state in Application Security.
Gets the included heavy URLs in Application Security.
Adds a list of URLs to the manually-configured (included) heavy URLs in Application Security.
Included heavy URLs specify URLs that are expected to be heavy from a-priori knowledge
even if they are not automatically detected as heavy.
Replaces the existing included heavy URLs with new ones in Application Security.
Removes specific URLs from the included heavy URLs in Application Security.
Gets the excluded heavy URLs in Application Security.
Adds a list of URLs to the ignored (excluded) heavy URLs in Application Security.
Excluded heavy URLs specify URLs that are not considered heavy even if automatically detected.
The exclude list can contain prefix wildcards.
Replaces the existing excluded heavy URLs with new ones in Application Security.
Removes specific URLs from the excluded heavy URLs in Application Security.
Sets latency threshold for automatic heavy URL detection (in milliseconds) in Application Security.
Please see set_heavy_url_automatic_detection_state for more information about automatic heavy URL detection.
You must enable automatic heavy URL detection in order to configure the latency threshold.
You can increase or decrease this number to improve accuracy of the automatically detected heavy URLs,
if too many or too few URLs are found by the system to be heavy. The default setting is 1000 milliseconds.
Gets the latency threshold for automatic heavy URL detection (in milliseconds) in Application Security.
Sets the TCP dump record traffic state in Application Security.
Specifies when enabled that the system records traffic (performs a TCP dump)
when a DoS attack is underway. The system records traffic during DoS attacks
on the virtual server in which the attack was detected. The TCP dump files can be collected
into the QuickView file so that F5 support can use it for solving customer cases.
The files are located in the system in the following file path: /shared/dosl7/tcpdumps,
and have a pcap extension.
The default is disabled.
Gets the TCP dump record traffic state in Application Security.
Sets the TCP dump maximum duration (in seconds) in Application Security.
The maximum time for one dump cycle. Legal values are between 1 and 300.
Please see set_tcp_dump_record_traffic_state for more information about recording the traffic/TCP dump.
The default setting is 30 seconds.
Gets the TCP dump maximum duration (in seconds) in Application Security.
Sets the TCP dump maximum size (in megabytes) in Application Security.
The maximum size for a dump cycle. Legal values are between 1 and 50.
Please see set_tcp_dump_record_traffic_state for more information about recording the traffic/TCP dump.
The default setting is 10 megabytes.
Gets the TCP dump maximum size (in megabytes) in Application Security.
Sets the TCP dump repetition interval (in seconds) in Application Security.
Specifies whether the system performs one dump for each DoS attack, or multiple dumps.
When value is 0: Specifies that the system performs one dump for each DoS attack.
When value is greater than 0: Specifies that the system performs multiple dumps for each DoS attack,
and how long the system waits after finishing a dump cycle before starting a new cycle.
Legal values are between 0 and 2600 seconds.
Please see set_tcp_dump_record_traffic_state for more information about recording the traffic/TCP dump.
The default setting is 120 seconds.
Gets the TCP dump repetition interval (in seconds) in Application Security.
Gets the entire IP address whitelist of DoS profile Application Security.
Adds a list of IP addresses with subnet masks to the whitelist of DoS profile Application Security.
IP address whitelist specifies IP addresses, including subnet masks, that the system considers
legitimate and does not examine when performing DoS prevention.
Removes specific IP addresses with subnet masks from the whitelist of DoS profile Application Security.
Removes the entire IP address whitelist of DoS profile Application Security.
Gets the Protocol SIP Security sub-profile for a list of given profiles.
Adds a list of Protocol SIP Security sub-profiles to given profiles.
Note: Only one Protocol SIP Security sub-profile can exist per profile.
Removes specific Protocol SIP Security sub-profiles from the specified profiles.
Removes all Protocol SIP Security sub-profiles from the specified profiles.
Gets all SIP Attack Vectors that are enabled for the specified Protocol SIP Security sub-profiles.
Adds SIP Attack Vectors to the specified Protocol SIP Security sub-profiles.
A SIP Attack Vector allows the user to enable DoS attack detection on a specific attack vector and
also lets the user configure attack sensitivity (rate increase & threshold).
Removes SIP Attack Vectors from the specified Protocol SIP Security sub-profiles.
Removes all SIP Attack Vectors from the specified Protocol SIP Security sub-profiles.
Sets the rate increase percentage for the specified SIP Attack Vectors. When the rate increases
above this percentage then BIG-IP will detect the specified SIP Attack Vectors.
Note: This value cannot be set below 100.
Gets the rate increase percentage for the specified SIP Attack Vectors.
Sets the rate threshold for the specified SIP Attack Vectors. When the rate increases above this threshold
then BIG-IP will detect the specified SIP Attack Vectors.
Gets the rate threshold for the specified SIP Attack Vectors.
Sets the rate increase for SIP protocol errors DoS attack vector. When the rate increases above this percentage
then BIG-IP will detect a protocol errors SIP DoS attack.
Gets the rate increase for SIP protocol errors DoS attack vector.
Sets the rate threshold for SIP protocol errors DoS attack vector. When the rate increases above this threshold
then BIG-IP will detect a protocol errors SIP DoS attack.
Gets the rate threshold for SIP protocol errors DoS attack vector.
Sets the Protocol SIP Error Attack Detection state in Protocol SIP Security. This allows
the user to configure BIG-IP to detect SIP protocol errors DoS attacks.
Gets the SIP Protocol Error Attack Detection state in Protocol SIP Security.
Resets the statistics for the specified SIP Attack Vectors.
Gets the statistics for all SIP Attack Vectors (of the specified Protocol SIP Security sub-profiles).
Gets the statistics for the specified SIP Attack Vectors.
Gets all the DNS Query Vectors for a set of Protocol DNS Security sub-profiles.
Adds DNS Query Vectors to the specified Protocol DNS Security sub-profiles.
Removes DNS Query Vectors from the specified Protocol DNS Security sub-profiles.
Removes all DNS Query Vectors from the specified Protocol DNS Security sub-profiles.
Sets the rate increase percentage for the specified DNS Query Vectors.
The system calculates the rate increase percentage for a given
vector by comparing the 1 minute average to the 1 hour average, and
compares the result to the percentage set. If the set percentage is
less than or equal to the calculated value, a DoS attack is registered.
Note that this value cannot be set below 100.
The attack ends when this condition is no longer true.
Gets the rate increase percentage for the specified DNS Query Vectors.
Sets the query vectors rate threshold for the specified DNS Query Vectors.
This is the absolute number of packets per second before registering a DoS attack.
Gets the query vector rate threshold for the specified DNS Query Vectors.
Sets the DNS Protocol error attack rate increase for the specified Protocol DNS Security sub-profiles.
This is the rate increase (as a percentage) of traffic for Malformed and Malicious
DNS packets to register a DoS attack. This number is calculated by comparing the 1
minute average to the 1 hour average.
Gets the DNS Protocol error attack rate increase for the specified Protocol DNS Security sub-profiles.
Sets the Protocol DNS Error Attack Detection state for the specified Protocol DNS Security sub-profiles.
This Determines whether or not to include Malformed and Malicious DNS packets
in DoS attack detection.
Gets the DNS Protocol Error Attack Detection state for the specified Protocol DNS Security sub-profiles.
Resets the statistics for the specified DNS Query Vectors.
Gets the statistics for all DNS Query Vectors for the specified Protocol DNS Security sub-profiles.
Gets the statistics for the specified DNS Query Vectors.
Gets the DoS Network sub-profiles for the specified DoS profiles.
With this sub-profile, the Layer 4 attacks are detected and
actions are taken to drop the packets over the limit in one
second.
Adds a list of DoS Network sub-profiles for the specified DoS
profiles. Note: Only one Security DoS Network sub-profile can
exist per profile.
Removes a list of DoS Network sub-profiles from the specified
DoS profiles.
Removes all DoS Network sub-profiles from the specified DoS
profiles.
Gets the Network Attack Vectors for the specified DoS Network
sub-profiles.
A Network Attack Vector allows the user to enable DoS attack
detection on a specific attack vector and also lets the user
configure attack sensitivity (rate limit & threshold).
Adds a list of Network Attack Vectors for the specified DoS
Network sub-profiles.
Removes a list of Network Attack Vectors from the specified DoS
Network sub-profiles.
Removes all Network Attack Vectors from the specified DoS
Network sub-profiles.
Sets the Rate Limits for the specified Network Attack Vectors.
When the incoming packet number per second for the specified
Network Attack Vectors is over this limit then the system will
drop all the over limit packets in this second. The limit number
of incoming packets will be allowed again in the next second.
Gets the Rate Limits for the specified Network Attack Vectors.
Sets the Rate Thresholds for the specified Network Attack
Vectors.
When the incoming packet number per second for the specified
Network Attack Vectors goes above this threshold then the system
will detect this kind of Layer 4 attack and take the action to
log.
Gets the Rate Thresholds for the specified Network Attack
Vectors.
Resets the statistics for the specified Network Attack Vectors.
Gets the statistics for all Network Attack Vectors of the
specified DoS Network sub-profiles.
Gets the statistics for the specified Network Attack Vectors.
Sets the auto blacklisting state for the specified Network Attack Vectors.
If auto blacklisting is enabled, offending IPs will be automatically
blocked for the specified blacklist duration. See
set_network_attack_vector_blacklist_duration for more details.
Gets the auto blacklisting state for the specified Network Attack Vectors.
Sets the blacklist detection value (seconds) for the specified Network Attack Vectors.
The blacklist detection value is the time that a given IP must be offending before
being added to the blacklist.
Gets the blacklist detection value for the specified Network Attack Vectors.
Sets the blacklist duration (seconds) for the specified Network Attack Vectors.
The blacklist duration is the time that an offending IP will remain in the blacklist.
Gets the blacklist duration for the specified Network Attack Vectors.
Sets the blacklist categories for the specified Network Attack Vectors.
The blacklist categories which blacklisted IPs should be added to.
Gets the blacklist category for the specified Network Attack Vectors.
Gets the version information for this interface.
The ProfileDoS interface enables you to manipulate a DoS profile.
Use this interface to prevent Denial of Service (DoS) attacks.
DoS profile consists of three parts (layers): Application Security, Protocol (DNS) Security and Protocol SIP Security.
Each part can be enabled or disabled by means of creating or deleting the corresponding sub-profile.
In Application Security you can configure:
- The circumstances under which the system considers traffic to be a DoS attack.
- How the system handles a DoS attack.
The system considers traffic to be an Application DoS attack based on the following calculations:
- Transaction rate detection interval: The average number of requests per second sent for a specific URL, or by a specific IP address.
This number is calculated by the system, by default, every minute and updated every second.
- Transaction rate history interval: The average number of requests per second sent for a specific URL, or by a specific IP address.
This number is calculated by the system, by default, every hour and updated every minute.
- Latency detection interval: The average time it takes for the system to respond to a request for a specific URL, over the last minute.
This average is updated every second.
- Latency history interval: The average time it takes for the system to respond to a request for a specific URL, over the last hour.
This average is updated every minute.
In this sub-profile you must select whether the system prevents DoS attacks based on the client side (TPS-based anomaly) or/and the server side (Latency-based anomaly).
The system's DoS attack prevention works differently for every anomaly you select.
- In TPS-based anomaly: If the ratio of the transaction rate detection interval to the transaction rate history interval is greater than
the specific percentage you configure in this sub-profile (the TPS increase rate),
the system detects the URL to be under attack, or the IP address to be attacking.
In order to stop the attack, the system drops some requests from the detected IP address and/to the attacked URL.
- In Latency-based anomaly: If the ratio of the transaction rate detection interval to the transaction rate history interval is greater than
the specific percentage you configure in this sub-profile (the TPS increase rate),
the system suspects the URL to be under attack, or the IP address to be suspicious.
If the ratio of the latency detection interval to the latency history interval is greater than
the specific percentage you configure in this sub-profile (the latency increase rate),
the system detects that this URL is under attack.
In order to stop the attack, the system drops some requests from the suspicious IP address and/or to the suspicious URL.
The Protocol DNS Security sub-profile allows you to specify DNS Query Vectors
to be considered for DoS attack detection. You can also select whether
or not to consider Malformed and Malicious DNS packets for DoS attack
detection, and configure values at which to start dropping these packets.
A Protocol SIP Security sub-profile allows the user to configure SIP Attack Vectors that are to be considered for DoS attack detection. It also provides the
capability to enable detection of Malformed SIP packet DoS attacks. The detection sensitivity for each of the configured DoS vectors can also
be set.