The feature is responsible for sending syslog record for each datapower transaction.
In v1.0.5 a new feature was introduced as a tech preview ,
This syslog record is a json formatted data object the consist of This is a tech preview feature introduced in v1.0.5. When used, a syslog record will be sent for each DataPower transaction.
The syslog record used is a json-formatted data object, containing information aggregated from several sources on relating to the transaction.
The feature required requires DataPower FW 7.6+
Customer value
...
Value to Customers
- This feature allows customers to easily show datapower display DataPower information on their APMs or log aggregator such as IBM APMs , Splunk or ELK without being exposed to changes in DataPower . This removes the dependency on, and isolates the customer from changes to DataPower's log structure.
- Customer can also Customers may add a link to redirect the syslog record, which redirects from each transaction into DPOD details transaction and ' transaction details, in order to enhance troubleshooting efforts.
- DPOD customer scan customers can use this feature to externalize DPOD info information for Data Warehouse purpose purposes.
- DPOD customers can keep summarize retain summarized transaction details. This will increase history information retention time period and will minimize storage requirements.
Transaction Record
...
Structure
The following table describes the fields that are logged with this feature.
Field Name | Description | Possible |
---|
valuesValues |
---|
serviceType | Service type as defined in DataPower | mpgw,wsp,xml-firewall,b2bgw |
transactionGlobalId | DataPower global transaction ID (GTID) | 26 chars long |
transactionId | DataPower transaction ID (TID) | long number |
srcNodeName | The name of the DPOD node |
name the capture that captured the transaction |
|
domainName | DataPower domain name where the transaction was executed | String |
deviceName |
datapower system DataPower device name | String |
timeYearOnly | Year |
when startedstart | format YYYY |
timeMonthNum | Month number |
when started when startedstart | 1-31 |
timeHHMMSS | Full time |
when startedstart | format HHMMSS where: HH |
- - - when startedstart | 00-23 |
timeMinute | Minute |
when startedstart | 0-59 |
timeSecond | Second |
when startedstart | 00-59 |
timeMicroSec | Microsecond |
when startedstart |
|
timeZone | The time zone |
when startedstart | format +ZZZZ |
timeInMil |
transaction in millismilliseconds | long number |
timeInMicroSec |
transaction in since Epoch in microseconds |
|
timeDayInYear |
Number represents day in yearDay of year of transaction start | 1-365 |
timeSecondInDay |
Number of a second when transactio startedof transaction start | 0-86399 |
timeMinuteInDay |
Number of a minute when transactio startedof transaction start | 0-3599 |
timeDayInWeek |
Number represents day Day in a week of transaction start | 1-7. 1- Sunday, 7-Saturday. |
microSecTimestamp | Timestamp format of the time the transaction started | YYYY-MM-DDTHH:mm:ss.SSSSSS+ZZZZ |
aggRecordVersion | Estimated FW version of the DataPower that executed the transaction. |
Internal (For internal use) | String |
technicalServiceName | Service Name. Note: in WSP we are not currently |
not providin providing an operation name | String |
technicalErrorMessage | Error message |
. Only avail if transaction finished with errorrelating to the transaction. This field will only be populated when the transaction completed with error. | String |
isTechnicalError | Indication |
if ended completed with errors | true/false |
aggErrorCode | Error Code in DataPower | String |
message |
the The Syslog line that DPOD |
assume discerned is most likely to reflect the error cause | String |
aggIndTXError | Indication that information on error transaction |
arrivedwas received | true/false |
aggIndTXFinished | Indication that information on transaction |
end arrivedcompletion was received | true/false |
aggIndTXStarted | Indication that information on starting transaction arrived | true/false |
aggFirstTxOfGtx | Indication |
if on whether this is the first transaction in a group. In this case -there might be a following transaction logged with the same GTID | true/false |
microSecTimestampFinish |
Internal For internal use | long |
aggUuidGtidEpochSeconds |
Internal For internal use | long |
docAddedTimeInMil |
Internal For internal use | long |
WDPTutXUuidGtidTid |
Internal For internal use | long |
WDPTutXUuidGtidDeviceId |
Internal For internal use | String |
aggUuidGtidTimst |
Internal For internal use | String |
microSecTimestampStart |
Internal JSON example:
Code Block |
---|
language | textjava |
---|
title | JSON Example |
---|
linenumbers | true |
---|
|
{
"_index" : "logical-tran-compact_i1",
"_type" : "wdpLogicalTrans",
"_id" : "802d48ad5976a98f00080cc4_527556",
"_timestamp" : "2017-07-25T02:15:23.279Z",
"_version" : 4,
"_operation" : "INDEX",
"_source" : {
"serviceType" : "mpgw",
"timeDayInYear" : "206",
"transactionGlobalId" : "802d48ad5976a98f00080cc4",
"timeDayInWeek" : "2",
"microSecTimestampStart" : "2017-07-25T05:14:39.570000+0000",
"timeHHMMSS" : "05:14:39",
"aggUuidGtidTimst" : "2017-07-25 02:14:39",
"aggFirstTxOfGtx" : "true",
"aggIndTXStarted" : "true",
"deviceName" : "idg7600",
"timeSecond" : "39",
"aggUuidGtidEpochSeconds" : "1500948879",
"timeSecondInDay" : "18879",
"timeMinuteInDay" : "314",
"timeYearOnly" : "2017",
"timeInMicroSec" : "1500948879569000",
"srcNodeName" : "NODE0",
"timeDay" : "25",
"microSecTimestamp" : "2017-07-25T05:14:39.569000+0000",
"WDPTutXUuidGtidDeviceId" : "802d48ad",
"timeInMil" : "1500948879569",
"timeZone" : "+0000",
"transactionId" : "527556",
"timeMinute" : "14",
"timeMonthNum" : "07",
"domainName" : "APIMgmt_ACB198F9A6",
"timeMicroSec" : "569000",
"timeHour" : "05",
"WDPTutXUuidGtidTid" : "00080cc4",
"aggRecordVersion" : "7.6.0.0+",
"technicalServiceName" : "GetDeliveryStatus_MHJV.MPGW",
"docAddedTimeInMil" : "1500948882966",
"technicalErrorMessage" : "Invalid JSON format",
"isTechnicalError" : "1",
"aggErrorCode" : "0x02130008",
"message" : "<11>2017-07-25T05:14:39.570000+0000 MonTierLocalId-8 [0x02130008][mpgw][error] mpgw(GetDeliveryStatus_MHJV.MPGW): trans(527556)[error][192.168.0.112] gtid(802d48ad5976a98f00080cc4): Invalid JSON format\r",
"aggIndTXError" : "true",
"microSecTimestampFinish" : "2017-07-25T05:14:39.573000+0000",
"aggIndTXFinished" : "true"
}
} |
Feature enablement
To Perform the following steps to enable this feature 3 steps are required:
- Install and configure Store plugin.
- Configure each syslog agent.
- restart systemStop and start all system services.
Plugin
...
Installation and
...
Configuration
- The plugin is located at /installs/tech-preview/es-changes-feed-plugin.zip
- In order to To extract the plugin please follow the procedure :
- cd /installs/tech-preview
- unzip es-changes-feed-plugin.zip
- The command will create the following files in the directory /installs/tech-preview :
- MonTierEventsFeedPlugin.zip
- MonTierEventsFeedPlugin.zip.md5
To install plugin just run execute the following commands:
cd /app/elasticsearch_base
bin/plugin install file:///installs/tech-preview/MonTierEventsFeedPlugin.zip
Approve the installation by pressing Y to the prompt question "Continue with installation? [y/N]"
To remove plugin issue command : bin/plugin remove file:///installs/tech-preview/MonTierEventsFeedPlugin.zipremove MonTierEventsFeedPlugin
Configure each Store node number 2 or 4 as follow:
- cd /app/elasticsearch_nodes/config/MonTier-es-raw-trans-Node-2
- Edit file elasticsearchthe elasticsearch.yml file
add to the end of file the parameters:
Parameter | Values | Description |
---|
montier.events.feed.syslog.protocol | tcp or udp | the protocol used to send messages to syslog |
montier.events.feed.syslog.host | ip addressv4 address v4 or valid hostname | target syslog agent hostname |
montier.events.feed.syslog.port | integer 1-65535 | target syslog agent port |
montier.events.feed.syslog.ssl | false or true | disable or enable / disable sslSSL |
montier.events.feed.appname | text A-Z|a-z|0-9 name - 8 chars | syslog application name |
Configure syslog agent
For each syslog agent that you have in the system perform the following:
- cd /app/flume/syslog_agents/conf/MonTier-SyslogAgent-nn/ (replace nn with the agent number)
- edit file flumethe flume_syslog.conf file
- Look in Locate in each each agent for rows with pattern: MonTier-SyslogAgent-nn.sinks.syslogElasticSinknnn.batchSize = (replace nnn with sink name 1 to 10!! and . Also - replace nn with the agent number !!)
- For each row found please add below the line Add below each of these rows the line below (substituting nn and nnn as described in step 3 above)
MonTier-SyslogAgent-nn.sinks.syslogElasticSinknnn.serializer.enableLogicalTx = false