Versions Compared

Old Version 10

changes.mady.by.user Hanan Kenan

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The feature is responsible for sending syslog record for each datapower transaction.

In v1.0.5 a new feature was introduced as a tech preview ,

This syslog record is a json formatted data object the consist of This is a tech preview feature introduced in v1.0.5. When used, a syslog record will be sent for each DataPower transaction.

The syslog record used is a json-formatted data object, containing information aggregated from several sources on relating to the transaction.

The feature required requires DataPower FW 7.6+

Customer value

...

Value to Customers

  • This feature allows customers to easily show datapower display DataPower information on their APMs or log aggregator such as IBM APMs , Splunk or ELK without being exposed to changes in DataPower . This removes the dependency on, and isolates the customer from changes to DataPower's log structure.
  • Customer can also Customers may add a link to redirect the syslog record, which redirects from each transaction into DPOD details transaction and ' transaction details, in order to enhance troubleshooting efforts.
  • DPOD customer scan customers can use this feature to externalize DPOD info information for Data Warehouse purpose purposes.
  • DPOD customers can keep summarize retain summarized transaction details. This will increase history information retention time period and will minimize storage requirements.


Transaction Record

...

Structure

The following table describes the fields that are logged with this feature.

Field NameDescriptionPossible
values
Values
serviceTypeService type as defined in DataPowermpgw,wsp,xml-firewall,b2bgw
transactionGlobalIdDataPower global transaction ID (GTID)26 chars long
transactionIdDataPower transaction ID (TID)long number
srcNodeNameThe name of the DPOD node
name the capture
that captured the transaction
domainNameDataPower domain name where the transaction was executedString
deviceName
datapower system
DataPower device nameString
timeYearOnlyYear
when
of transaction
started
startformat YYYY
timeMonthNumMonth number
when
of transaction
started
start1-12
timeDayDay
when
of month of transaction
started
start1-31
timeHHMMSSFull time
when
of transaction
started
start

format HHMMSS where:

HH

-

: 00-23
MM

-

: 00-59
SS

-

: 00-59

timeHourHour
when
of transaction
started
start00-23
timeMinuteMinute
when
of transaction
started
start0-59
timeSecondSecond
when
of transaction
started
start00-59
timeMicroSec

Microsecond

when

of transaction

started

start


timeZoneThe time zone
when
used to log transaction
started
startformat +ZZZZ
timeInMil
transaction
Transaction start time
in
since Epoch in
millis
millisecondslong number
timeInMicroSec
transaction

Transaction start time

in

since Epoch in microseconds


timeDayInYear
Number represents day in year
Day of year of transaction start1-365
timeSecondInDay
Number of a second
Second in the Day
when transactio started
of transaction start0-86399
timeMinuteInDay
Number of a minute
Minute in the Day
when transactio started
of transaction start0-3599
timeDayInWeek
Number represents day
Day in a week of transaction start1-7. 1- Sunday, 7-Saturday.
microSecTimestampTimestamp format of the time the transaction startedYYYY-MM-DDTHH:mm:ss.SSSSSS+ZZZZ
aggRecordVersionEstimated FW version of the DataPower that executed the transaction.
Internal
(For internal use)String
technicalServiceNameService Name.
Note: in WSP we are not currently
not providin
providing an operation nameString
technicalErrorMessageError message
. Only avail if transaction finished with error
relating to the transaction.
This field will only be populated when the transaction completed with error.		String
isTechnicalErrorIndication
if
whether the transaction
ended
completed with errorstrue/false
aggErrorCodeError Code in DataPowerString
message
the
The Syslog line that DPOD
assume
discerned is most likely to reflect the error causeString
aggIndTXErrorIndication that information on error transaction
arrived
was receivedtrue/false
aggIndTXFinishedIndication that information on transaction
end arrived
completion was receivedtrue/false
aggIndTXStartedIndication that information on starting transaction arrivedtrue/false
aggFirstTxOfGtxIndication
if
on whether this is the first transaction in a group. In this case -there might be a following transaction logged with the same GTIDtrue/false
microSecTimestampFinish
Internal
For internal uselong
aggUuidGtidEpochSeconds
Internal
For internal uselong
docAddedTimeInMil
Internal
For internal uselong
WDPTutXUuidGtidTid
Internal
For internal uselong
WDPTutXUuidGtidDeviceId
Internal
For internal useString
aggUuidGtidTimst
Internal
For internal useString
microSecTimestampStart
Internal
For internal use
String

 JSON example:


Code Block
languagetextjava
titleJSON Example
linenumberstrue
{
   "_index" : "logical-tran-compact_i1",
   "_type" : "wdpLogicalTrans",
   "_id" : "802d48ad5976a98f00080cc4_527556",
   "_timestamp" : "2017-07-25T02:15:23.279Z",
   "_version" : 4,
   "_operation" : "INDEX",
   "_source" : {
      "serviceType" : "mpgw",
      "timeDayInYear" : "206",
      "transactionGlobalId" : "802d48ad5976a98f00080cc4",
      "timeDayInWeek" : "2",
      "microSecTimestampStart" : "2017-07-25T05:14:39.570000+0000",
      "timeHHMMSS" : "05:14:39",
      "aggUuidGtidTimst" : "2017-07-25 02:14:39",
      "aggFirstTxOfGtx" : "true",
      "aggIndTXStarted" : "true",
      "deviceName" : "idg7600",
      "timeSecond" : "39",
      "aggUuidGtidEpochSeconds" : "1500948879",
      "timeSecondInDay" : "18879",
      "timeMinuteInDay" : "314",
      "timeYearOnly" : "2017",
      "timeInMicroSec" : "1500948879569000",
      "srcNodeName" : "NODE0",
      "timeDay" : "25",
      "microSecTimestamp" : "2017-07-25T05:14:39.569000+0000",
      "WDPTutXUuidGtidDeviceId" : "802d48ad",
      "timeInMil" : "1500948879569",
      "timeZone" : "+0000",
      "transactionId" : "527556",
      "timeMinute" : "14",
      "timeMonthNum" : "07",
      "domainName" : "APIMgmt_ACB198F9A6",
      "timeMicroSec" : "569000",
      "timeHour" : "05",
      "WDPTutXUuidGtidTid" : "00080cc4",
      "aggRecordVersion" : "7.6.0.0+",
      "technicalServiceName" : "GetDeliveryStatus_MHJV.MPGW",
      "docAddedTimeInMil" : "1500948882966",
      "technicalErrorMessage" : "Invalid JSON format",
      "isTechnicalError" : "1",
      "aggErrorCode" : "0x02130008",
      "message" : "<11>2017-07-25T05:14:39.570000+0000 MonTierLocalId-8 [0x02130008][mpgw][error] mpgw(GetDeliveryStatus_MHJV.MPGW): trans(527556)[error][192.168.0.112] gtid(802d48ad5976a98f00080cc4): Invalid JSON format\r",
      "aggIndTXError" : "true",
      "microSecTimestampFinish" : "2017-07-25T05:14:39.573000+0000",
      "aggIndTXFinished" : "true"
   }
}


Feature enablement

To Perform the following steps to enable this feature 3 steps are required: 

  1. Install and configure Store plugin.
  2. Configure each syslog agent.
  3. restart systemStop and start all system services.

Plugin

...

Installation and

...

Configuration

  1. The plugin is located at  /installs/tech-preview/es-changes-feed-plugin.zip
  2. In order to To extract the plugin please follow the procedure :
    1. cd  /installs/tech-preview
    2. unzip es-changes-feed-plugin.zip
    3. The command will create the following files in the directory /installs/tech-preview :
      1. MonTierEventsFeedPlugin.zip
      2. MonTierEventsFeedPlugin.zip.md5

  3. To install plugin just run execute the following commands: 

    1. cd /app/elasticsearch_base

    2. bin/plugin install file:///installs/tech-preview/MonTierEventsFeedPlugin.zip

    3. Approve the installation by pressing Y to the prompt question "Continue with installation? [y/N]"

    4. To remove plugin issue command : bin/plugin remove file:///installs/tech-preview/MonTierEventsFeedPlugin.zipremove MonTierEventsFeedPlugin

  4. Configure each Store node number 2 or 4 as follow:

    1. cd /app/elasticsearch_nodes/config/MonTier-es-raw-trans-Node-2 
    2. Edit file elasticsearchthe elasticsearch.yml file

  5. add to the end of file the parameters:

    ParameterValuesDescription
    montier.events.feed.syslog.protocoltcp or udpthe protocol used to send messages to syslog
    montier.events.feed.syslog.hostip addressv4 address v4 or valid hostnametarget syslog agent hostname
    montier.events.feed.syslog.portinteger 1-65535target syslog agent port
    montier.events.feed.syslog.sslfalse or truedisable or enable / disable sslSSL
    montier.events.feed.appnametext A-Z|a-z|0-9 name - 8 charssyslog application name


Configure syslog agent

For each syslog agent that you have in the system perform the following:

  1. cd /app/flume/syslog_agents/conf/MonTier-SyslogAgent-nn/ (replace nn with the agent number)
  2. edit file flumethe flume_syslog.conf file
  3. Look  in Locate in each each agent for rows with pattern:  MonTier-SyslogAgent-nn.sinks.syslogElasticSinknnn.batchSize = (replace nnn with sink name 1 to 10!! and . Also - replace nn with the agent number !!)
  4. For each row found please add below the line Add below each of these rows the line below (substituting nn and nnn as described in step 3 above)
    MonTier-SyslogAgent-nn.sinks.syslogElasticSinknnn.serializer.enableLogicalTx = false