Versions Compared

Version Old Version 3 New Version Current
Changes made by

Hanan Kenan

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In This is a tech preview feature introduced in v1.0.5 a new feature was introduced that send . When used, a syslog record will be sent for each datapower DataPower transaction.

This The syslog record used is a json-formatted data object the consist of , containing information aggregated from several sources on relating to the transaction.

The feature requires DataPower FW 7.

Customer value

...

6+

Value to Customers

  • This feature allows customers to easily show datapower display DataPower information on their APMs or log aggregator such as IBM APMs , Splunk or ELK without being exposed to changes in DataPower . This removes the dependency on, and isolates the customer from changes to DataPower's log structure.
  • Customer can also Customers may add a link to redirect the syslog record, which redirects from each transaction into DPOD details transaction and ' transaction details, in order to enhance troubleshooting efforts.
  • DPOD customer scan customers can use this feature to externalize DPOD info information for Data Warehouse purpose purposes.
  • DPOD customers can keep summarize retain summarized transaction details. This will increase history information retention time period and minimize storage requirements.


Transaction Record

...

Feature enablement

To enable this feature 3 steps are required: 

  1. Install plugin on each Store node.
  2. Configure manually each syslog agent.
  3. Configure each Store node with target syslog

...

Structure

The following table describes the fields that are logged with this feature.

Field NameDescriptionPossible Values
serviceTypeService type as defined in DataPowermpgw,wsp,xml-firewall,b2bgw
transactionGlobalIdDataPower global transaction ID (GTID)26 chars long
transactionIdDataPower transaction ID (TID)long number
srcNodeNameThe name of the DPOD node that captured the transaction
domainNameDataPower domain name where the transaction was executedString
deviceNameDataPower device nameString
timeYearOnlyYear of transaction startformat YYYY
timeMonthNumMonth number of transaction start1-12
timeDayDay of month of transaction start1-31
timeHHMMSSFull time of transaction start

format HHMMSS where:

HH: 00-23
MM: 00-59
SS: 00-59

timeHourHour of transaction start00-23
timeMinuteMinute of transaction start0-59
timeSecondSecond of transaction start00-59
timeMicroSec

Microsecond of transaction start


timeZoneThe time zone used to log transaction startformat +ZZZZ
timeInMilTransaction start time since Epoch in millisecondslong number
timeInMicroSec

Transaction start time since Epoch in microseconds


timeDayInYearDay of year of transaction start1-365
timeSecondInDaySecond in the Day of transaction start0-86399
timeMinuteInDayMinute in the Day of transaction start0-3599
timeDayInWeekDay in a week of transaction start1-7. 1- Sunday, 7-Saturday.
microSecTimestampTimestamp format of the time the transaction startedYYYY-MM-DDTHH:mm:ss.SSSSSS+ZZZZ
aggRecordVersionEstimated FW version of the DataPower that executed the transaction. (For internal use)String
technicalServiceNameService Name.
Note: in WSP we are not currently providing an operation name		String
technicalErrorMessageError message relating to the transaction.
This field will only be populated when the transaction completed with error.		String
isTechnicalErrorIndication whether the transaction completed with errorstrue/false
aggErrorCodeError Code in DataPowerString
messageThe Syslog line that DPOD discerned is most likely to reflect the error causeString
aggIndTXErrorIndication that information on error transaction was receivedtrue/false
aggIndTXFinishedIndication that information on transaction completion was receivedtrue/false
aggIndTXStartedIndication that information on starting transaction arrivedtrue/false
aggFirstTxOfGtxIndication on whether this is the first transaction in a group. In this case -there might be a following transaction logged with the same GTIDtrue/false
microSecTimestampFinishFor internal uselong
aggUuidGtidEpochSecondsFor internal uselong
docAddedTimeInMilFor internal uselong
WDPTutXUuidGtidTidFor internal uselong
WDPTutXUuidGtidDeviceIdFor internal useString
aggUuidGtidTimstFor internal useString
microSecTimestampStart For internal use
String


Code Block
languagejava
titleJSON Example
linenumberstrue
{
   "_index" : "logical-tran-compact_i1",
   "_type" : "wdpLogicalTrans",
   "_id" : "802d48ad5976a98f00080cc4_527556",
   "_timestamp" : "2017-07-25T02:15:23.279Z",
   "_version" : 4,
   "_operation" : "INDEX",
   "_source" : {
      "serviceType" : "mpgw",
      "timeDayInYear" : "206",
      "transactionGlobalId" : "802d48ad5976a98f00080cc4",
      "timeDayInWeek" : "2",
      "microSecTimestampStart" : "2017-07-25T05:14:39.570000+0000",
      "timeHHMMSS" : "05:14:39",
      "aggUuidGtidTimst" : "2017-07-25 02:14:39",
      "aggFirstTxOfGtx" : "true",
      "aggIndTXStarted" : "true",
      "deviceName" : "idg7600",
      "timeSecond" : "39",
      "aggUuidGtidEpochSeconds" : "1500948879",
      "timeSecondInDay" : "18879",
      "timeMinuteInDay" : "314",
      "timeYearOnly" : "2017",
      "timeInMicroSec" : "1500948879569000",
      "srcNodeName" : "NODE0",
      "timeDay" : "25",
      "microSecTimestamp" : "2017-07-25T05:14:39.569000+0000",
      "WDPTutXUuidGtidDeviceId" : "802d48ad",
      "timeInMil" : "1500948879569",
      "timeZone" : "+0000",
      "transactionId" : "527556",
      "timeMinute" : "14",
      "timeMonthNum" : "07",
      "domainName" : "APIMgmt_ACB198F9A6",
      "timeMicroSec" : "569000",
      "timeHour" : "05",
      "WDPTutXUuidGtidTid" : "00080cc4",
      "aggRecordVersion" : "7.6.0.0+",
      "technicalServiceName" : "GetDeliveryStatus_MHJV.MPGW",
      "docAddedTimeInMil" : "1500948882966",
      "technicalErrorMessage" : "Invalid JSON format",
      "isTechnicalError" : "1",
      "aggErrorCode" : "0x02130008",
      "message" : "<11>2017-07-25T05:14:39.570000+0000 MonTierLocalId-8 [0x02130008][mpgw][error] mpgw(GetDeliveryStatus_MHJV.MPGW): trans(527556)[error][192.168.0.112] gtid(802d48ad5976a98f00080cc4): Invalid JSON format\r",
      "aggIndTXError" : "true",
      "microSecTimestampFinish" : "2017-07-25T05:14:39.573000+0000",
      "aggIndTXFinished" : "true"
   }
}


Feature enablement

Perform the following steps to enable this feature

  1. Install and configure Store plugin.
  2. Configure each syslog agent.
  3. Stop and start all system services.

Plugin Installation and Configuration

  1. The plugin is located at  /installs/tech-preview/es-changes-feed-plugin.zip
  2. In order to To extract the plugin please follow the procedure :
    1. cd  /installs/tech-preview
    2. unzip es-changes-feed-plugin.zip
    3. The command will create the following files in the directory /installs/tech-preview :
      1. MonTierEventsFeedPlugin.zip
      2. MonTierEventsFeedPlugin.zip.md5

  3. To install plugin execute the following commands: 

    1. cd /app/elasticsearch_base

    2. bin/plugin install file:///installs/tech-preview/MonTierEventsFeedPlugin.zip

    3. Approve the installation by pressing Y to the prompt question "Continue with installation? [y/N]"

    4. To remove plugin issue command : bin/plugin remove MonTierEventsFeedPlugin

  4. Configure each Store node number 2 or 4 as follow:

    1. cd /app/elasticsearch_nodes/config/MonTier-es-raw-trans-Node-2 
    2. Edit the elasticsearch.yml file

  5. add to the end of file the parameters:

    ParameterValuesDescription
    montier.events.feed.syslog.protocoltcp or udpthe protocol used to send messages to syslog
    montier.events.feed.syslog.hostip address v4 or valid hostnametarget syslog agent hostname
    montier.events.feed.syslog.portinteger 1-65535target syslog agent port
    montier.events.feed.syslog.sslfalse or truedisable or enable SSL
    montier.events.feed.appnametext A-Z|a-z|0-9 name - 8 charssyslog application name


Configure syslog agent

For each syslog agent in the system perform the following:

  1. cd /app/flume/syslog_agents/conf/MonTier-SyslogAgent-nn/ (replace nn with the agent number)
  2. edit the flume_syslog.conf file
  3. Locate in each agent rows with pattern:  MonTier-SyslogAgent-nn.sinks.syslogElasticSinknnn.batchSize = (replace nnn with sink name 1 to 10. Also - replace nn with the agent number)
  4. Add below each of these rows the line below (substituting nn and nnn as described in step 3 above)
    MonTier-SyslogAgent-nn.sinks.syslogElasticSinknnn.serializer.enableLogicalTx = false