In This is a tech preview feature introduced in v1.0.5 a new feature was introduced that send . When used, a syslog record will be sent for each datapower DataPower transaction.
This The syslog record used is a json-formatted data object the consist of , containing information aggregated from several sources on relating to the transaction.
The feature required requires DataPower FW 7.6+
Customer value
...
Value to Customers
- This feature allows customers to easily show datapower display DataPower information on their APMs or log aggregator such as IBM APMs , Splunk or ELK without being exposed to changes in DataPower . This removes the dependency on, and isolates the customer from changes to DataPower's log structure.
- Customer can also Customers may add a link to redirect the syslog record, which redirects from each transaction into DPOD details transaction and ' transaction details, in order to enhance troubleshooting efforts.
- DPOD customer scan customers can use this feature to externalize DPOD info information for Data Warehouse purpose purposes.
- DPOD customers can keep summarize retain summarized transaction details. This will increase history information retention time period and minimize storage requirements.
Transaction Record
...
Structure
The following table describes the fields that are logged with this feature.
Field Name | Description | Possible Values |
---|---|---|
serviceType |
JSON example:
...
Service type as defined in DataPower | mpgw,wsp,xml-firewall,b2bgw | |
transactionGlobalId | DataPower global transaction ID (GTID) | 26 chars long |
transactionId | DataPower transaction ID (TID) | long number |
srcNodeName | The name of the DPOD node that captured the transaction | |
domainName | DataPower domain name where the transaction was executed | String |
deviceName | DataPower device name | String |
timeYearOnly | Year of transaction start | format YYYY |
timeMonthNum | Month number of transaction start | 1-12 |
timeDay | Day of month of transaction start | 1-31 |
timeHHMMSS | Full time of transaction start | format HHMMSS where: HH: 00-23 |
timeHour | Hour of transaction start | 00-23 |
timeMinute | Minute of transaction start | 0-59 |
timeSecond | Second of transaction start | 00-59 |
timeMicroSec | Microsecond of transaction start | |
timeZone | The time zone used to log transaction start | format +ZZZZ |
timeInMil | Transaction start time since Epoch in milliseconds | long number |
timeInMicroSec | Transaction start time since Epoch in microseconds | |
timeDayInYear | Day of year of transaction start | 1-365 |
timeSecondInDay | Second in the Day of transaction start | 0-86399 |
timeMinuteInDay | Minute in the Day of transaction start | 0-3599 |
timeDayInWeek | Day in a week of transaction start | 1-7. 1- Sunday, 7-Saturday. |
microSecTimestamp | Timestamp format of the time the transaction started | YYYY-MM-DDTHH:mm:ss.SSSSSS+ZZZZ |
aggRecordVersion | Estimated FW version of the DataPower that executed the transaction. (For internal use) | String |
technicalServiceName | Service Name. Note: in WSP we are not currently providing an operation name | String |
technicalErrorMessage | Error message relating to the transaction. This field will only be populated when the transaction completed with error. | String |
isTechnicalError | Indication whether the transaction completed with errors | true/false |
aggErrorCode | Error Code in DataPower | String |
message | The Syslog line that DPOD discerned is most likely to reflect the error cause | String |
aggIndTXError | Indication that information on error transaction was received | true/false |
aggIndTXFinished | Indication that information on transaction completion was received | true/false |
aggIndTXStarted | Indication that information on starting transaction arrived | true/false |
aggFirstTxOfGtx | Indication on whether this is the first transaction in a group. In this case -there might be a following transaction logged with the same GTID | true/false |
microSecTimestampFinish | For internal use | long |
aggUuidGtidEpochSeconds | For internal use | long |
docAddedTimeInMil | For internal use | long |
WDPTutXUuidGtidTid | For internal use | long |
WDPTutXUuidGtidDeviceId | For internal use | String |
aggUuidGtidTimst | For internal use | String |
microSecTimestampStart | For internal use | String |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
{ "_index" : "logical-tran-compact_i1", |
...
"_type" : "wdpLogicalTrans", |
...
"_id" : "802d48ad5976a98f00080cc4_527556", |
...
"_timestamp" : "2017-07-25T02:15:23.279Z", |
...
"_version" : 4, |
...
"_operation" : "INDEX", |
...
"_source" : |
...
{ "serviceType" : "mpgw", |
...
"timeDayInYear" : "206", |
...
"transactionGlobalId" : "802d48ad5976a98f00080cc4", |
...
"timeDayInWeek" : "2", |
...
"microSecTimestampStart" : "2017-07-25T05:14:39.570000+0000", |
...
"timeHHMMSS" : "05:14:39", |
...
"aggUuidGtidTimst" : "2017-07-25 02:14:39", |
...
"aggFirstTxOfGtx" : "true", |
...
"aggIndTXStarted" : "true", |
...
"deviceName" : "idg7600", |
...
"timeSecond" : "39", |
...
"aggUuidGtidEpochSeconds" : "1500948879", |
...
"timeSecondInDay" : "18879", |
...
"timeMinuteInDay" : "314", |
...
"timeYearOnly" : "2017", |
...
"timeInMicroSec" : "1500948879569000", |
...
"srcNodeName" : "NODE0", |
...
"timeDay" : "25", |
...
"microSecTimestamp" : "2017-07-25T05:14:39.569000+0000", |
...
"WDPTutXUuidGtidDeviceId" : "802d48ad", |
...
"timeInMil" : "1500948879569", |
...
"timeZone" : "+0000", |
...
"transactionId" : "527556", |
...
"timeMinute" : "14", |
...
"timeMonthNum" : "07", |
...
"domainName" : "APIMgmt_ACB198F9A6", |
...
"timeMicroSec" : "569000", |
...
"timeHour" : "05", |
...
"WDPTutXUuidGtidTid" : "00080cc4", |
...
"aggRecordVersion" : "7.6.0.0+", |
...
"technicalServiceName" : "GetDeliveryStatus_MHJV.MPGW", |
...
"docAddedTimeInMil" : "1500948882966", |
...
"technicalErrorMessage" : "Invalid JSON format", |
...
"isTechnicalError" : "1", |
...
"aggErrorCode" : "0x02130008", |
...
"message" : "<11>2017-07-25T05:14:39.570000+0000 MonTierLocalId-8 [0x02130008][mpgw][error] mpgw(GetDeliveryStatus_MHJV.MPGW): trans(527556)[error][192.168.0.112] gtid(802d48ad5976a98f00080cc4): Invalid JSON format\r", |
...
"aggIndTXError" : "true", |
...
"microSecTimestampFinish" : "2017-07-25T05:14:39.573000+0000", |
...
"aggIndTXFinished" : "true" |
...
} } |
Feature enablement
To Perform the following steps to enable this feature 3 steps are required:
- Install and configure Store plugin.
- Configure each syslog agent.
- restart systemStop and start all system services.
Plugin
...
Installation and
...
Configuration
- The plugin is located at /installs/tech-preview/es-changes-feed-plugin.zip
- In order to To extract the plugin please follow the procedure :
- cd /installs/tech-preview
- unzip es-changes-feed-plugin.zip
- The command will create the following files in the directory /installs/tech-preview :
- MonTierEventsFeedPlugin.zip
- MonTierEventsFeedPlugin.zip.md5
To install plugin just run execute the following commands:
cd /app/elasticsearch_base
bin/plugin install file:///installs/tech-preview/MonTierEventsFeedPlugin.zip
Approve the installation by pressing Y to the prompt question "Continue with installation? [y/N]"
To remove plugin issue command : bin/plugin remove file:///installs/tech-preview/MonTierEventsFeedPlugin.zipremove MonTierEventsFeedPlugin
Configure each Store node number 2 or 4 as follow:
- cd /app/elasticsearch_nodes/config/MonTier-es-raw-trans-Node-2
- Edit file elasticsearchthe elasticsearch.yml file
add to the end of file the parameters:
Parameter Values Description montier.events.feed.syslog.protocol tcp or udp the protocol used to send messages to syslog montier.events.feed.syslog.host ip addressv4 address v4 or valid hostname target syslog agent hostname montier.events.feed.syslog.port integer 1-65535 target syslog agent port montier.events.feed.syslog.ssl false or true disable or enable / disable sslSSL montier.events.feed.appname text A-Z|a-z|0-9 name - 8 chars syslog application name
Configure syslog agent
For each syslog agent that you have in the system perform the following:
- cd /app/flume/syslog_agents/conf/MonTier-SyslogAgent-nn/ (replace nn with the agent number)
- edit file flumethe flume_syslog.conf file
- Look in Locate in each each agent for rows with pattern: MonTier-SyslogAgent-nn.sinks.syslogElasticSinknnn.batchSize = (replace nnn with sink name 1 to 10!! and . Also - replace nn with the agent number !!)
- For each row found please add below the line Add below each of these rows the line below (substituting nn and nnn as described in step 3 above)
MonTier-SyslogAgent-nn.sinks.syslogElasticSinknnn.serializer.enableLogicalTx = false