Versions Compared

Old Version 8

changes.mady.by.user Hanan Kenan

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The feature is responisble for sending syslog record for each datapower transaction.

In v1.0.5 a new feature was introduced as a tech preview ,

This syslog record is a json formatted data object the consist of This is a tech preview feature introduced in v1.0.5. When used, a syslog record will be sent for each DataPower transaction.

The syslog record used is a json-formatted data object, containing information aggregated from several sources on relating to the transaction.

The feature required requires DataPower FW 7.6+

Customer value

...

Value to Customers

  • This feature allows customers to easily show datapower display DataPower information on their APMs or log aggregator such as IBM APMs , Splunk or ELK without being exposed to changes in DataPower . This removes the dependency on, and isolates the customer from changes to DataPower's log structure.
  • Customer can also Customers may add a link to redirect the syslog record, which redirects from each transaction into DPOD details transaction and ' transaction details, in order to enhance troubleshooting efforts.
  • DPOD customer scan customers can use this feature to externalize DPOD info information for Data Warehouse purpose purposes.
  • DPOD customers can keep summarize retain summarized transaction details. This will increase history information retention time period and will minimize storage requirements.


Transaction Record

...

Structure

The following table describes the fields that are logged with this feature.

Field NameDescriptionPossible
values
Values
serviceTypeService type as defined in DataPowermpgw,wsp,xml-firewall,b2bgw
timeDayInYearNumber represents day in year1-365microSecTimestampStart
transactionGlobalIdDataPower global transaction ID (GTID)26 chars long
timeDayInWeekNumber represents day in a week1-7. 1- Sunday, 7-Saturday.
transactionIdDataPower transaction ID (TID)long number
srcNodeNameThe name of the DPOD node that captured the transaction
domainNameDataPower domain name where the transaction was executedString
deviceNameDataPower device nameString
timeYearOnlyYear of transaction startformat YYYY
timeMonthNumMonth number of transaction start1-12
timeDayDay of month of transaction start1-31
timeHHMMSSFull time
when
of transaction
started
start

format HHMMSS where:

HH

-

: 00-23
MM

-

: 00-59
SS: 00-59

timeHourHour of transaction start00-23
timeMinuteMinute of transaction start0-59
aggUuidGtidTimstInternal useaggFirstTxOfGtxIndication if this is the first transaction in case there might be following transaction with the same GTIDtrue/falseaggIndTXStartedIndication that information on starting transaction arrivedtrue/falsedeviceNamedatapower system nametimeSecondSecond when transaction startedaggUuidGtidEpochSecondsInternal usetimeSecondInDayNumber of a second in the Day when transactio started
timeSecondSecond of transaction start00-59
timeMicroSec

Microsecond of transaction start


timeZoneThe time zone used to log transaction startformat +ZZZZ
timeInMilTransaction start time since Epoch in millisecondslong number
timeInMicroSec

Transaction start time since Epoch in microseconds


timeDayInYearDay of year of transaction start1-365
timeSecondInDaySecond in the Day of transaction start0-86399
timeMinuteInDay
Number of a minute
Minute in the Day
when transactio started
of transaction start0-3599
timeYearOnlyYear when
timeDayInWeekDay in a week of transaction start1-7. 1- Sunday, 7-Saturday.
microSecTimestampTimestamp format of the time the transaction started
format YYYYtimeInMicroSec

transaction start time in Epoch in microseconds

srcNodeNameDPOD node name the capture the transactiontimeDayDay when transaction started1-31microSecTimestampInternal useWDPTutXUuidGtidDeviceIdInternal usetimeInMiltransaction start time in Epoch in millislong numbertimeZonetime zone when transaction startedformat +ZZZZtransactionIdDataPower transaction ID (TID)long numbertimeMinuteMinute when transaction started 0-59timeMonthNumMonth number when transaction started 1-12domainNameDataPower domain name where transaction executedStringtimeMicroSec

Microsecond when transaction started

timeHourHour when transaction started 00-23WDPTutXUuidGtidTidaggRecordVersiontechnicalServiceNamedocAddedTimeInMiltechnicalErrorMessageisTechnicalErroraggErrorCodemessageaggIndTXErrormicroSecTimestampFinishaggIndTXFinished

 JSON example:

...

YYYY-MM-DDTHH:mm:ss.SSSSSS+ZZZZ
aggRecordVersionEstimated FW version of the DataPower that executed the transaction. (For internal use)String
technicalServiceNameService Name.
Note: in WSP we are not currently providing an operation name		String
technicalErrorMessageError message relating to the transaction.
This field will only be populated when the transaction completed with error.		String
isTechnicalErrorIndication whether the transaction completed with errorstrue/false
aggErrorCodeError Code in DataPowerString
messageThe Syslog line that DPOD discerned is most likely to reflect the error causeString
aggIndTXErrorIndication that information on error transaction was receivedtrue/false
aggIndTXFinishedIndication that information on transaction completion was receivedtrue/false
aggIndTXStartedIndication that information on starting transaction arrivedtrue/false
aggFirstTxOfGtxIndication on whether this is the first transaction in a group. In this case -there might be a following transaction logged with the same GTIDtrue/false
microSecTimestampFinishFor internal uselong
aggUuidGtidEpochSecondsFor internal uselong
docAddedTimeInMilFor internal uselong
WDPTutXUuidGtidTidFor internal uselong
WDPTutXUuidGtidDeviceIdFor internal useString
aggUuidGtidTimstFor internal useString
microSecTimestampStart For internal use
String


Code Block
languagejava
titleJSON Example
linenumberstrue
{
   "_index" : "logical-tran-compact_i1",

...


   "_type" : "wdpLogicalTrans",

...


   "_id" : "802d48ad5976a98f00080cc4_527556",

...


   "_timestamp" : "2017-07-25T02:15:23.279Z",

...


   "_version" : 4,

...


   "_operation" : "INDEX",

...


   "_source" :

...

 {
      "serviceType" : "mpgw",

...


      "timeDayInYear" : "206",

...


      "transactionGlobalId" : "802d48ad5976a98f00080cc4",

...


      "timeDayInWeek" : "2",

...


      "microSecTimestampStart" : "2017-07-25T05:14:39.570000+0000",

...


      "timeHHMMSS" : "05:14:39",

...


      "aggUuidGtidTimst" : "2017-07-25 02:14:39",

...


      "aggFirstTxOfGtx" : "true",

...


      "aggIndTXStarted" : "true",

...


      "deviceName" : "idg7600",

...


      "timeSecond" : "39",

...


      "aggUuidGtidEpochSeconds" : "1500948879",

...


      "timeSecondInDay" : "18879",

...


      "timeMinuteInDay" : "314",

...


      "timeYearOnly" : "2017",

...


      "timeInMicroSec" : "1500948879569000",

...


      "srcNodeName" : "NODE0",

...


      "timeDay" : "25",

...


      "microSecTimestamp" : "2017-07-25T05:14:39.569000+0000",

...


      "WDPTutXUuidGtidDeviceId" : "802d48ad",

...


      "timeInMil" : "1500948879569",

...


      "timeZone" : "+0000",

...


      "transactionId" : "527556",

...


      "timeMinute" : "14",

...


      "timeMonthNum" : "07",

...


      "domainName" : "APIMgmt_ACB198F9A6",

...


      "timeMicroSec" : "569000",

...


      "timeHour" : "05",

...


      "WDPTutXUuidGtidTid" : "00080cc4",

...


      "aggRecordVersion" : "7.6.0.0+",

...


      "technicalServiceName" : "GetDeliveryStatus_MHJV.MPGW",

...


      "docAddedTimeInMil" : "1500948882966",

...


      "technicalErrorMessage" : "Invalid JSON format",

...


      "isTechnicalError" : "1",

...


      "aggErrorCode" : "0x02130008",

...


      "message" : "<11>2017-07-25T05:14:39.570000+0000 MonTierLocalId-8 [0x02130008][mpgw][error] mpgw(GetDeliveryStatus_MHJV.MPGW): trans(527556)[error][192.168.0.112] gtid(802d48ad5976a98f00080cc4): Invalid JSON format\r",

...


      "aggIndTXError" : "true",

...


      "microSecTimestampFinish" : "2017-07-25T05:14:39.573000+0000",

...


      "aggIndTXFinished" : "true"

...


   }
}


Feature enablement

To Perform the following steps to enable this feature 3 steps are required: 

  1. Install and configure Store plugin.
  2. Configure each syslog agent.
  3. restart systemStop and start all system services.

Plugin

...

Installation and

...

Configuration

  1. The plugin is located at  /installs/tech-preview/es-changes-feed-plugin.zip
  2. In order to To extract the plugin please follow the procedure :
    1. cd  /installs/tech-preview
    2. unzip es-changes-feed-plugin.zip
    3. The command will create the following files in the directory /installs/tech-preview :
      1. MonTierEventsFeedPlugin.zip
      2. MonTierEventsFeedPlugin.zip.md5

  3. To install plugin just run execute the following commands: 

    1. cd /app/elasticsearch_base

    2. bin/plugin install file:///installs/tech-preview/MonTierEventsFeedPlugin.zip

    3. Approve the installation by pressing Y to the prompt question "Continue with installation? [y/N]"

    4. To remove plugin issue command : bin/plugin remove file:///installs/tech-preview/MonTierEventsFeedPlugin.zipremove MonTierEventsFeedPlugin

  4. Configure each Store node number 2 or 4 as follow:

    1. cd /app/elasticsearch_nodes/config/MonTier-es-raw-trans-Node-2 
    2. Edit file elasticsearchthe elasticsearch.yml file

  5. add to the end of file the parameters:

    ParameterValuesDescription
    montier.events.feed.syslog.protocoltcp or udpthe protocol used to send messages to syslog
    montier.events.feed.syslog.hostip addressv4 address v4 or valid hostnametarget syslog agent hostname
    montier.events.feed.syslog.portinteger 1-65535target syslog agent port
    montier.events.feed.syslog.sslfalse or truedisable or enable / disable sslSSL
    montier.events.feed.appnametext A-Z|a-z|0-9 name - 8 charssyslog application name


Configure syslog agent

For each syslog agent that you have in the system perform the following:

  1. cd /app/flume/syslog_agents/conf/MonTier-SyslogAgent-nn/ (replace nn with the agent number)
  2. edit file flumethe flume_syslog.conf file
  3. Look  in each Locate in each agent for rows with pattern:  MonTier-SyslogAgent-nn.sinks.syslogElasticSinknnn.batchSize = (replace nnn with sink name 1 to 10!! and . Also - replace nn with the agent number !!)
  4. For each row found please add below the line Add below each of these rows the line below (substituting nn and nnn as described in step 3 above)
    MonTier-SyslogAgent-nn.sinks.syslogElasticSinknnn.serializer.enableLogicalTx = false