This is a tech preview feature
When APM Integration is enabled, a Syslog record will be sent to an external APM (or any other Syslog server) for each gateway transaction.
The Syslog record used is a JSON-formatted data object, containing information aggregated from several sources related to the transaction.
The feature requires DataPower FW 7.6+.
Value to Customers
- This feature allows customers to easily display gateway information on their APMs or log aggregators such as IBM APM, Splunk or ELK. This isolates the customer from changes to DataPower's log structure and saves the need to parse Syslog records.
- Customers may link from the displayed transaction in their APM to DPOD's transaction details, in order to enhance troubleshooting efforts.
- DPOD customers can use this feature to externalize DPOD information for data warehouse purposes.
- DPOD customers can retain only the summarized transaction details instead of all log records. This will increase history retention time period and minimize storage requirements.
Transaction Record Structure
The following table describes the fields that are logged with this feature.
Field Name | Description | Possible Values |
---|---|---|
deviceName | DataPower gateway name | String |
domainName | DataPower domain name where the transaction was executed | String |
latencyElapsed | The elapsed time of the transaction in milliseconds | long |
microSecTimestamp | Timestamp format of the time the transaction started | String |
microSecTimestampStart | For internal use | String |
microSecTimestampFinish | For internal use | String |
serviceType | Service type as defined in the gateway | String - mpgw,wsp,xml-firewall,b2bgw |
serviceUri | Request URI | String |
serviceUrl | Request URL | String |
srcNodeName | The name of the DPOD node that captured the transaction | String |
isError | Indication whether the transaction completed with errors | Boolean true/false |
isTechnicalError | Indication whether the transaction completed with errors | Boolean true/false |
clientIp | The client IP of the machine (or load balancer) where the transaction started. | String |
serviceName | The service the transaction ran on. | String |
transactionId | DataPower transaction ID (TID) | String |
transactionGlobalId | DataPower global transaction ID (GTID) | 26 chars long |
timeZone | The time zone used to log transaction start | String format +ZZ:ZZ |
docAddedTimeInMil | For internal use | long |
timeInMil | Transaction start time since Epoch in milliseconds | long number |
timeHHMMSS | Full time of transaction start | String format HHMMSS where: HH: 00-23 |
requestSize | The request size | long |
aggRecordVersion | Estimated FW version of the gateway that executed the transaction. (For internal use) | String |
JSON Example
{ "_index": "[logical-tran-compact_i3][0]", "_type": "wdpLogicalTransChild", "_id": "ea5ae3c55b45be5500056a13_348659", "_timestamp": "2018-07-11T08:22:45.457Z", "_version": 5, "_operation": "INDEX", "_source": { "deviceName": "1cb3a54303a9", "domainName": "Infra_Domain", "latencyElapsed": 2, "microSecTimestamp": "2018-07-11T11:22:45.313729+03:00", "microSecTimestampStart": "2018-07-11T11:22:45.313729+03:00", "microSecTimestampFinish": "2018-07-11T11:22:45.315558+03:00", "serviceType": "xmlfirewall", "serviceUri": "/UpdateWantedMenProfiles_WHSW/Service.asmx", "serviceUrl": "http://Infra.HA:2555/UpdateWantedMenProfiles_WHSW/Service.asmx", "srcNodeName": "NODE0", "isError": false, "isTechnicalError": false, "clientIp": "172.77.77.5", "serviceName": "WSS_Loopback.XMLFW", "transactionId": "348659", "transactionGlobalId": "ea5ae3c55b45be5500056a13", "timeZone": "+03:00", "docAddedTimeInMil": 1531297365329, "timeHHMMSS": "11:22:45", "timeInMil": 1531297365313, "aggRecordVersion": "7.6.0.0+" } }
Feature enablement
For each syslog agent in the system perform the following:
- Edit the file /app/flume/syslog_agents/conf/MonTier-SyslogAgent-nn/flume_syslog.conf
- Change the following property to true instead of false:
MonTier-SyslogAgent-nn.sinks.syslogElasticSinknnn.serializer.enableLogicalTx = true
Stop and start Syslog agents