Overview of new monitoring metrics “technology preview” coming in AM 5.5. The metrics added in AM 5.5 were initially motivated to support internal performance testing but consideration was also given to what would be useful for customers. The aim is to add more metrics and offer consistent means of accessing these metrics across all ForgeRock products in the 6.0.0 release.
In AM 5.5, we've started to replace the existing monitoring framework with one based on DropWizard Metrics. DropWizard Metrics offers a simpler API, allows us to be more consistent across the platform, and has out of the box support for various means of accessing metrics (JMX, Graphite, etc)
As this work is evolving, feedback would be very welcome. For example...
- what use cases are you looking to solve using metrics? (business metrics, operational metrics, other metrics)
- how useful are these new metrics?
- what further metrics would be desirable? which areas of the products are you most interested in monitoring?
- how would you like to consume these metrics? (JMX, REST, Prometheus, DataDog, Splunk, Elasticsearch, SNMP, other)
Overview of AM 5.5 Auditing
Noted that classic auditing in AM has been deprecated for a number of releases now and will be removed soon
Walked through use case using Elasticsearch + Kibana: Tracing config changes - what was changed, who changed it, how did they authenticate, what was their IP address, etc
- Identify change in config topic
- Search for audit events sharing any of the same trackingIds in order to see all events relating to this session
- Filter to just show authentication events with any of the same trackingIds to see how the session was authenticated
- Search for audit events with the same transactionId as the authentication completed event in order to see all events raised in response to that HTTP call
- Filter to just show access events in order to see details such as client IP, HTTP headers, etc
- Can policy agent activity / audit events be linked to AM audit events?
- Agent 5+ will adopt new Audit framework and allows events to be correlated by transactionId and trackingId