How to tell if Trace is left active on my CA API Gateway Services

book

Article ID: 108031

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

The purpose of this document is to help identify CA API Gateway Services that have Trace turned on and alert about them to users using an email alert.

From time to time we turn trace on to get more detailed messages as we troubleshoot a problem with the CA API Gateway.

That trace generates a lot of Audit messages and if left on can cause the Audit tables to grow too fast causing the CA API Gateway IDBATA file (MYSQL) to grow until we are running out of disk space or room to create new Audits.

It is important to make sure Trace is turned off after the testing/troubleshooting are done.

But when having hundreds of services on the Gateway, how can we tell which one got Trace turned on?

Environment

Release:
Component: APIGTW

Resolution

In order for us to identify which CA API Gateway Services have their trace turned on, we can utilize a simple SQL Query against the CA API Gateway MYSQL DB.

The below steps will illustrate how such can be done.

1. Create a JDBC Connection to the CA API Gateway MYSQL DB:
1.1 Open the Policy Manager and navigate to the 'Tasks' --> 'data Sources' --> Manage JDBC Connections'

<Please see attached file for image>

Get to JDBC Settings

1.2 Create a new JDBC Connection to your CA API Gateway MYSQL DB:

<Please see attached file for image>

Create the needed JDBC Connection

2. Create a new Policy with type: Policy-Backed Service Operation Policy Fragment

<Please see attached file for image>

Create the needed Policy

3. Add the below rules in your policy:

<Please see attached file for image>

The Policy we create

3.1 Create the 'Perform JDBC Query' based on the JDBC Connection you created in Step 1:

<Please see attached file for image>

JDBC Query in play

3.2 Create a condition to continue if at least one service was found with trace on.

<Please see attached file for image>

Condition To Verify

3.3 Create the needed Email Alert settings:

<Please see attached file for image>

Email Alert Setting

3.4 Save and Activate your policy.


4. Create a new scheduled task/job to be run with the policy created.

4.1 Go to 'Tasks' --> 'Global Settings' --> 'Manage Scheduled Tasks'

<Please see attached file for image>

Go to Scheudled Tasks TAB

4.2 Add the needed task.

<Please see attached file for image>

Create the needed scheduled task

Once an email will be generated and sent out, the needed Policy Manager users/admins can quickly locate the services in play and turn the trace off.

Attachments

1558698764374000108031_sktwi1f5rjvs16jgi.png get_app
1558698762337000108031_sktwi1f5rjvs16jgh.png get_app
1558698760510000108031_sktwi1f5rjvs16jgg.png get_app
1558698758772000108031_sktwi1f5rjvs16jgf.png get_app
1558698756884000108031_sktwi1f5rjvs16jge.png get_app
1558698755225000108031_sktwi1f5rjvs16jgd.png get_app
1558698753561000108031_sktwi1f5rjvs16jgc.png get_app
1558698751685000108031_sktwi1f5rjvs16jgb.png get_app
1558698749618000108031_sktwi1f5rjvs16jga.png get_app