How to tell if Trace is left active on my CA API Gateway Services
Article ID: 108031
Updated On:
Products
CA API Gateway (Layer 7)
SA94 to API SECURITY
STARTER PACK-7
CA Rapid App Security
MOBILE API GATEWAY
CA Mobile - API Gateway
CA API Gateway
Issue/Introduction
The purpose of this document is to help identify CA API Gateway Services that have Trace turned on and alert about them to users using an email alert.
From time to time we turn trace on to get more detailed messages as we troubleshoot a problem with the CA API Gateway.
That trace generates a lot of Audit messages and if left on can cause the Audit tables to grow too fast causing the CA API Gateway IDBATA file (MYSQL) to grow until we are running out of disk space or room to create new Audits.
It is important to make sure Trace is turned off after the testing/troubleshooting are done.
But when having hundreds of services on the Gateway, how can we tell which one got Trace turned on?
From time to time we turn trace on to get more detailed messages as we troubleshoot a problem with the CA API Gateway.
That trace generates a lot of Audit messages and if left on can cause the Audit tables to grow too fast causing the CA API Gateway IDBATA file (MYSQL) to grow until we are running out of disk space or room to create new Audits.
It is important to make sure Trace is turned off after the testing/troubleshooting are done.
But when having hundreds of services on the Gateway, how can we tell which one got Trace turned on?
Environment
Release:
Component: APIGTW
Component: APIGTW
Resolution
In order for us to identify which CA API Gateway Services have their trace turned on, we can utilize a simple SQL Query against the CA API Gateway MYSQL DB.
The below steps will illustrate how such can be done.
1. Create a JDBC Connection to the CA API Gateway MYSQL DB:
1.1 Open the Policy Manager and navigate to the 'Tasks' --> 'data Sources' --> Manage JDBC Connections'
1.2 Create a new JDBC Connection to your CA API Gateway MYSQL DB:
2. Create a new Policy with type: Policy-Backed Service Operation Policy Fragment
3. Add the below rules in your policy:
3.1 Create the 'Perform JDBC Query' based on the JDBC Connection you created in Step 1:
3.2 Create a condition to continue if at least one service was found with trace on.
3.3 Create the needed Email Alert settings:
3.4 Save and Activate your policy.
4. Create a new scheduled task/job to be run with the policy created.
4.1 Go to 'Tasks' --> 'Global Settings' --> 'Manage Scheduled Tasks'
4.2 Add the needed task.
Once an email will be generated and sent out, the needed Policy Manager users/admins can quickly locate the services in play and turn the trace off.
The below steps will illustrate how such can be done.
1. Create a JDBC Connection to the CA API Gateway MYSQL DB:
1.1 Open the Policy Manager and navigate to the 'Tasks' --> 'data Sources' --> Manage JDBC Connections'
<Please see attached file for image>
1.2 Create a new JDBC Connection to your CA API Gateway MYSQL DB:
<Please see attached file for image>
2. Create a new Policy with type: Policy-Backed Service Operation Policy Fragment
<Please see attached file for image>
3. Add the below rules in your policy:
<Please see attached file for image>
3.1 Create the 'Perform JDBC Query' based on the JDBC Connection you created in Step 1:
<Please see attached file for image>
3.2 Create a condition to continue if at least one service was found with trace on.
<Please see attached file for image>
3.3 Create the needed Email Alert settings:
<Please see attached file for image>
3.4 Save and Activate your policy.
4. Create a new scheduled task/job to be run with the policy created.
4.1 Go to 'Tasks' --> 'Global Settings' --> 'Manage Scheduled Tasks'
<Please see attached file for image>
4.2 Add the needed task.
<Please see attached file for image>
Once an email will be generated and sent out, the needed Policy Manager users/admins can quickly locate the services in play and turn the trace off.
Attachments
Feedback
Powered by
