MonitorProbe

Stable Version 1.2.0 (O11)
Also available for 10
Published on 13 Apr by 
OutSystems Professional Services DevOps team
Stable Version 1.2.0 (O11)
Also available for 10
Published on 13 Apr by 
OutSystems Professional Services DevOps team
OutSystems Professional Services DevOps team
Created on 18 October 2018

MonitorProbe

Documentation

Configurations before using it

The MonitorProbe supports 3 different types of authentication that the consumer applications/components can use to extract the logs:

  • Basic: this type of authentication is going to use Basic authentication, but not in the scope of external plugins usage. This option uses the normal username and password to validate if the user can access or not the logs

  • Token: this type of authentication is going to use a Bearer token. This option will validate if a specific token that you have set in the site property RequestTokenAuthentication matches the token received in the Authorization header of the requests

  • None: this type of authentication will skip any kind of authentication

Note: If your IT users access through an external authentication plugin, use the “Token” authentication. 

By default, the authentication is set to “Basic”, but if you want to change, follow the below section “Authentication configuration”


Authentication configuration

Follow the next steps to set the authentication that you want

  1. Install/Update the MonitorProbe application on the environment that you want to extract the logs (if you have the component already installed or updated to the last version, skip this step)

  2. Now go to the detail of the module MonitorProbe in Service Center and open the tab “Site Properties”

  1.  Set the effective value of the site property AuthenticationType with the option that you want to use to validate the access to the logs.

  2. If you set the previous value as “Token”, you have to also set the site property RequestTokenAuthentication with the token that the requests must pass on the Authorization header as “Bearer <token you defined>

  3. If you set the value as “Basic”, you just have to pass your requests with authorization header as “Basic <base64-encoded string username:password>


Basic authentication with user permissions check

If the version of your LifeTime is 11.5 or higher and you want to enforce the check of the user permissions set in LifeTime, follow the steps on the specific section of the documentation. 

Note: This check of permissions is only applied to Basic authentication and requires a service account. 

If you don't want to validate the permissions of the user defined to extract the logs set the value of site property EnforceLifetimeAccessControl to "False"


Lifetime Configurations

  1. Go to LifeTime and create a service account to access LifetimeAPI methods (applicable if the lifetime version is 11.5 or higher)

  1. The service account needs to have a role with permissions to Manage Infrastructure and Users in order to be able to access some of LifetimeAPI methods

  2. Save the token shown after creating the service account. This token will be used later in a site property

  3. Create an IT user with a default role that has the minimum permission level to access the logs on the specific environment where the MonitorProbe will be or is installed. The permission level should be you to define, however, we recommend you to use the "Monitor and Add Dependencies" role.

  1. Install/Update the MonitorProbe application on the environment that you want to extract the logs (if you have the component already installed or updated to the last version, skip this step)

  2. Now go to the detail of the module MonitorProbe in the service center and open the tab site properties

  1. Set the effective value of the site property Authentication_ServiceAccountToken with the token that you saved on step 3;

  2. Set the effective value of the site property MinimumPermissionLevelLabel with the permission label that the default role has on the environment where you have installed the MonitorProbe (you have set this in step 4, the below image shows where the name can be checked)

  1. Now, set the effective value of the site property TimeToForceAuthentication with the number of minutes that represent the period of time since the first access until you want to force a new check of user authorization level

  2. Now go to the Integrations tab and change the base URL of the LifetimeRESTAPI to be the URL of the environment where your LifeTime is.



Site Properties


  • Authentication_ServiceAccountToken

    • Token of the service account created to access LifeTimeAPI (applicable if the lifetime version is 11.5 or higher).

  • AuthenticationType

    • This site property defines the type of authentication you want to use when making requests to the MonitorProbe methods. There are 3 options:

      • Basic: this type of authentication is going to use Basic authentication, but not in the scope of external plugins usage

      • Token: this type of authentication is going to use a Bearer token

      • None: this type of authentication will skip any kind of authentication

    • Default: “Basic

  • EnforceLifetimeAccessControl

    • Flag to turn ON/OFF the check the permission level of the user role using LifetimeAPI (applicable if the lifetime version is 11.5 or higher). If you turn OFF (set to False), it will check if the user is an IT user no check to the role will be done. Default: True

  • MinimumPermissionLevelLabel

    • Label of the minimum permission to access the platform logs. Default: "Monitor and Add Dependencies"

  • RequestTokenAuthentication

    • Should hold the token to be used when the type of authentication was set as “Token”.

  • TimeToForceAuthentication

    • Number of minutes of a "live session" until the system forces a new authentication. Default: 60


Timers

  • ClearOldAccessControls

    • Timer to clear old access control records. By default it is set to run weekly on Saturday at 11PM UTC.

 

Important Notes

  1. If you have an integration with a 3rd party tool(like this one) that is using the MonitorProbe to poll the logs, make sure you adjust the polling time to fit the size of data being collected during that period.

  2. The greater is the number of events logged to be fetched, the shorter has to be the polling time. This rule is crucial to decrease the impact on the performance of the front-end servers.

  3. Based on our benchmarking tests we advise you to not poll more than 20k records per minute in order to have acceptable times, nevertheless these numbers depend on the number of Front-Ends and their specs. So based on the previous point 2, adjust your use case in order to have the best performance and fit your needs


Support Options
This component is not supported by OutSystems. You may use the discussion forums to leave suggestions or obtain best-effort support from the community, including from OutSystems Professional Services DevOps team who created this component.
Dependencies
MonitorProbe has no dependencies.