Integrate with con terra applications

Overview

sec.man usage

service.monitor can be integrated with other con terra products. This is possible due to the same kind of handling and securing of http Requests. Once integration has been accomplished, the following parameters will be logged on client access:

  • basic HTTP request parameters (URL, protocol)

  • basic HTTP response parameters (request duration, HTTP status code)

  • User Agent

  • authentication information

  • client IP

Procedure

  1. Follow configurations for map.apps client integration

  2. Integration of map.apps and security.manager Enterprise Edition (Server) (see below)

Overview of integrating map.apps and security.manager Enterprise Edition

security.manager
Version Comment

< 4.15

Please update security.manager first

4.15 - 4.18

Procedure as described below

from 4.19

The WSS web application is already prepared for integration, the activation is done exclusively via the application.properties (see instructions below).

The administration web application can be integrated manually in the same way (see instructions below).
map.apps
Version Comment

4.7 - 4.17

The map.apps web application needs to be manipulated to integrate the service.monitor (see instructions below).

from 4.18

The map.apps web application is already prepared for integration, the activation is done exclusively via the application.properties (see instructions below).
INFO

With version 4.6.0 of service.monitor, the file ct-analytics-usagelog-api-<version>.jar has been renamed and is now called ct-monitor-analytics-message-extender-<version>.jar. Please note this in future security.manager versions.

Integrate with con terra security.manager Enterprise Edition

In order to log information about requests in your security.manager installation, you need to install the shipped GelfWebSecurityProcessor. This processor usually logs via UDP protocol, TCP protocol is also possible.

Steps for installation and configuration (since version 4.19)

Since security.manager 4.18, the integration is shipped with security.manager (WSS) directly and only has to be activated/configured in the application.properties file. Manual integration of the administration web application is presented in the following steps.

  1. The concrete definition of the connection parameters takes place in [SECURITY_MANAGER_DATA_FOLDER]/application.properties

    analytics.enabled=true
analytics.gelf.host=logstash-host.example.com
analytics.gelf.port=12201
analytics.gelf.protocol=udp
analytics.gelf.identifier=security.manager

  2. administration webapp only:

    1. Copy the following files from [security.manager]/webapps/wss/WEB-INF/lib to [security.manager]/webapps/administration/WEB-INF/lib

      1. ct-monitor-analytics-message-extender-<version>.jar or ct-analytics-usagelog-api-<version>.jar

      2. gelfclient-<version>.jar

      3. netty-*-<version>.Final.jar

    2. Manually customise the [security.manager]/webapps/administration/WEB-INF/classes/spring-filter-config.xml:

      1. Add the bean reference <ref bean="monitorAnalyticsFilter"/> after <ref bean="webSecurityFilter"/> (~ line 50)

      2. Insert the snippet below before the closing beans element at the end of the file

        <bean id="monitorAnalyticsFilter" factory-bean="monitorAnalyticsFilterFactory" factory-method="create"/>
<bean id="monitorAnalyticsFilterFactory" class="de.conterra.usagelog.support.SecmanEEMonitorFilterFactory" destroy-method="close"
	  p:enabled="${analytics.enabled}"
	  p:identifier="${analytics.gelf.identifier}"
	  p:gelfHost="${analytics.gelf.host}"
	  p:gelfPort="${analytics.gelf.port}"
	  p:gelfProtocol="${analytics.gelf.protocol}"
/>

  3. Please restart your servlet container after applying the changes.

Steps for installation and configuration (before version 4.19)

  1. Copy the *.jar files located in /resources/analytics/webapp-integration/lib

    1. to [security.manager]/webapps/wss/WEB-INF/lib

    2. to [security.manager]/webapps/administration/WEB-INF/lib

  2. File /resources/analytics/webapp-integration/security.manager-<version>/spring-filter-config-administration.xml:

    1. to [security.manager]/webapps/administration/WEB-INF/classes/spring-filter-config.xml

  3. File /resources/analytics/webapp-integration/security.manager-<version>/spring-filter-config-wss.xml:

    1. to [security.manager]/webapps/wss/WEB-INF/classes/spring-filter-config.xml

  4. Configuration of parameters is done in [SECURITY_MANAGER_DATA_FOLDER]/application.properties

    analytics.gelf.server=logstash-host.example.com
analytics.gelf.port=12201
analytics.message.src=security.manager
analytics.log.enabled=true

  5. Please restart your servlet container after applying the changes.

map.apps

To collect information about requests to map.apps, the GelfWebSecurityFilter associated with the installation must be activated. The processor usually sends its data via UDP protocol to the Logstash pipeline, alternatively TCP dispatch is possible.

Steps for installation and configuration since map.apps version 4.18

Since map.apps 4.18, the service.monitor integration is shipped with map.apps directly and only has to be activated/configured in the application.properties file.

  1. Add the following configuration properties to the file [MAPAPPS_DATA_FOLDER]/application.properties and adjust the values:

    analytics.enabled=true
analytics.gelf.host=logstash-host.example.com
analytics.gelf.port=12201
analytics.gelf.protocol=udp
analytics.gelf.identifier=map.apps

  2. Restart the servlet container (e.g. Tomcat)

Steps for installation and configuration before map.apps version 4.18

Proceed as follows for installation and configuration:

  1. Copy the JAR files from /resources/analytics/webapp-integration/lib
    to [map.apps]/WEB-INF/lib

  2. Copy the file /resources/analytics/webapp-integration/map.apps-<version>/spring-filter-config.xml
    to [map.apps]/WEB-INF/classes/spring-filter-config.xml.

  3. Add the following configuration properties to the file [MAPAPPS_DATA_FOLDER]/application.properties and adjust the values:

    analytics.gelf.server=logstash-host.example.com
analytics.gelf.port=12201
analytics.message.src=map.apps
analytics.log.enabled=true

  4. Restart the servlet container (e.g. Tomcat)

Integrate with other con terra products

A lot of other con terra products support service.monitor integration as shown above. Please ask for Support Plus or consultancy services for additional support.

Logging parameters

useragent

Information about the user’s OS and browser.

Example:

"user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0"
client_ip

Anonymized client IP.

Example:

"client_ip": "123.12.12.000"
request

Request parameter information.

Example:

"request" : {
  "server_host": "secman-host.example.com",
  "url_query": "?queryProperty=testvalue",
  "server_context: "/wss",
  "referrer": "http://www.example.com",
  "protocol": "https"
}
auth

Authentication information.

Example:

"auth": {
  "authenticated": true,
  "user_id": "userA",
  "login_time": "2011-17-10 11:17:50",
  "group_name": "sampleGroup",
  "roles": [
    "admin",
    "editor"
  ]
}
response

Response parameter information.

Example:

"response": {
  "status": 200
}
response_time

Response time in nanoseconds and response time in milliseconds.

Example:

"response_time": 12345678,
"response_time_ms": 1234.5678