monitorprobe
Web icon

MonitorProbe

Stable version 1.2.0 (Compatible with OutSystems 11)
Other versions available for 10
Uploaded
 on 13 April 2021
 by 
OutSystems Lab
5.0
 (2 ratings)
monitorprobe

MonitorProbe

Documentation
1.2.0

Configurations before using it

The MonitorProbe supports 3 different types of authentication that the consumer applications/components can use to extract the logs:

  • Basic: this type of authentication is going to use Basic authentication, but not in the scope of external plugins usage. This option uses the normal username and password to validate if the user can access or not the logs

    • Important note: When using this type of authentication it's important fulfil what is indicated on the section "Basic authentication with user permissions check". In particular, the fact of needing to have a IT User/Lifetime Service account that allows to assure that the user making Basic Authentication as the permissions to access the data

  • Token: this type of authentication is going to use a Bearer token. This option will validate if a specific token that you have set in the site property RequestTokenAuthentication matches the token received in the Authorization header of the requests

  • None: this type of authentication will skip any kind of authentication


Note: If your IT users authentication through an external authentication plugin, use the “Token” authentication. 

By default, the authentication is set to “Basic”, but if you want to change, you can do it through editing this application site properties. To know how, follow the below section “Authentication configuration”.


Authentication configuration

Follow the next steps to set the authentication that you want

  1. Install/Update the MonitorProbe application on the environment that you want to extract the logs (if you have the component already installed or updated to the last version, skip this step)

  2. Now go to the detail of the module MonitorProbe in Service Center and open the tab “Site Properties”

  1.  Set the effective value of the site property AuthenticationType with the option that you want to use to validate the access to the logs.

  2. If you set the previous value as “Token”, you have to also set the site property RequestTokenAuthentication with the token that the requests must pass on the Authorization header as “Bearer <token you defined>

  3. If you set the value as “Basic”, you just have to pass your requests with authorization header as “Basic <base64-encoded string username:password>


Basic authentication with user permissions check

If the version of your LifeTime is 11.5 or higher and you want to enforce the check of the user permissions set in LifeTime, follow the steps on the specific section of the documentation. 

Note: This check of permissions is only applied to Basic authentication and requires a service account. 

If you don't want to validate the permissions of the user defined to extract the logs set the value of site property EnforceLifetimeAccessControl to "False"


Lifetime Configurations

  1. Go to LifeTime and create a service account to access LifetimeAPI methods (applicable if the lifetime version is 11.5 or higher)

  1. The service account needs to have a role with permissions to Manage Infrastructure and Users in order to be able to access some of LifetimeAPI methods

  2. Save the token shown after creating the service account. This token will be used later in a site property

  3. Create an IT user with a default role that has the minimum permission level to access the logs on the specific environment where the MonitorProbe will be or is installed. The permission level should be you to define, however, we recommend you to use the "Monitor and Add Dependencies" role.

  1. Install/Update the MonitorProbe application on the environment that you want to extract the logs (if you have the component already installed or updated to the last version, skip this step)

  2. Now go to the detail of the module MonitorProbe in the service center and open the tab site properties

  1. Set the effective value of the site property Authentication_ServiceAccountToken with the token that you saved on step 3;

  2. Set the effective value of the site property MinimumPermissionLevelLabel with the permission label that the default role has on the environment where you have installed the MonitorProbe (you have set this in step 4, the below image shows where the name can be checked)

  1. Now, set the effective value of the site property TimeToForceAuthentication with the number of minutes that represent the period of time since the first access until you want to force a new check of user authorization level

  2. Now go to the Integrations tab and change the base URL of the LifetimeRESTAPI to be the URL of the environment where your LifeTime is.



Site Properties (the options available and the possible configurations)


  • Authentication_ServiceAccountToken

    • Token of the service account created to access LifeTimeAPI (applicable if the lifetime version is 11.5 or higher).

  • AuthenticationType

    • This site property defines the type of authentication you want to use when making requests to the MonitorProbe methods. There are 3 options:

      • Basic: this type of authentication is going to use Basic authentication, but not in the scope of external plugins usage

      • Token: this type of authentication is going to use a Bearer token

      • None: this type of authentication will skip any kind of authentication

    • Default: “Basic

  • EnforceLifetimeAccessControl

    • Flag to turn ON/OFF the check of the permission level of the user role using LifetimeAPI (applicable if the lifetime version is 11.5 or higher)

    • The Default value is: True

    • To turn it OFF set it's value to False. It will only check if the user being used to basic authentication is an IT user but no check of the role permissions will be done

  • MinimumPermissionLevelLabel

    • Label of the minimum permission to access the platform logs. Default: "Monitor and Add Dependencies"

  • RequestTokenAuthentication

    • Should hold the token to be used when the type of authentication was set as “Token”.

  • TimeToForceAuthentication

    • Number of minutes of a "live session" until the system forces a new authentication. Default: 60


Timers

  • ClearOldAccessControls

    • Timer to clear old access control records. By default it is set to run weekly on Saturday at 11PM UTC.

 

Important Notes

  1. If you have an integration with a 3rd party tool(like this one) that is using the MonitorProbe to poll the logs, make sure you adjust the polling time to fit the size of data being collected during that period.

  2. The greater is the number of events logged to be fetched, the shorter has to be the polling time. This rule is crucial to decrease the impact on the performance of the front-end servers.

  3. Based on our benchmarking tests we advise you to not poll more than 20k records per minute in order to have acceptable times, nevertheless these numbers depend on the number of Front-Ends and their specs. So based on the previous point 2, adjust your use case in order to have the best performance and fit your needs