Chat now with support
Chat with Support

Foglight for Infrastructure 6.0.0 - Infrastructure Utilities User Guide

Monitoring Web transactions
Configuring credentials for Web sites requiring user or proxy authentication Exploring your collection of monitored Web sites Investigating the performance of Web transactions and monitoring locations Exploring Web Monitor services Generating reports Configuring Web Monitor agent properties View reference
Monitoring network devices

Monitoring HTTPs URLs in FIPS-compliant mode

Foglight Web Monitor agent supports to run in FIPS-compliant mode, depending on the Agent Manager where it is deployed on. That is to say if the Agent Manager runs in FIPS-compliant mode, the Web Monitor agent will be configured to be FIPS-compliant automatically, and vice versa.

When Foglight Web Monitor agent runs in FIPS-compliant mode, and tries to access a Web site with HTTPs connection, the Web Monitor agent requires to authenticate the Web site's certificate. In order to successfully access these URLs and collect response time metrics, you need to import the Web site's certificates to Agent Manager's certificate store.

To import the Web site's certificate to the Agent Manager certificate store:
1
Launch a command shell on the Agent Manager machine, and navigate to the <fglam_home>/bin directory.
2
Import the Web site's certificate with the following command:
fglam --add-certificate <alias=/path/to/certificate>
For example:
fglam --add-certificate your_alias_name=C:\Certificates\test\ServerSSL.cer

Monitoring URLs that require a client certificate

Monitoring URLs that require client authentication requires some additional configuration. To successfully access these URLs with the Web Monitoring Agent and collect response time metrics, you must import the certificates for URLs.

To support the monitoring of URLs that require a client certificate:
1
Deploy the WebMonitor Agent to the Foglight Agent Manager.
2
Open the command line and switch to the following path:
{fglam_home}/agents/WebMonitorAgent/{version}/lib
3
Run this command to import the client certificate for some URLs:
For Windows®:
importKeystore.bat "-keystore {filepath} -pwd {password} -urls {ip}:{port} -createKeyStoreFile true"
For Linux®:
./importKeystore.sh "-keystore {filepath} -pwd {password} -urls {ip}:{port} -createKeyStoreFile true"
For example:
importKeystore.bat "-keystore D:\echen5\issue\ESC\ESC-1784\sha1\Sha1ClientCert.pfx -pwd Test1234 -urls 10.154.10.168:443 10.154.10.168:6443 -createKeyStoreFile true"
 
* 
NOTE: Ensure you have read and write rights for the following path: {fglam_home}/state/default/certificates
NOTE: The tool for importing the client authentication depends on the JRE being used. Ensure that the JRE exists in one of the following locations:
When Fglam is external, the JRE should be found in {fglam_home}.
When the Fglam is embedded, the JRE should be found in {foglight_home}.
When the JRE is neither in {fglam_home} nor {foglight_home}, the path to the JRE should be found in the environment variable JAVA_HOME.

The Microsoft® Internet Information Server (IIS) by default enables the TLSv1 and disables the TLSv1.2 protocols. The JDK 1.7+ (included in Foglight Agent Manager 5.7.4 and later) by default handles handshake with TLSv1.2. If the server side and the client side do not include the same supported TLS version, this causes the HTTPs request to fail. The following workarounds are available in this case:
Workaround #1
1
Force the client side to handle handshake with TLSv1, by setting the “Force TLSv1” agent property to “True” (for details, see Settings).
2
Ensure that all the Web server whose URLs your are monitoring support TLSv1.
Workaround #2
1
Enable TLSv1.2 for your IIS server. (Refer to the best practice to configure IIS with SSL/TLS.)
2
Set the “Force TLSv1” agent property to “False” (for details, see Settings).
3
If your IIS server enabled TLSv1.2 and disable TLSv1, and you use sha512 certificates, then make sure you applied the following update to your server: https://support.microsoft.com/en-us/kb/2973337.

Exploring your collection of monitored Web sites

The Transaction Management dashboard displays a list of monitored Web sites and the locations from which they are monitored. One Web site can be monitored from one or more locations. This can give you a good understanding of the complexity of your monitored environment and the locations from which a specific Web site is monitored.

Figure 1. Transaction Management dashboard

For complete details about the data appearing on this dashboard, see the Transaction Management table.

To explore the collection of monitored Web sites:
1
Log in to the Foglight browser interface.
2
On the navigation panel, under Dashboards, click Web Monitor > Administration Home.
The Administration for Web Monitor page appears in the display area.
3
Navigate to the Transaction Management dashboard.
On the Administration Home page, click Manage Web Monitor Transactions.
The Transaction Management dashboard appears in the display area.

For more information, see the following topics:
Expanding your collection of monitored sites
Removing Web sites from the existing collection
Moving multiple transactions as a group
Removing stale transactions from the Performance Browser dashboard
Viewing and editing individual Web transaction details

Expanding your collection of monitored sites

The Transaction Management dashboard allows you to add URLs to the existing collections of monitored sites. Adding a new URL causes the Web Monitor Agent to start collecting information about that URL in the next collection period.

This assumes that you already have the agent package deployed to the Foglight Agent Manager host, and one or more active Web Monitor Agent instances in place. For complete information on how to deploy an agent package, and to create and activate agent instances, see the Administration and Configuration Help.

To start monitoring a Web site:
1
On the Transaction Management dashboard, click Add.
The Add Transactions dialog box appears.
The Add Transactions dialog box shows a list of the Web sites whose transactions you want to monitor, a list of all Web Monitor Agent locations in your environment, and links to additional configuration settings.
2
In the Add Transactions dialog box, provide information about the Web site whose transactions you want to start monitoring.
URL: The URL of the Web site that you want to monitor.
* 
TIP: The Web Monitor Agent validates the URL address in the background, to prevent you from adding the duplicate URL address that has been monitored.
Transaction Name: The name you want to associate with the transactions with this Web site.
* 
NOTE: It is not allowed to associate multiple URL addresses with a same transaction.
Get Page Header Only: Indicates whether you want to collect the page header only.
Expected Content: If content validation is enabled for the agent instance that you want to monitor this URL, and the expected content type is HTML-based, type html in this column. Also, a text string could be used such as “laptop” and type laptop into this column. In case the monitoring agent detects binary content or the text string at this address, the validation fails and the agent logs an error message.
Content validation can be enabled using the URL List secondary agent properties. For more information, see Settings.
Unexpected Content: If unexpected content validation is enabled for the agent instance that you want to monitor this URL, and the unexpected content type is HTML-based, type html in this column. Also, a text string could be used such as “laptop” and type laptop into this column. In case the monitoring agent detects binary content or the text string at this address, the validation fails and the agent logs an error message. If this column is empty, that means the agent is not required to perform unexpected content validation.
Unexpected Content validation can be enabled using the URL List secondary agent properties. For more information, see Settings.
3
To add more URLs to the list, click Add, and populate the row that appears. To remove a row from the list, click .
4
In the Deploy to Locations area, select one or more Web Monitor Agent locations that you want to use to monitor the transactions with the newly specified Web sites.
If the host from which you want to configure transaction monitoring does not appear on the list, that is because it does not have a running instance of the Web Monitor Agent. To create a Web Monitor Agent instance on that host, click Set up Agents and configure the agent instance on that host. For more information about installing and configuring agent instances, see the Administration and Configuration Help.
 
* 
TIP: The Web Monitor Agent requires a running instance of the Foglight Agent Manager on the same host. For details on installing and running the Agent Manager, see the Agent Manager Guide.
5
Optional—Specify thresholds for alarm generation, authentication, and proxy settings. If the URL requires user authentication, you need to supply credentials for accessing that URL.
a
Click Optional Advanced Settings.
The Advanced Settings dialog box appears.
b
In the Advanced Settings dialog box, in the Response time alarm firing conditions area, review the thresholds for alarm generation, and edit them, if required.
c
In the Authentication and proxy settings area, specify the following information, as required.
URL authentication required: Select this check box only if the URL requires user authentication. If that is the case, you need to ensure that you have proper credentials in place to enable the Web Monitor Agent to access it. Click Manage Credentials to review the existing credentials, or to create new ones, as required. For more information, see Configuring credentials to access Web sites requiring user authentication.
 
* 
TIP: When finished, you can return to this dialog box using the breadcrumb trail.
Use proxy for URL connection: Select this check box only if the Web Monitor needs to use a proxy to access the specified URL. Click Manage Credentials to review the existing credentials, and create new ones, as required. For more information, see Configuring credentials to access Web sites requiring user authentication.
Server: If you need to configure proxy access, type the name of the proxy server followed by the port number.
Proxy authentication required: Select this check box if the proxy requires authentication.
Click Save.
The Advanced Settings dialog box closes.
6
In the Add Transactions dialog box, click Save.
The Operation(s) Complete message box appears.
Click OK to close it.
7
In the Transaction Management dashboard, review the list of monitored transactions.
The newly added Web site is added to the list.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating