PauloPoffal

Making life easier with realtime Siteminder monitoring

Discussion created by PauloPoffal on Jan 26, 2016
Latest reply on Apr 25, 2017 by PauloPoffal

Hi people, I have implemented the graylog solution with the objective to monitoring siteminder smps and smacces logs, extract the data and work with it.

One of my biggest problems in my environment is the number of policy servers, actually I have 4 in production environment and another 4 in homolog environment, so when some problems happens is 8 servers to search through logs to find any issue.

With this implementation, I reduce my team time analysis and set triggers to prevent some situations.

 

 

Software used:

Graylog (web and server): Create dashboard, manipulate and collect the data

ElasticSearch: Store the manipulated data

MongoDB: Store dashboard info and graylog-server info.

Rsyslog: Send data to graylog

 

Bellow you can see the dashboard showing all info listed here:

Siteminder Current connection by policy server

Siteminder Current Depth by policy server

AzAccept Count

AuthAccept Count

Top consuming resource agents.

Siteminder Error

Exceeded limit count

 

siteminder dashboard.jpg

 

After configuring the solution I created a graylog Contentpack for siteminder, you can find the content pack in this link: ppoffal/siteminder-Graylog-ContentPack: A G... - GitHub

Outcomes