Monitor the Layer7 API Gateway

This chapter describes some of the ways that you can monitor your gateway and its services. It is essential that you monitor the hardware and services available on your network, to ensure high availability of hardware and services.
gateway10cr2
Container Gateway Users
While it is possible to connect the Policy Manager (i.e., Gateway Dashboard) to running Gateways in a Kubernetes pod for monitoring service metrics and other system performance data as described in this chapter, note that this is a legacy capability from the appliance form-factor of the API Gateway. Container Gateways deployed to the cloud are now capable of scaling much more quickly and at greater magnitude, requiring similar scaling capabilities for the storage and processing of service metrics and audit data.
As of Gateway version 10.0 CR2, Layer7 strongly recommends that Container Gateway users adopt an 'off-boxed' method for monitoring their Gateway service metrics in the cloud. Read more about the possible options in the current Container Gateway reference architecture. You may also read about Kubernetes' recommended tools for resource monitoring here.
This chapter describes some of the ways that you can monitor your
Layer7 API Gateway
and its services. It is essential that you monitor the hardware and services available on your network, to ensure high availability of hardware and services.
You should monitor your Gateway appliances or virtual machines regularly, verifying whether your Gateway is processing messages at a rate that meets internal service agreements. You must also ensure that each service is available to accept messages.
Contents:
Prerequisites
Ensure that the Gateway is configured correctly. For information, see Install, Configure, Upgrade.
Monitoring Tools and Methods
Various tools and methods are available to monitor the
Layer7 API Gateway
to satisfy the needs of the various parties within an organization. You can gather information about published services and policies from the Gateway.
For example:
  • Business analysts can view Gateway load trends by creating reports.
  • Operations personnel can use Simple Network Management Protocol (SNMP) connectivity to the Gateway.
  • Administrators can view current load and status of services in real time using the Gateway Dashboard.
  • You can migrate policies and service configurations between Gateways using the Gateway Migration Utility.
It is common for different enterprise divisions to have varying levels of responsibilities in machine monitoring. Each team in an organization may be responsible for a different aspect of the Gateway and each monitor the data that interests them using different tools. For example, administrators can configure and manage the Gateway, but may not have access to the hardware itself. Conversely, the Operations team have access to the physical Gateway hardware, but are cannot remotely access the Gateway's file system.
You can monitor the Gateway using the following tools and methods:
  • The Gateway's remote shell console using SSH
  • SNMP, the Oracle Integrated Lights Out Manager (ILOM)
  • By way of auditing
There are different tools available that integrate with these access methods to monitor the performance of the Gateway.
Monitor Using the Policy Manager
The Policy Manager can monitor many aspects of the Gateway. Its most important tool is the log files from Gateway nodes and audit logs related to published services. This allows administrators to see if the Gateway is processing the messages smoothly.
For more information about how to monitor using the Policy Manager, see Basic Monitoring of the Gateway.
Monitor Using Remote Shell and Command Line Tools
You can monitor Gateway performance using Linux command line tools through the privileged shell. You can for example:
  • View how much processing power the Gateway is consuming
  • Whether ports are available on the Gateway
  • Whether sockets are being consumed and released at a normal rate, by using command line tools such as
    vmstat, ps,
    and
    net-stat
    .
  • View logs to diagnose problems that arise during the runtime of a Gateway.
For more information about how to monitor using the command line, see Advanced Monitoring of the Gateway.
Monitor Using SNMP
Operations personnel can monitor services published on the Gateway by enabling SNMP tooling. With SNMP, you can monitor Gateway hardware appliance features such as CPU usage, temperatures, and fan functionality. The Gateway uses the Berkeley net-SNMP MIB features for hardware monitoring. These are just some of the information that you can retrieve using SNMP:
  • the number of policy violations in a published service
  • the number of requests in a policy in the last hour
  • the number of failed routes in a policy are just some of the data available about services using SNMP
For more information about how to use SNMP with the Gateway, see Monitor the Gateway Using SNMP.
Monitor Using ILOM
Administrators who monitor Gateway hardware appliances hosted on an Oracle server, can use the Oracle Integrated Lights Out Manager (ILOM). The ILOM is an Oracle proprietary hardware management feature. ILOM is hosted on its own Ethernet port and runs on power separate from the rest of the server. It runs on its own CPU and is separated from the rest of the hardware appliance. Administrators can view hardware information, monitor hardware events, and configure hardware based notifications using the Web-based user interface that ILOM provides. For example, an administrator can configure alert emails that are sent when a server loses power, or if a CPU cooling fan stops working.
ILOM is separate from the hardware server. You can still access the ILOM management console and diagnose hardware problems even if the hardware hosting the Gateway stops working.
Monitor by Logging and Auditing
You can monitor service health using the Gateway logging and auditing. Error messages and specific audit messages are output to log files on the Gateway. You can diagnose problems that arise with the Gateway and with services hosted on the Gateway by accessing the log files.
Messages that are audited in Gateway policy are added to the audit log. You can view this audit log in the Policy Manager.
For more information about how to monitor by logging and auditing, see Enterprise Logging and Auditing of Gateway.