This section describes the ALES performance statistics feature, which enables collection of data about authentication and authorization for purposes of troubleshooting and performance analysis. It covers the following topics:
The ALES performance statistic feature is controlled by an Auditing security provider, the PerfDBAuditor provider. Performance statistics are gathered for each Security Service Module in your ALES installation. In order to collect performance statistics for an SSM, you must enable and configure a PerfDBAuditor provider for that SSM.
To add a PerfDBAuditor provider to an SSM other than a WebLogic Server SSM, use the ALES Administration Console. See Using Performance Statistics with WebLogic Server 9.x\10.0 for information about how to enable performance statistics collection with the WebLogic Server SSM.
Note: | Changes made to a provider do not take effect until after it is explicitly deployed and the associated Security Service Module is restarted. |
After you have added a PerfDBAuditor provider to your SSM configuration, you can disable it either by removing it, or by clearing the Enable Performance Statistics checkbox on the provider’s Details configuration page in the ALES Administration Console.
To add a PerfDBAuditor provider to a WebLogic Server SSM, use the WebLogic Server administration console:
<active security realm>
> Providers > Auditing and click New.The Create a New Auditing Provider page appears.
After you have added a PerfDBAuditor provider to your SSM configuration, you can disable it either by removing it, or by clearing the Enable Performance Statistics checkbox on the provider’s Provider-Specific configuration page in the WebLogic Server Administration Console. You must then restart WebLogic Server for this change to take effect.
Performance statistics for authorization in the WebLogic Server SSM are available only if you use the ASI Authorization provider. Performance statistics for authentication in the WebLogic Server SSM are not available unless you use the SSM Java API for authentication.
Any changes in the configuration of the PerfDBAuditor provider require restarting the SSM to take effect. You can configure the following settings in the PerfDBAuditor provider:
The interval setting specifies data collection interval, in minutes. This determines the length of periods during which the performance statistics data is accumulated before it is dumped to the database tables. All of the internal statistics counters are reset at the beginning of each interval. It should be a positive integer number. Required. The default is 5 minutes.
You can collect performance statistics either in circular buffer mode or continuous mode. Circular buffer mode means that, after a specified amount of time elapses, new records are written over the oldest records from the same SSM in the database tables. This prevents performance statistics from growing to an unlimited extent. In continuous mode, records are not overwritten, but there is no limit imposed by the performance statistics feature to the potential size of the database tables.
The Performance Statistics Duration setting specifies whether to operate in circular buffer mode or continuous mode. A positive integer value causes performance statistics to be collected in circular buffer mode and specifies, in minutes, how long the statistics collection proceeds before new records start to overwrite the oldest ones. A special value of 0 means that no loopback will occur; statistics collection proceeds in continuous mode. The value of this field should be either a positive integer number, greater than the interval, or 0, which is the default. It is a required setting.
In either mode, when an SSM is restarted, all previously existing data is cleaned from the database. Performance statistics data is not preserved across SSM restarts.
The Enable Performance Statistics checkbox specifies whether the performance statistics collection is enabled or disabled. It serves as a temporary means of disabling the statistics collection without removing the PerfDBAuditor provider from the SSM’s configuration. You must restart the SSM after changing this setting before it will take effect. Required. The default is enabled.
Specifies which Java class will be used for communication with the database. Required; the default is oracle.jdbc.driver.OracleDriver
.
Specifies the connection string to use with the specified driver class. Formats for the database URL and driver class name vary depending on the type of database you are using. For example:
Specifies the login name of database user with sufficient rights for working with the performance-related tables. This user must possess write and delete privileges for those tables. Required.
The password for the database user specified in the login setting. This password will be stored, in an encrypted form, in the ALES User Store and distributed to the SSM for accessing the database. Required.
A parameter for specifying any additional database connection properties that may be needed, in name=value format. Optional.
The following specify elements of the database schema used for storing performance statistics data. The default database tables are part of the default ALES database schema. If you for some reason need to use different tables, you need to create them yourself in your database schema.
The name of the table that contains authentication-related performance statistics. Optional, but at least one of Authentication Statistics Table or Authorization Statistics Table must be present. Default value is PERF_ATH_STAT.
The name of the table that contains authorization-related performance statistics. Optional, but at least one of Authentication Statistics Table or Authorization Statistics Table must be present. Default value is PERF_ATZ_STAT.
The name of the table that contains authorization attributes-related performance statistics. Optional. The default value is PERF_ATZ_ATTR_STAT.
The name of the table that contains authorization functions-related performance statistics. Optional. The default value is PERF_ATZ_FUNC_STAT.
The ALES performance statistics feature gathers the following information, for each SSM configuration ID and host name, aggregated for each time interval specified by the Performance Statistics Interval setting:
isAccessAllowed
from start to end), in millisecondsPerformance statistics are stored in the database tables described in Performance Statistics Database Schema. To access the performance statistics, use SQL to retrieve the information you are interested in.
When an SSM is restarted, all previously existing data is cleaned from the database. Performance statistics data is not preserved across SSM restarts. Note also that performance statistics entries are uniquely identified by hostname and the configuration ID of the SSM. If you have two SSMs on the same host with the same configuration ID, their performance records will collide and only one will be stored successfully.
Performance statistics are stored in four tables in the standard ALES database schema:
This table contains authorization-related performance statistics.
This table contains authorization-related performance statistics.
This table contains performance statistics related to user attributes required for policy evaluation during authorization.
This table contains performance statistics related to external functions called during authorization.