Environment
Access Manager 4.3
Access Manager 4.2
Access Gateway Service and Appliance
Situation
Access Manager setup and running well. Administrator wanted to enable auditing of events on both IDP and AGs, setting up the auditing server IP address/port via iManager and turning on all events on both the IDP and AG auditing tabs.After aplying the update, users started reporting performance issues ie. accessing protected web applications were slow; the administrators noticed that the web server health was yellow indicating some back end web servers were unresponsive which was not the case.
Resolution
Make sure that connectivity exists between the IDP/AG devices and the Sentinel servers pointed to.
NAM 4.2.5 and NAm 4.3.3 also added two changes to help and admin detect this condition:
1. Send an alerts to admin console if local syslog or remote audit server configured is not reachable (even in the case where an intermediate firewall is blocking the audit events)
2. changed the logging library to avoid case where apache gateway threads won't be blocked trying to do socket writing to syslog ports
The JCC modules were update to set the SERVERIP and SERVERPORT properties of the /etc/Auditlogging.cfg with the syslog server details. AG will use these properties to periodically ping the server and to alert if there is any issue with the syslog server. Note that these values are set only when the audit configuration is changed on the UI and is pushed to the devices.