- Introduction
- New data points
- UI changes
- Conclusion
- References
Introduction
A new version of aila2 was updloaded on the aila2 download page [1] a few moments ago. This version 2 of the tool introduced a few new data points in the json file as well as changes in the UI. We will review here the additions and improvement made for this release.
New data points
Whilst troubleshooting some Managed Delivery execution problems with colleagues (for 2 distinct customers, but both had the very same issue with too many hits on the Inventory Rule Management web-service that is causing horrible problems on the console and server) it became clear that this was missing from the aila2 result set. So I added it.
Then there was another need that I had not address even in the C version of the tool (aila, the predecessor of aila2 that only ran on linux) which was detailed Task Management hits, related to the Task Server interfaces.
Also, the IIS return codes are another "cheap" data point that allows you to quickly check if there are big issues with teh server (status 50x) or a lot of authentication hits (normally from task servers or console usage) causing http 40x error (because of the nature of the challenge response, we first hit the server without passing any credentials, and the server sends back a challenge in the form or an access denied error).
And finally, one of the most useful data point from aila was brought into aila2: the ip address table. This table (which in fact is a sorted dictionary, so the data is sorted by ip address) is checked with every line that is parsed to increment the hit counter per ip address. Then we store the data in a sorted list to list (the key is the hit count) that is then parse in reverse order to generate the 'Ip hitter - top 20' data point and the ip hit file that is saved under the running directory using the IIS log file name (so parsing u_ex140306.log would produce an ip list under u_ex140306.txt).
Note that the ip list feature doesn't work when data is passed to aila2 via stdin (this is a feature I'll probably have to implement then ;).
After a fair few words lets jump into the visual documentation!
UI Changes:
Addition 1
Provided you have more than 8 ip addresses that connect to your server you will see in this table the 20 entries that have produced most hits on the SMP (or Site Server if you run aila2 against task or package servers). This is quite helpful to find rogue agents that need a re-install (or uninstall, for example if a 7.1 sub-agent was pushed to a 7.0 agent).
Image may be NSFW.
Clik here to view.
Addition 2
Image may be NSFW.
Clik here to view.
Addition 3
The Inventory Rule Management interface is quite regular, and the timings are quite important in some cases so this chart contains the hit count, average and max time-taken values. Note that on a production loaded system you may not see those columns (if you have 50,000 hits at an average 2,000 milliseconds the average column will barely register on teh chart).
Image may be NSFW.
Clik here to view.
Addition 4:
Image may be NSFW.
Clik here to view.
Addition 5 and 6:
Image may be NSFW.
Clik here to view.
Change 1:
Added the Task Management and Inventory Rule Management to the hourly chart. It doesn't show so well on a small test server however it really help pointing out critical time for specific interface that can be tied down to configuration (inventory rule quicking off at the same time of 5000 computers will show nice spikes on the Inventory Rule line).
Image may be NSFW.
Clik here to view.
Change 2
Mime type is not generally the most interesting chart, so I changed the colour to make it a little more appealing ;).
Image may be NSFW.
Clik here to view.
Change 3
The navigation menu list the new additions in the page. So the in-page navigation is becoming a little lengthy, but it's still useful (but please let me know if you feel different).
Image may be NSFW.
Clik here to view.
Conclusion
With more detailed information available on the hourly chart, on the detailed analysis page and with the full list of hit counts per ip address the aila2 toolkit can now offer more insight on what is happening on the environment at a glance (if you use the calendar view [3]) or with the detailed viewer.
This can be used to visual spot changes in an environment that are out of the usual. And here's a proof, ,again from a test environment:
Image may be NSFW.
Clik here to view.
Please add a comment if you spotted something out of the usual (sorry for the small image - we have to work with Connect limits here)
References
[1] aila2: A c# program to analyze Altiris IIS log files
[2] {CWoC} aila2-version1 sources files
[3] aila2-web: Introducing the Calendar View and siteconfig json file