Connections¶
The category Connections allows nJAMS Administrators to configure connections to Indexer and various JMS providers. Furthermore, the nJAMS Administrator can optionally create connections to a directory service (LDAP) and a mail server (SMTP).
For proper operation of nJAMS Server the Indexer and at least one JMS connection must be configured. Mail server configuration is optional; however, if users should be notified by the system automatically, or be able to reset their (forgotton) passwords using the nJAMS GUI, the SMTP connection must be configured. LDAP configuration is optional too and allows you to import users and roles from a directory service.
Indexer¶
The Indexer component is responsible for communication with Elasticsearch. There are mainly two tasks that are performed by the Indexer component:
- Storing log messages into Elasticsearch and indexing log messages for fast retrieval.
- Retrieving data from Elasticsearch and providing to nJAMS GUI.
The Indexer page allows nJAMS Administrators to assign an Elasticsearch cluster to nJAMS Server and to start / stop the Indexer component. The following chapters explain how to configure and maintain the Indexer.
Configuration: | This is the Indexer configuration and administration page:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Add an Elasticsearch node: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
In case you installed a blank nJAMS Server without any other options, the Indexer Client is not configured. An nJAMS Administrator has to create a connection to the Elasticsearch cluster. In order to create a connection for the Indexer Client it is required to have an Elasticsearch cluster in place. If nJAMS Server discovers an Elasticsearch cluster, the Indexer Client will create the nJAMS structure (mapping, etc.) within the cluster automatically.
An Elasticsearch cluster is assigned by entering the Elasticsearch Cluster Name and at least one Node Address. These values are mandatory to create a valid connection to an Elasticsearch cluster.
You are now ready to start the Indexer Client! |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Start Indexer Client: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Start the Indexer Client for nJAMS Server to work with Elasticsearch. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Index Management: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Index Management allows you to manage the indexes of your Elasticsearch Cluster. The main use case for Index Management is re-indexing existing nJAMS indexes into a new format. The following chapter describes why it is potentially required to re-index indexes and how to re-index an index. How to re-index existing indexes: Re-indexing is required, if you want to be able to search for event data of the past like payload, stacktrace, activity duration, etc. If you just want to search for process executions, filtered by time or domain object, re-indexing is not required. In contrast, if you come from Elasticsearch 2, you have to re-index the indexes from v2 to v5 before you can migrate to Elasticsearch 6. In this scenario re-indexing is required! The following instructions describe re-indexation from v5 to v6 as a sample for re-indexation from v2 to v4. Initial situation after upgrading your Elasticsearch Cluster from 6 to 7 and upgraded nJAMS Server to 5.1: When the upgrade is done and nJAMS Server is started again, you can enter the “Index Management” page to see the current state of your indexes of your Elasticsearch Cluster.
Go to
Procedure for re-indexing:
|
Database¶
The database connection is configured during the installation of nJAMS Server. See the nJAMS Server Installation Manual for more information. The JDBC settings cannot be changed within nJAMS GUI.
Usually there is no need to change JDBC settings later. Nevertheless, you can modify the settings using WildFly’s Administration Console.
- Enter the URL of WildFly Administration Console:
http://<machine_name>:<admin_port>
- Navigate to
Configuration:Subsystems > Subsystem:Datasources > Type:Non-XA > Datasource:njamsPool
Make sure the JNDI datasource reference is always ‘njams’.
Note
Changing the database setting may break your nJAMS Instance. In case the new schema is empty, nJAMS Server will create all necessary objects on startup. Make also sure nJAMS Server is stopped before switching database. Select “Shutdown” from nJAMS Server Application Deployment page of the Administration Console.
JMS¶
JMS connections are referenced by the Data Providers. It is required to create at least one JMS connection. You may modify or delete existing JMS connections, or create new one. When selecting the JMS entry within the Connections category, a list of available connections is shown:
- Select ‘JMS’ from Category Connections
- List of configured JMS connections
- Select an entry and you can see the details on the right hand side
ADD, EDIT a JMS connection: | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
To validate the settings made, press the “Test connection” button, at the bottom. Once the settings are validated, click on the “Save settings” button. “Cancel” discards all changes and closes the dialog. |
|||||||||||||||||||||||||||||||||||||||
DELETE a JMS connection: | |||||||||||||||||||||||||||||||||||||||
Select one or multiple JMS connections and click on DELETE to remove the selected connections.
|
JNDI¶
Configure a JNDI context, if you want to use JMS with JNDI:
- Select a JMS Provider
- Specify a Name for the JNDI context and Username, Password. Furthermore, specify a valid Provider URL; you can also enter a fault-tolerant (failover) URL.
- Save the JNDI context configuration.
LDAP¶
The LDAP feature allows you to configure a connection to a directory service. Through this connection, you can import either roles and associated users or users for existing roles in nJAMS Server or both. Authentication of an imported user will be done by the directory service. Authorization will be done via the access rights associated with the roles of the user.
The import of users and roles can be made ad hoc or scheduled via a configurable job. In both cases, all configured roles and users will be read from the directory service and created or updated in nJAMS Server. Roles or users which were formerly imported but do not longer match the configuration will be removed from nJAMS Server. See chapter ‘System Control > Jobs > LDAPSynchronization’ for learning how to configure a scheduled job for periodic import.
Roles imported from a directory service cannot be changed in nJAMS Server except for the granting and revoking of access right. Users must be linked to these roles in the directory service. They cannot be assigned to an imported role in nJAMS Server. Users imported from a directory service cannot be changed in nJAMS except for the roles to which the users is associated. An imported user can be added to or removed from a role created in nJAMS Server but not to a role imported from the directory service. This has to be done inside of the directory service. As the login will be done against the directory service via LDAP, the password cannot be changed in nJAMS Server.
To access a directory service you have to configure a LDAP connection by providing a host URL and optional a user name respectively a bind DN and a password. This depends on the setting of your directory service. After the connection has been configured you may test if the connection can be established.
If you want to import roles from LDAP, you need to create a LDAP query and attribute mappings for both the roles and their associated users. If you want to import users to already existing roles you need to create a LDAP query and a user attribute mapping on the LDAP tab of the role (see Receiving Users from a directory service).
For a LDAP query you need both a query string and a search base.
For importing roles, at least a mapping for the role name is required. A role comment may optionally be mapped.
You shall also give a user query string and at least a mapping for the user names to import users associated with the imported roles. The mapping of the first name, last name, email and a comment are not mandatory. Because these fields cannot be changed in nJAMS Server you will have to map these fields too, if needed.
You can test your query and mapping with the test button. You will see the roles from your directory service that matches your role query. Click on role name to see the users associated to that role for your user query and mapping:
When the test is successful, save the settings.
Due to the name of roles and users in nJAMS Server must be unique, the identification of a user or role always takes place by the mapped name and not by the distinguished name (DN). The DN of an imported user or role will be shown on the role or user page.
Activate starts synchronization of LDAP. Deactivate removes LDAP sychronization and asks to convert or remove synchronized users/roles.
alt: Deactivate synchronization
LDAP over SSL: | You can use LDAP over SSL to secure your LDAP connection. Please prepare the following:
Please restart nJAMS Server for the changes to take effect. |
---|
Email¶
The system may send email messages. For example, a user can request a password reset at the login page. This will trigger an email being sent to his mailbox, containing a URL to reset the password. To enable email notifications, the administrator must configure a SMTP connection. SMTP is the only protocol supported for email communication.
The SMTP connection must be configured as follows:
Host: the name or IP address of the SMTP server
Use STARTTLS: enable this option to encrypt traffic between the SMTP and nJAMS Server
Port: port of the SMTP server
Username: if the SMTP server requires authentication, enter a valid user name. Leave this field empty, if your SMTP server does not require authentication
Password: the SMTP server user’s password
Sender: the emails sent by nJAMS Server will use this value as the sender’s email address
Note
Emails cannot be sent to nJAMS Server
You can save the current settings once the test email could be sent successfully.
To send a test email enter the recipient email address and click on SEND. A test email should be received in the recipient’s inbox.
Argos¶
The Argos configuration page allows you to view the state of the Argos component and configure Argos.
State of the Argos component
Toggle Argos: enables / disables Argos within nJAMS Server
Argos component state: current state of Argos
Rules Manager: state of the Rules Manager component of Argos
Data Provider: state of the Argos Data Provider
Indexer: state of the Indexer
Active Indexing Threads: Total number of the indexing threads
Configuration Argos database
Argos comes with an embedded graph database to store metrics data. There is no need to make any changes to the configuration of the Argos database.
General settings
History retention: enter the retention period of the history information. Default is 14 days.
Subagent
nJAMS Server has a built-in Subagent to report metrics of the JVM of WildFly, respectively of nJAMS Server. Metrics from Subagent are sent to nJAMS Agent.
Enable JVM statistics: enable / disable Subagent. Subagent is enabled by default.
nJAMS Agent IP address: enter the IP address of the machine that runs nJAMS Agent.
nJAMS Agent port number: enter the port number of nJAMS Agent. Default is 6450.