Nice Demo of OpenAM log analysis using the ELK stack


The folks at Identropy have put together a nifty video showing analysis of OpenAM audit log events using the ELK stack (Elasticsearch, Logstash, Kibana).

Check it out here:



Comments

Post a Comment

Popular posts from this blog

OAM R2 REST APIs for Policy Management

Image
Oracle Access Manager 11g R2 provides several new REST APIs. This continues a trend to expose key functionality via Web Services. The OAM Mobile and Social service provides APIs for Authentication, Authorization  and User Profile services.  I will cover those APIs in a future article (have a look here for examples) - but today I want to focus on the  policy management APIs. The Policy Administration API  enables to you to interact with OAM to create a variety of Policy objects such as Application Domains, Resources, AuthN Schemes, and AuthN/AuthZ policies. The policy model is shown below: For example, if you want to retrieve all of the resources in an Application Domain you can perform a GET against the /resource URI: curl -u USER:PASSWORD http://<SERVER>:<PORT>/oam/services/rest/11.1.2.0.0/ssa/policyadmin/resource?appdomain="IAM Suite" Note: The port above is where the OAM Admin Server is deployed (often 7001). It ...
Read more

Stupid Oracle vktm tricks to improve VirtualBox performance

In the process of creating a demo VirtualBox image running OEL 6 and the Oracle database 11.2.0.3.0 I noticed the idle CPU consumption was quite high (8% on the guest, 35% on the host). The culprit turned out to be the Oracle database vktm process. This is a time keeping process - and it calls gettimeofday() *very* frequently.  This can have a negative performance impact in virtualized environments. A colleague who is a database whiz suggested the following trick: sqlplus / as sysdba alter system set "_high_priority_processes"='LMS*' scope=spfile;  This removes the vktm process from the list of high priority processes. After this change (you need to bounce the database) the idle CPU consumption comes down to 1-2% or so. A nice improvement! It goes without saying that this is: a) Totally unsupported b) Probably dangerous. This will most certainly break things in the database - such as statistics, auditing, etc. c) For demo/development use...
Read more

Ansible roles to install ForgeRock's OpenDJ LDAP server

Image
Ansible  is a really nice "dev-ops" automation tool in the spirit of Chef, Puppet, etc.  It's virtues are simplicity, an "agentless" installation model and a very active and growing community . One of the neat features of Ansible is the concept of "roles". These are reusable chunks of dev-ops code that perform a specific task. Ansible "Playbooks" orchestrate a number of roles together to perform software installation and configuration. Roles by themselves are not sufficient to drive reusability.  We need a way to collaborate and share roles.    Enter  Ansible Galaxy , the central repository for Ansible roles. If you have ever used apt or yum , galaxy will appear quite familiar. For example, to install and use the "opendj" role, you issue the following command: $ ansible-galaxy install warren.strange.opendj (Roles are prefixed with a contributor name to avoid name collisions). If you want to install ForgeRock's...
Read more