This section of the admin guide describes information related to monitoring the Curity Identity Server.
🔥🔥🔥 If you just want to know how to determine if your instance of Curity is unhealthy and on fire, refer to the information below. 🔥🔥🔥
Java Management Extensions (JMX) is a commonly used interface for monitoring the internals of a Java-based application like the Curity Identity Server. This ability to peer inside the application, however, can be dangerous. It is for this reason that JMX is disabled by default. To enable it, the ENABLE_JMX can be set before starting the Curity Identity Server; the value is ignored and can can be any non-empty value (e.g., true, 1, etc.). This can be done on the command line like this, for instance:
$ ENABLE_JMX=1 idsvr
Curity Identity Server contains an HTTP endpoint providing node status information.
Its operation is configured by the following environment variables.
By default, this status endpoint is enabled, however it can be disabled by setting the STATUS_CMD_ENABLED environment variable to false or by starting idsvr with the --no-status parameter.
The status endpoint only supports HTTP GET requests to the / path.
The response will have status code:
In both cases, the response body will contain a JSON representation of the node status, containing the following fields:
The Curity Identity Server installation also contains the bin/status command line tool that can be used to probe the HTTP status endpoint.
It uses the same environment variables the server uses and has two invocation parameters:
The status tool performs a request to the local node status endpoint and writes the response body to the standard output.
The tool exit code is described in the following table.
Each run-time and admin node exposes an endpoint where certain information is published in a Prometheus-compliant format (i.e., Prometheus’ exposition format). This allows the Prometheus monitoring tool (or others that can process data in this format) to monitor certain metrics about the behavior of the node. This endpoint is exposed over HTTP and listening on the same interface as the status endpoint described above. The port used is one greater than the status endpoint (4466 by default).
The metrics exposed and their meanings is described in the following table:
The labels in the previous table have the meanings described in the following table:
Gathering of data can be disabled. If this is set when the node starts, no data will be published. To disable gathering of data, in the admin UI, go to System ‣ General. There, toggle off Enable Reporting. Once that change is committed, all nodes will stop gathering data.
If you want to setup certain alerts when things go wrong in the Curity Identity Server, you can simply setup the following: