Simulated data generation for Access Manager Analytics server 5.0 beta

3 Likes
over 1 year ago

Introduction:

This document explains how to generate Access manager simulated events. With help of java scripts sending simulated Access manager events to Analytics server using syslog. So, you can trigger 1000 logins to analytics server by default. This will only mimic the following events,

  • 002E0027 - Post-Risk-Based authentication
  • 002E0047 - Pre-Risk-Based authentication
  • 002E000A - User session authentication success
  • 002E0525 - Access Gateway: Session Created
  • 002E0514 - Access Gateway: Application Accessed
  • 002E0102 – Issued a Federation Assertion
  • 002E000C - User session authentication failed

You can refer the events code  Access manager Audit events and data

Pre-requisites:

  1. Linux client machine is required to send events to Analytics server.
  2. Make sure the following packages are available in the client machine.
    1. Java - JDK11(recommended) 
    2. Maven - 3.6.3(recommended, you can check the version by running mvn -v)
    3. Rsyslog

Rsyslog Configuration:

Once rsyslog packages installed, user has to set analytics server as syslog target.

  • Find the rsyslog config file in the Linux client machine (This will change depends on OS)

RHEL7: /etc/rsyslog.conf

OpenSuse: /etc/rsyslog.d/remote.conf

  • Edit .conf file and add the following line,

$template ForwardFormat,"<%PRI%>%TIMESTAMP:::date-rfc3164% %HOSTNAME% %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%\n"

local0.*   @@<Analytics server IP Address>:1468;ForwardFormat

Analytics server IP Address - you have to replace with the Analytics server IP address of your environment

simulated1.jpg

  • Save the file and restart the rsyslog service,

service rsyslog restart or systemctl restart rsyslog.service

  • Check the rsyslog service status

service rsyslog status or systemctl status rsyslog.service

How to run the script?

  • Download the maven-java code file nam_event_generation.zip
  • Unzip the file.
  • Change the directory to nam_event_generation/

By default, this script will do 1000 logins and runtime is 1 min (60 sec). This value is parameterized. If you want to change default settings,

  • Change the directory /src/main/resources/properties
  • Edit jobconfig.properties
  • Change users and jobruntime parameter value if required.

prop.jpg

  • Save the file
  • Then change the directory to nam_event_generation
  • Run the below maven command,

mvn clean install -Peventgen 

Console Success Message:

simulatedConsole.jpg

Script will populate the data only in the below graphs,

  • UNIQUE USERS LOGGED IN
  • PRE-AUTH RISK DISTRIBUTION
  • POST-AUTH RISK DISTRIBUTION
  • GEOLOCATION OF USERS LOGGED IN
  • IDENTITY SERVER ACCESSED APPLICATIONS
  • ACCESS GATEWAY ACCESSED APPLICATIONS
  • MOST USED ENDPOINT DEVICES
  • MOST USED BROWSERS
  • MOST ACCESSED USERS
  • CLIENT IP ADDRESS
  • MOST USED CONTRACTS
  • FAILED AUTHENTICATIONS
  • IDENTITY SERVER LOGINS
  • ACCESS GATEWAY LOGINS

Now you can able to see the triggered events in new analytics server https://<Analytics server IP address >:8445/amdashboard/login

Analytics server IP Address - you have to replace with the Analytics server IP address of your environment

simulatedAs.jpg

If you want to see other events/graphs, then refer Event generation script for Access Manager Analytics Server

Labels:

New Release-Feature
Comment List
Anonymous
Related Discussions
Recommended