Solved: About injection of OneAgent into Java Application : OneAgent's internal functions

kohei-saito · ‎20 Jul 2018

Hi,

In the environment of one of our trial users, we made a trial as follows.

1) Install OneAgent into the target Linux host where WebLogic application is running

2) Restart WebLogic

After that, we made sure that dynatrace normally started monitoring this application, such as "PurePaths", "Applications", "Hosts" and so on.

3) Stop OneAgent with the following command

service oneagent stop

4) Restart WebLogic

We expected that restarting WebLogic after stop OneAgent enables us to remove the byte code which was injected into WebLogic.

5) Start OneAgent with the following command

service oneagent start

6) Confirm if PurePath is seen or not

We supposed that PurePaths were not seen because WebLogic was restarted after OneAgent was stopped with the above command "service oneagent stop", and then we start OneAgent, so that any codes was injected into WebLogic Application.

Actually, however, PurePath was captured.

Then these results implies that OneAgent has internally two functions.

One is Application Monitoring that is, for example, byte code injection in Java application, which cannot be controlled by service commands or other commands.

The other is things like Host monitoring, Network monitoring or Log analytics

Is my assumption correct?

If so, do you have any suggestions for disabling the injection into application without dynatrace console view(=dynatrace GUI)?

If it doesn't make sense, please feel free to let me know that.

Regards,

Kohei Saito

Julius_Loman · ‎20 Jul 2018

It's actually very simple. The injection is on Linux this is done via preloading the liboneagentproc.so library for every process that is started. (see /etc/ld.so.preload). This library handles the injection. On the other part, there is the OS agent (that's being controlled by the rc script or systemd). This OS agent monitors OS itself, logs, network monitoring, handles plugins, etc.

Actually if you want to disable the injection, you need to disable the agent (currently via GUI only) or remove the liboneagentproc.so from the /etc/ld.so.preload. The first one is definitely preferred. If you want to disable the agent for a longer time, you can uninstall it without removing the /var/lib/dynatrace directory and then install agent afterwards. Unless you remove the /var/lib/dynatrace (ruxithost.id file is important), the newly installed agent will just continue to operate on the same host entity.

Just wondering - what is the use case here?

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner

kohei-saito · ‎24 Jul 2018

Hi @Julius L.,

OK, I got it.

OneAgent has two functions, one handles the injection into services and the other monitors the OS, network, log and so on.
As you told me, it is better to disable the agent via Web-GUI than to remove the library file.

> Just wondering - what is the use case here?

Yes, I think your question is just reasonable...
One of our trial users wants to know some specifications of agents so they tried to verify this before asking us.

In addition to its verification, they seemed to want to know how to stop the injection of agent without removing agents and GUI.

Anyway, I'll tell them not to delete any oneagent modules but to disable via WebGUI if they want to stop monitor applications or hosts.

Thank you very much for the detailed explanation, Julius!

Regards,

Kohei Saito