cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to get username detection rule configured for DCRUM in case user session are getting hit to load balancer F5 APM

ganeshgupta
Inactive

Hi , I am facing a challenge in configuring username detection rule for my user sessions captured in DCRUM. Network team or application team do not have any clue how username details are getting processed and being forwarded for authentication. we just have this regular expression "expr
{ [mcget {session.logon.last.domain}]". Tried configuring it in several ways but not able to extract usernames on DCRUM dashboards/report. Anybody have idea around it. How to configure username detection rule in case of loadbalancer F5 APM irule.

8 REPLIES 8

Babar_Qayyum
Leader

Hello Ganesh,

I guess we should go with the first basic thing which is about the CAS configuration e.g.


  • Track user IP addresses (FE mode) records each client IP address separately (it ignores recognized user names and reports users with IP-address resolution).
  • Track users with identifiers, aggregate other users (ISP mode) tracks users with defined user names and aggregate other users. The ISP modes record each user name separately. User name recognition from HTTP logins must be enabled on the AMD.

What is configuration on your end?

Regards,

Babar

ganeshgupta
Inactive

Hi Babar,

How to check if HTTP logins are enabled on AMD. I could see usernames are automatically detected for ICA citrix and oracle. It is only frontend LB f5 which is entry point of user session where we are not seeing username detected. We have not configured any username detection rule as we dont have idea which part of the user session carrying user details , is it request header, request url or cookies..what could be the path we should configure on DCRUM. Application and Network team have no idea about how user sessions are being handled. So we are clueless here, everything is pre-defined in f5 APM iRule

ganeshgupta
Inactive

Configuration is attached.

ganeshgupta
Inactive

Configuration is attached.

Christopher_Cha
Dynatrace Advisor
Dynatrace Advisor

Hello there, if the application and network team have no clue on how username and sessions are being handled, then we will need to rely on DCRUM's traffic diagnostic. The key idea is to do a traffic recording via RUM Console's Software Service Wizard and then from the list of POST parameters, cookies etc, we capture the username and sessions (of course we can seek confirmation from application team again). From there then it should be quite straightforward to setup username detection.

@Christopher C.

You are right, however the wizard may be of limited use depending on how the service is configured and how many operations (and what operations) are recorded in the capture file. Note that due to performance reasons, as far as I remember the wizard shows top 20 operations and all the stuff related to them. If you have no idea where the user ID is carried on, download the capture file from RUM Console and open it in Wireshark (or DNA if you have a license to use it). Then you can identify a session and based on the assumption you know the user ID performing some activity during the capture time, you can find the user ID in Wireshark. Then you will learn where the ID is carried on, so you can easily create a user recognition policy, even without the wizard.

Babar_Qayyum
Leader

Hello @Ganesh G.

As @Christopher C. already explained the way to extract the user identification from the DCRUM traffic.

You can follow the steps from the below documents to configure 'HTTP - User Identification', 'Searching within the payload' and 'Extracting user identification'.

https://community.dynatrace.com/community/display/...

https://community.dynatrace.com/community/display/...

https://community.dynatrace.com/community/display/...

Regards,

Babar