cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Symptom of no SSL keys/wrong SSL keys vs the symptom of wrong analyzer

When the wrong analyzer is used, we can only see number of users but not request breakdown (request breakdown shows dash or zero)

When there is no SSL or wrong SSL keys, traffic bar is black (failed operation) as it can't be decrypted. In the case of no SSL or wrong SSL keys, would it be possible that the symptom can occasionally be the same as wrong analyzer used? (i.e, not black color bar but instead shows zero or dash)

Also, if I've configured a software service but it didn't show up at all in CAS, how can I verify it is because of no traffic, wrong analyzer, or SSL keys issue?

I have came across a situation where client tell me they are using HTTPS, I configured it and software service did show up in CAS but with all metrics showing dash or zero. After I do a tcpdump, only I found out it is actually XML over HTTP and the client gave me wrong info, so I changed the analyzer. But then even after that, with correct analyzer (and yes the analyzer decode is in the license), with traffic coming in (confirm via tcpdump), no SSL issue (confirm via rcon and "show ssldecr* command"), still I didn't see the data populate in CAS.

Also, another minor question for all the experts in the forum, anyone ever come across any protocol that can't even tell by browse through the pcap file obtained by tcpdump (means the only source of information would be from your client)?

1 REPLY 1

Hi @Wai Keat C.

There may be different options working for you. Assuming you're on 12.4, I suggest you start using the configuration wizard for HTTP/HTTPS-based software services. You can start from auto-discovered HTTP or HTTPS services and based on that end up in RUM Console, in the config wizard. It lets you capture some traffic, so you can slide and dice the trace file with different filter criteria to get configured what you want, Another option is to capture some traffic and look at it with Wireshark for details, Then you can verify whether the AMD can see what you want to configure. Another option might be that you correctly defined a software service on the server IP/port level, but the monitored URL pattern doesn't fit the actual traffic and that's the reason you can't see any operations. In this case I suggest you take a look at the following article: https://community.dynatrace.com/community/pages/vi...

In 12.4, XML and SOAP are covered by the HTTP analyzer, so the flow is similar.

As for the SSL diagnostics, you can try using the Secure traffic diagnostics flow from the Diagnostics > Traffic diagnostics. It provides you crucial diagnostic information given in a simple way, so you can easily determine whether this is an issue with a missing key or other decryption failures.

I hope this helps.