ITCAM for Transactions - ISM : Best practices,pitfalls (PART 1)
ericmtn 1000009W88 Comments (7) Visits (13978)
Here is the part 1 of my blog containing a list of best practices and commonly encountered pitfalls while using Itcam for transactions and its Internet Service Monitoring ("ISM", ITM product code 'is') agent :
1. VERSIONS OF ISM TO USE
Use if at all possible latest version of ISM agent, v7.4.0.x
For latest IFIX info available, refer to :
or better, check for latest Ifix available for ISM on IBM Fix Central.
published the 11/0
2. ISM HTTP monitor versus SOAP monitor, to monitor SOAP server
2a) if you want to monitor a SOAP service using ISM SOAP, first of all read this document
available at :
as it gives useful tips and statements on what is supported, or not, with ISM SOAP monitor, and how to configure and use it.
2b) if ISM SOAP monitor returns failure or unexpected results, what should I do?
if you have configured the ISM SOAP monitor, based on request results obtained while manually accessing the SOAP interface with a tool like "SoapUI" for example, and that doesn't work, and ISM SOAP monitor somehow fails, here is the recommended alternative :
Try and use the latest ISM IFIX (currently, 18.104.22.168 IF0003 when writing this blog) ; so you can send the desired SOAP message using the HTTP monitor's body parameter (instead of using ISM SOAP monitor), as long as the body being sent is less than 4k in size, by simply copying and pasting the body of the request you want to send (same request that was successful while using "SoapUI" or similar), and checking for the response with a regular expression test. This is much easier to do than trying to debug the ISM SOAP monitor itself, if it's failing.
You may also want to try and take a network capture (using Wireshark tool or similar) while running only SoapUI, then another network capture while running only ISM SOAP and then analyze and compare both network capture results. This could help too.
To obtain ISM 22.214.171.124 IF0003, see its readme with download info :
The following link also demonstrates how to configure the HTTP monitor to send a SOAP message, using HTTP monitor's body parameter:
Remark: if you are trying to see the actual soap response details returned by the SOAP server, please be aware that the actual soap response string is not returned
by HTTP monitor (or SOAP monitor) in ISM standard attributes.
It's the standard behavior, ISM monitor just verifies that a (SOAP) response matches or not, using regexp. That's all it does in standard.
Possibly using the ISM datalog .xml file, or the ISM output directory content of the HTTP monitor, can help to find out and verify the actual soap response details. This could be an option
to produce some reporting, and this is the only source that can be used for such goal.
3. How to enable ISM monitor Datalog :
4. How to enable ISM monitor "output directory content"
(example below is for HTTP monitor, same method applies to other type of ISM monitor)
On the ISM agent system, edit the $ISM
Set/ un-comment the following lines :
Recycle the ISM agent
Once the ISM monitor has returned its results in TEP GUI under "Internet Service Monitors" view, review the content of
Remark: Only use the above OutputResult: 1 and debug MessageLevel settings in test or development environment, and not in production; these parameters will impact overall performance of your ISM agent system. For example OutputResult: 1 will impact the number of files being opened by the NCO monitor involved, like nco_m_http monitor for example.
5. How to monitor a complete HTTP transaction with ISM
(for example homepage + login page + logout page)
ISM is not in general the best tool to achieve this. Evaluating ITCAM for Tx and robotic response time (t6) agent playing back a RPT (Rational Performance Tester test script) could help and produce better results, and become a more valid option for monitor complex transactions.
Otherwise, with ISM, the general recommendations are :
- Use ISM Transx monitor and define in it the http steps needed to simulate the whole business transaction, like with some HTTP GET and POST commands; so the same steps used behind the scene by a web browser, when login and logout of a web application for example, are setup in ISM Transx monitor similarly.
- In order to possibly set up ISM Transx monitor with several http/s steps, you woul
- a tool like Firefox browser and its developer tool "Network data" can help with this task to see the web traffic and HTTP requests.
- another tool like :
To review the results obtained by ISM Transx monitor, it can be useful to enable debug tracing, and review transx.log file, after the monitor completed its polling.
On the ISM agent system, edit the $ISM
Set/ un-comment the following line :
Recycle the ISM agent
Using above chapter 4. and reviewing ISM output directory content files, can also help in the troubleshooting of the ISM Transx monitor settings.
For reference concerning Transx monitor, and regexp subjects :
IBM Knowledge Center ISM docs about regular expression :
IBM Knowledge Center ISM docs about Transx monitor :
6. ISM and LDAP monitor tips and examples
Using ITCAM for Transactions with ISM agent version 126.96.36.199 and its LDAP monitor, here is an example of test case setting and results while using LDAP monitor.
6.1 I’ve got access to a test Linux LDAP server, with the following setting entries in its directory :
6.2 I tested that the following ldapsearch commands works fine, using putty session and while connected to the LDAP Linux system.
Remark : First I searched where ‘ldsapsearch’ tool was located on the LDAP server, and found it in
>ldapsearch -x -h <ldap-server-IP@> -D "cn=
>ldapsearch -x -h <ldap-server-IP@> -D "cn=Directory Manager" -w xxxxx -b dc=s
# extended LDIF
# base <dc=
# filter: (cn=ericm)
# requesting: ALL
# ericm, sbank.uk.ibm.com
# search result
result: 0 Success
# numResponses: 2
# numEntries: 1
6.4 I then set-up an ISM LDAP monitor with the following settings, 2 examples of monitor are described below :
As documented in this tech
- In the ‘server’ field, enter the host name of the LDAP server (-h parameter of ldapsearch)
- In the ‘searchbase’ field, enter the search string (-b parameter of ldapsearch)
- In the ‘filter’ field, enter the filter string (-s parameter of ldapsearch)
In the Advanced tab: .
- Set the ‘username’ and ‘password’ (-D and –w parameters of ldapsearch )
6.5 the results I see in TEP “LDAP” workspace shows :
For reference, this test ldap server is based on OpenDS (Apache Directory Server).
7. How to improve ISM agent overall performance?
it's a difficult question, but some users could be benefit from reviewing some articles like :
- ITCAM4Tx - ISM agent capacity planning to monitor around 120 HTTP server URLs
- ITCAMfTx ISM - HTTP monitoring capacity planning
- Tuning the ISM QSize parameter correctly in ITCAM for Transactions
- ITCAM4Tx: ISM - tuning MaxCCA for multi threaded monitors
8. How to avoid the error : "Can
If you are using for example the ISM http monitor and see issues like :
- HTTP monitor is reported as 'inactive' in TEP ISM -> Monitor status -> "Services" workspace view, but nco_m_http process actually still runs
- Error : "Cou
- Error : "Can
- ISM agent version used is not the latest (not 7401 IF10 or later)
- ISM agent is installed on Red Hat Linux old OS version
then possibly the following steps can help :
- attempt to uninstall and reinstall ISM agent, and update it to latest level (7401 IF10 or later)
- Check current version of glibc on your Linux environment, and possibly upgrade your OS with latest release of Red Hat, or glibc, see for reference known issue with glibc:
9. Is ISM https monitor supporting SNI (Server Name Indication)?
No, ISM HTTPS monitor does not support SNI.
If you are targeting with ISM https monitor a server which is configured with SNI, ISM monitor will fail and https.log will show error messages like :
Information: <targeted server>: Init
Error: <targeted server> : SSL hand
If you look at a network traffic capture using Wireshark for example, you should also see message like :
TLSv1.2 Alert (Description: Handshake failure (40)
You can use a web tool like:
if your targeted ssl server is available on the internet, the report provided by such tool for the targeted server should confirm if SNI is used on this server. this could be helpful.
An enhancement request was opened previously on this, but was never addressed.
As ISM version 7.4 HTTPS monitor doesn't support https web server ***with SNI enabled***, I suggest that you consider instead to use the **robotic response time agent** included in ITCAM for Transactions v188.8.131.52 product; record a test script targeting your https/TLS web server with SNI, using Rational Performance Tester, and playback robotically such script on the robotic response time (RRT) agent.
see for reference this RPT technote:
on RRT side, refer to this matrix to use the right version of RRT agent to match your RPT version:
Based on the above links, consider using, at least, RPT version 8.6 for recording, and RRT agent version 7.4.
10. ISM agent status = "Out of Sync", what should I do? see :
Subscribe and follow us for all the latest information directly on your social feeds: