Technical Blog Post
ITCAM for Transactions - ISM : Best practices,pitfalls (PART 1)
Here is the part 1 of my blog containing a list of best practices and commonly encountered pitfalls while using Itcam for transactions and its Internet Service Monitoring ("ISM", ITM product code 'is') agent :
1. VERSIONS OF ISM TO USE
Use if at all possible latest version of ISM agent, v7.4.0.x
For latest IFIX info available, refer to :
or better, check for latest Ifix available for ISM on IBM Fix Central.
published the 11/02/2019: 188.8.131.52-TIV-CAMIS-IF0002
2. ISM HTTP monitor versus SOAP monitor, to monitor SOAP server
2a) if you want to monitor a SOAP service using ISM SOAP, first of all read this document
available at :
as it gives useful tips and statements on what is supported, or not, with ISM SOAP monitor, and how to configure and use it.
2b) if ISM SOAP monitor returns failure or unexpected results, what should I do?
if you have configured the ISM SOAP monitor, based on request results obtained while manually accessing the SOAP interface with a tool like "SoapUI" for example, and that doesn't work, and ISM SOAP monitor somehow fails, here is the recommended alternative :
Try and use the latest ISM IFIX (currently, 184.108.40.206 IF0003 when writing this blog) ; so you can send the desired SOAP message using the HTTP monitor's body parameter (instead of using ISM SOAP monitor), as long as the body being sent is less than 4k in size, by simply copying and pasting the body of the request you want to send (same request that was successful while using "SoapUI" or similar), and checking for the response with a regular expression test. This is much easier to do than trying to debug the ISM SOAP monitor itself, if it's failing.
You may also want to try and take a network capture (using Wireshark tool or similar) while running only SoapUI, then another network capture while running only ISM SOAP and then analyze and compare both network capture results. This could help too.
To obtain ISM 220.127.116.11 IF0003, see its readme with download info :
The following link also demonstrates how to configure the HTTP monitor to send a SOAP message, using HTTP monitor's body parameter:
Remark: if you are trying to see the actual soap response details returned by the SOAP server, please be aware that the actual soap response string is not returned
by HTTP monitor (or SOAP monitor) in ISM standard attributes.
It's the standard behavior, ISM monitor just verifies that a (SOAP) response matches or not, using regexp. That's all it does in standard.
Possibly using the ISM datalog .xml file, or the ISM output directory content of the HTTP monitor, can help to find out and verify the actual soap response details. This could be an option
to produce some reporting, and this is the only source that can be used for such goal.
3. How to enable ISM monitor Datalog :
4. How to enable ISM monitor "output directory content"
(example below is for HTTP monitor, same method applies to other type of ISM monitor)
On the ISM agent system, edit the $ISMHOME/etc/props/http.props file (more generally edit $ISMHOME/etc/props/<monitor>.props
Set/ un-comment the following lines :
MessageLevel : "debug"
OutputDirectory : "$ISMHOME/var"
Save the modified file.
Recycle the ISM agent
Once the ISM monitor has returned its results in TEP GUI under "Internet Service Monitors" view, review the content of $ISMHOME/var/<ism profile> directory sub tree files
- OutputResult : 1 (default 0) -> Specifies that the monitor should save the data it receives from the service.
- OutputDirectory : "$ISMHOME/var" -> Specifies the output directory to use if theOutputResult is saved. Default is : $ISMHOME/var.
- MessageLevel : "debug" -> change the Message/ trace level of the "$ISMHOME/log/http.log file to 'debug', to obtain further tracing in http.log file.
Remark: Only use the above OutputResult: 1 and debug MessageLevel settings in test or development environment, and not in production; these parameters will impact overall performance of your ISM agent system. For example OutputResult: 1 will impact the number of files being opened by the NCO monitor involved, like nco_m_http monitor for example.
5. How to monitor a complete HTTP transaction with ISM
(for example homepage + login page + logout page)
ISM is not in general the best tool to achieve this. Evaluating ITCAM for Tx and robotic response time (t6) agent playing back a RPT (Rational Performance Tester test script) could help and produce better results, and become a more valid option for monitor complex transactions.
Otherwise, with ISM, the general recommendations are :
- Use ISM Transx monitor and define in it the http steps needed to simulate the whole business transaction, like with some HTTP GET and POST commands; so the same steps used behind the scene by a web browser, when login and logout of a web application for example, are setup in ISM Transx monitor similarly.
- In order to possibly set up ISM Transx monitor with several http/s steps, you would need to analyse what web traffic needs to be sent to the web server, and then replicate it so that ISM HTTP/S monitor can get to the final 'logout'
page, and do the regular expression check on this final 'logout' page; so ISM monitor has verified that the whole transaction has passed through the login step and provided needed credentials.
- a tool like Firefox browser and its developer tool "Network data" can help with this task to see the web traffic and HTTP requests.
- another tool like :
which shows the body of the steps, can be useful to find out how to construct the commands (GET, POST) to use in ISM Transx monitor.
The general idea is to look at each of the significant GETs and POSTs that are made with manual successful logon inside the browser while analyzing the network data, and then try
to replicate what those posts are sending in ISM Transx, and seeing if ISM can log in successfully to the targeted web application.
To review the results obtained by ISM Transx monitor, it can be useful to enable debug tracing, and review transx.log file, after the monitor completed its polling.
On the ISM agent system, edit the $ISMHOME/etc/props/transx.props file
Set/ un-comment the following line :
MessageLevel : "debug"
Save the modified file.
Recycle the ISM agent
Using above chapter 4. and reviewing ISM output directory content files, can also help in the troubleshooting of the ISM Transx monitor settings.
For reference concerning Transx monitor, and regexp subjects :
IBM Knowledge Center ISM docs about regular expression :
IBM Knowledge Center ISM docs about Transx monitor :
6. ISM and LDAP monitor tips and examples
Using ITCAM for Transactions with ISM agent version 18.104.22.168 and its LDAP monitor, here is an example of test case setting and results while using LDAP monitor.
6.1 I’ve got access to a test Linux LDAP server, with the following setting entries in its directory :
6.2 I tested that the following ldapsearch commands works fine, using putty session and while connected to the LDAP Linux system.
Remark : First I searched where ‘ldsapsearch’ tool was located on the LDAP server, and found it in
/home/OpenDS-2.2.1/bin/ directory in this test environmemt.
>ldapsearch -x -h <ldap-server-IP@> -D "cn=ericm,dc=sbank,dc=uk,dc=ibm,dc=com" -w xxxxx -b dc=sbank,dc=uk,dc=ibm,dc=com -s sub '(cn=*)' > ldapsearch-test-cn-star.txt
>ldapsearch -x -h <ldap-server-IP@> -D "cn=Directory Manager" -w xxxxx -b dc=sbank,dc=uk,dc=ibm,dc=com -s sub '(cn=ericm)' > ldapsearch-test-cn-ericm.txt
6.3 ldapsearch-test-cn-ericm.txt resulting file shows for example :
# extended LDIF
# base <dc=sbank,dc=uk,dc=ibm,dc=com> with scope subtree
# filter: (cn=ericm)
# requesting: ALL
# ericm, sbank.uk.ibm.com
# search result
result: 0 Success
# numResponses: 2
# numEntries: 1
6.4 I then set-up an ISM LDAP monitor with the following settings, 2 examples of monitor are described below :
As documented in this technote: /support/pages/node/538395
- In the ‘server’ field, enter the host name of the LDAP server (-h parameter of ldapsearch)
- In the ‘searchbase’ field, enter the search string (-b parameter of ldapsearch)
- In the ‘filter’ field, enter the filter string (-s parameter of ldapsearch)
In the Advanced tab: .
- Set the ‘username’ and ‘password’ (-D and –w parameters of ldapsearch )
6.5 the results I see in TEP “LDAP” workspace shows :
For reference, this test ldap server is based on OpenDS (Apache Directory Server).
7. How to improve ISM agent overall performance?
it's a difficult question, but some users could be benefit from reviewing some articles like :
- ITCAM4Tx - ISM agent capacity planning to monitor around 120 HTTP server URLs
- ITCAMfTx ISM - HTTP monitoring capacity planning
- Tuning the ISM QSize parameter correctly in ITCAM for Transactions
- ITCAM4Tx: ISM - tuning MaxCCA for multi threaded monitors
8. How to avoid the error : "Cannot access configuration file" - ISM monitor hangs - ?
If you are using for example the ISM http monitor and see issues like :
- HTTP monitor is reported as 'inactive' in TEP ISM -> Monitor status -> "Services" workspace view, but nco_m_http process actually still runs
- Error : "Couldn't connect to Bridge" is seen in http.log, but nco_m_bridge process actually still runs
- Error : "Cannot access configuration file" is seen in http.log
- ISM agent version used is not the latest (not 7401 IF10 or later)
- ISM agent is installed on Red Hat Linux old OS version
then possibly the following steps can help :
- attempt to uninstall and reinstall ISM agent, and update it to latest level (7401 IF10 or later)
- Check current version of glibc on your Linux environment, and possibly upgrade your OS with latest release of Red Hat, or glibc, see for reference known issue with glibc:
(bug in the getaddrinfo in older glibc versions that causes the ISM monitors to hang)
9. Is ISM https monitor supporting SNI (Server Name Indication)?
No, ISM HTTPS monitor does not support SNI.
If you are targeting with ISM https monitor a server which is configured with SNI, ISM monitor will fail and https.log will show error messages like :
Information: <targeted server>: Initiating SSL handshake ...
Error: <targeted server> : SSL handshake failed status:0 sslerr: 1 error_code: 0
Error : <targeted server> : SSL handshake sslerr reason:tlsv1 alert internal error - 336151608
Error: SSL connection to <targeted server>:443 failed
If you look at a network traffic capture using Wireshark for example, you should also see message like :
TLSv1.2 Alert (Description: Handshake failure (40)
You can use a web tool like:
if your targeted ssl server is available on the internet, the report provided by such tool for the targeted server should confirm if SNI is used on this server. this could be helpful.
An enhancement request was opened previously on this, but was never addressed.
As ISM version 7.4 HTTPS monitor doesn't support https web server ***with SNI enabled***, I suggest that you consider instead to use the **robotic response time agent** included in ITCAM for Transactions v22.214.171.124 product; record a test script targeting your https/TLS web server with SNI, using Rational Performance Tester, and playback robotically such script on the robotic response time (RRT) agent.
see for reference this RPT technote:
on RRT side, refer to this matrix to use the right version of RRT agent to match your RPT version:
Based on the above links, consider using, at least, RPT version 8.6 for recording, and RRT agent version 126.96.36.199-TIV-CAMRT-IF0021 for robotic playback; or higher supported versions of RPT and RRT. see matrix doc link above.
10. ISM agent status = "Out of Sync", what should I do? see :
PART 2 of this blog, see : /support/pages/node/1277452
Subscribe and follow us for all the latest information directly on your social feeds:
|Academy Twitter Handle:||http://ow.ly/Dj35c|