Product Q&As
ForgeRock Identity Platform
Does not apply to Identity Cloud

What monitoring and alerting capabilities are provided by the ForgeRock Identity Platform?

Last updated Jul 26, 2022

The ForgeRock Identity Platform provides a variety of standard mechanisms for monitoring and alerting in its components. It includes native support for monitoring component metrics using Prometheus and visualizing this information using Grafana.


Overview

Monitoring in the ForgeRock Identity Platform is designed to allow alerting on the availability and system characteristics of platform components, and also on the performance and events that occur for specific functions. Examples include high CPU, low memory, or higher in the stack and failed critical transactions.

ForgeRock uses Dropwizard's Metrics as its common metrics framework for adding monitoring capabilities to an application. Metrics provides a clean, optimized, and easy to use API, as well as providing integration with many third-party monitoring frameworks such as Prometheus. Prometheus can be used to monitor published metrics over REST, and you can then extend this further by using tools such as Graphite for data storage and Grafana for visualization.

All platform components also share a common audit log service. Audit logs gather operational information about events occurring within a deployment to track processes and security data, such as authentication mechanisms, system access, user and administrator activity, error messages, and configuration changes. Audit logs are commonly consumed by third-party SIEM and analytics solutions, such as FireEye, Logstash and Splunk.

Monitoring interfaces provided by ForgeRock components

The following sections provide an overview of monitoring interfaces provided in each of the core ForgeRock platform components: Access Management, Directory Services, Identity Management and Identity Gateway.

ForgeRock Access Management

ForgeRock Access Management (AM) supports extensive monitoring of system performance and behavior via JMX, REST, Prometheus and Graphite.

Prometheus provides monitoring and processing of the information provided by AM. If you need further analysis and visualization, you can use tools such as Grafana to create customized charts and graphs based on the information collected by Prometheus. AM includes a sample Grafana dashboard that graphs data stored in Prometheus.

In addition, ForgeRock Intelligent Access includes nodes for obtaining login analytics, which can help provide data for meeting service level agreements, measuring performance, or gaining greater insight into how end users and their devices interact with applications and services. These metrics are exposed in all the interfaces - JMX, REST, Prometheus and Graphite.

See the AM product documentation for further information:

ForgeRock Directory Services

ForgeRock Directory Services (DS) provides monitoring options via HTTP (through the REST interface or Prometheus monitoring software), LDAP (through the cn=monitor DIT) and JMX.

Graphite Monitor Reporter Plugin is available to publish monitoring data to a Graphite server. The Graphite application stores numeric time-series data of the sort produced by monitoring metrics, and allows you to render graphs of that data.

A health-checker is available to expose the liveness and readiness information over HTTP and LDAP. Health status checks for anonymous requests over HTTP and LDAP allow a remote application to check that a server is "alive" and "ready" to serve other requests. This makes monitoring and automation of deployment easier, especially in orchestrated container environments.

See the DS product documentation for further information:

ForgeRock Identity Management

ForgeRock Identity Management (IDM) provides a REST-based interface for monitoring the status of internal resources. The health check service reports on the state of the server and outputs this state to the OSGi console.

The configurable health check service verifies the status of the modules and services required for an operational system. During system startup, IDM checks that these modules and services are available, and reports on any requirements that have not been met. If dynamic configuration changes are made, IDM rechecks that the required modules and services are still functioning. 

IDM also provides a basic reporting service that enables you to generate reports on specific sets of data within a resource collection. This service can avoid the need for third-party data analysis tools in simple use cases. Tools are available for monitoring metrics related to activity in an installation, along with a Dropwizard dashboard widget for viewing metrics, and a Prometheus endpoint for viewing metrics through external resources such as Prometheus and Grafana. The admin UI also includes widgets that enable you to monitor usage trends regarding new user registrations, sign-ins and password resets.

See the IDM product documentation for further information:

ForgeRock Identity Gateway

ForgeRock Identity Gateway (IG) allows you to set up and maintain monitoring in your deployment, to ensure appropriate performance and service availability. Traffic passing through IG can be monitored and audited to enable proactive alerts and easy investigation of activity. Traffic monitor statistics can also be examined or exported for analysis.

Metrics are available for each router, subrouter, and route in the configuration. When a TimerDecorator is configured, timer metrics are also available.

IG automatically exposes a monitoring endpoint where Prometheus can scrape metrics, in a standard Prometheus format. Tools such as Grafana are available to create customized charts and graphs based on the information collected by Prometheus. 

See the IG product documentation for further information:

See Also

Does the ForgeRock Identity Platform include an audit logging service?

Does the ForgeRock CIAM solution support login analytics and decision logic?


Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.