The Admin REST API reports on ABS cluster node resources including IP address, operating system, CPU, memory, and filesystem usage. It also reports MongoDB node information including IP address, node type, and status. Finally, it provides status on attack detection and reporting on APIs.
The report can be accessed by calling the ABS system at the following URL:
https://<ip>:<port>/v4/abs/admin
The following is a sample JSON report.
{
"company": "ping identity",
"name": "api_admin",
"description": "This report contains status information on all APIs, ABS clusters, and ASE logs",
"license_info": {
"tier": "Free",
"expiry": "Sun Jan 10 00:00:00 UTC 2021",
"max_transactions_per_month": 0,
"current_month_transactions": 30,
"max_transactions_exceeded": false,
"expired": false
},
"across_api_prediction_mode": true,
"poc": true,
"api_discovery": {
"subpath_length": "1",
"status": true
},
"apis": [
{
"api_name": "atm_app_oauth",
"host_name": "*",
"url": "/atm_app_oauth",
"api_type": "regular",
"creation_date": "Thu Mar 05 08:54:01 UTC 2020",
"servers": 1,
"protocol": "https",
"cookie": "JSESSIONID",
"token": false,
"training_started_at": "Fri Feb 14 06:44:06 UTC 2020",
"training_duration": "1 hour",
"prediction_mode": true,
"apikey_header": "X-API-KEY-2",
"apikey_qs": "",
"username_header": "x-username-header",
"jwt": {
"username": "",
"clientid": "",
"location": ""
}
},
{
"api_name": "root_api",
"host_name": "*",
"url": "/",
"api_type": "regular",
"creation_date": "Thu Mar 05 08:54:01 UTC 2020",
"servers": 1,
"protocol": "https",
"cookie": "JSESSIONID",
"token": false,
"training_started_at": "n/a",
"training_duration": "n/a",
"prediction_mode": false,
"apikey_header": "X-API-KEY-1",
"apikey_qs": "",
"username_header": "x-username-header",
"jwt": {
"username": "",
"clientid": "",
"location": ""
}
}
],
"abs_cluster": {
"abs_nodes": [
{
"node_ip": "127.0.0.1",
"os": "Red Hat Enterprise Linux Server - VMware, Inc.",
"cpu": "16",
"memory": "31G",
"filesystem": "3%",
"timezone": "local (ist)”,
"bootup_date": "Wed Dec 02 17:25:51 IST 2020"
},
{
"node_ip": "127.0.0.1",
"os": "Red Hat Enterprise Linux Server - VMware, Inc.",
"cpu": "16",
"memory": "31G",
"filesystem": "4%",
"timezone": "local (pst)",
"bootup_date": "Wed Dec 02 05:29:55 PST 2020"
}
],
"mongodb_nodes": [
{
"node_ip": "127.0.0.1:27017",
"status": "primary"
}
]
},
"ase_logs": [
{
"ase_node": "88968c39-b4ea-4481-a0b4-d0d651468ab5",
"last_connected": "Thu Mar 05 08:40:14 UTC 2020",
"logs": {
"start_time": "Thu Mar 05 08:40:14 UTC 2020",
"end_time": "Thu Mar 05 08:40:14 UTC 2020",
"gzip_size": "0.74KB"
}
},
{
"ase_node": "e6b82ce9-afb3-431a-8faa-66f7ce2148b9",
"last_connected": "Thu Mar 05 08:54:06 UTC 2020",
"logs": {
"start_time": "Thu Mar 05 08:54:06 UTC 2020",
"end_time": "Thu Mar 05 08:54:06 UTC 2020",
"gzip_size": "2.82KB"
}
},
{
"ase_node": "4df50c47-407a-41f9-bda6-b72dc34dadad",
"last_connected": "Fri Feb 28 07:20:03 UTC 2020",
"logs": {
"start_time": "Tue Feb 25 12:50:00 UTC 2020",
"end_time": "Fri Feb 28 07:20:03 UTC 2020",
"gzip_size": "76.01KB"
}
},
{
"ase_node": "1910051e-5bab-44e6-8816-5b5afffdd1cf",
"last_connected": "Tue Feb 18 08:10:05 UTC 2020",
"logs": {
"start_time": "Fri Feb 14 06:42:38 UTC 2020",
"end_time": "Tue Feb 18 08:10:05 UTC 2020",
"gzip_size": "2.89MB"
}
}
],
"percentage_diskusage_limit": "80%",
"scale_config": {
"scale_up": {
"cpu_threshold": "70%",
"cpu_monitor_interval": "30 minutes",
"memory_threshold": "70%",
"memory_monitor_interval": "30 minutes",
"disk_threshold": "70%",
"disk_monitor_interval": "30 minutes"
},
"scale_down": {
"cpu_threshold": "10%",
"cpu_monitor_interval": "300 minutes",
"memory_threshold": "10%",
"memory_monitor_interval": "300 minutes",
"disk_threshold": "10%",
"disk_monitor_interval": "300 minutes"
}
},
"attack_ttl": {
"ids": [
{
"id": "ip",
"ttl": 120
},
{
"id": "cookie",
"ttl": 120
},
{
"id": "access_token",
"ttl": 120
},
{
"id": "api_key",
"ttl": 240
},
{
"id": "username",
"ttl": 360
}
]
}
}
Percentage disk usage limit: The percentage disk usage limit is configured in the
/pingidentity/abs/mongo/abs.init.js
file. It is a good practice to
configure this value before initializing MongoDB and ABS. ABS stops accepting access log
files from ASE when the configured percentage_diskusage_limit
is
reached. An email alert is sent to the configured
email ID and also logged in the abs.log
file.
You can update the disk usage limit using the updates.sh
script
available in the /opt/pingidentity/abs/util
. Copy the script from the
util
directory to your MongoDB primary machine.
/opt/pingidentity/mongo/update.sh help
./update.sh -u absuser -p abs123 --db abs_metadata --auth_db admin --port 27017 --percentage_diskusage_limit 80
updating percentage_diskusage_limit to 80
WriteResult({ “nMatched” : 1, “nUpserted” : 0, “nModified” : 0 })
The current values of the variables are:
attack_initial_training=1
attack_update_interval=24
api_discovery=false
discovery_update_interval=1
continuous_learning=true
discovery_initial_period=24
url_limit=100
response_size=100
window_length=24
discovery_subpath=3
percentage_diskusage_limit=80
Configure TTL for client identifiers
Admin API with PUT method is used to configure the length of time to maintain blacklist entries for the different client identifiers, for example, IP address, token, cookie, and API key. For more information on configuring TTLs, see TTL for client identifiers