Question

PDC how to enable inserts in DB alerts

How do I enable query inserts in my DB alerts? I want to see the values that will be used with each query alert. I have a DSS setting for PegaEngine prconfig/alerts/database/operationtimethreshold/suppressinserts/default = false. I've used this in the past successfully with AES but it does not seem to be working for me with PDC.

Should I use something else? Are there other settings to filter the inserts?

Comments

Keep up to date on this post and subscribe to comments

Pega
August 5, 2019 - 7:58pm

Configuring the following should include bind variables:

<env name="alerts/database/operationTimeThreshold/suppressInserts" value="false" />

August 5, 2019 - 8:21pm

The setting does print out actual insert values in the monitored nodes (after restart) alert log, but PDC does not parse out those values. This might be intentional (for security reasons as those values can contain sensitive user info). @WERDA, can you confirm one way or another?

Pega
August 5, 2019 - 9:52pm

We would prefer that monitored systems NOT send bind variables / SQL inserts to PDC as bind often contain private business data. 

Base on feedback from security SME's PDC was enhanced to strip "inserts: " from alerts if present and never persist the potentially sensitive data. 

Please provide some guidance as to what you are trying to fix, why you want to see the inserts and whether you are debugging in a dev / stage or production environment. I could see a business case to allow a system manager to re-enable inserts for short term debugging or in lower environments.

To verify that you have the correct system settings to send bind variables, just check the ALERT file -- whilst PDC does not get the entire alert message, presence or absence of bind variables works the same. 

You should set configuration settings with dynamic system settings or JVM Arguments (-DNodeSettings=) rather than prconfig changes. 

 

 

August 20, 2019 - 10:55am

The inserts are in my alert logs but they appear to be stripped out before going to PDC.   I'll use the SQL from PDC to search the alert logs to get the inserts.  Without the inserts the SQL explain plan has less value.

Pega
September 16, 2019 - 5:17pm
Response to JohnB097

Inserts are actually stripped / dropped by PDC at present. This is intentional behavior - most of the time inserts (bind variables) contain business data and we don't want to accept business data in the PDC service. We need some type of security policy workflow where designated, authorized and verified system administrators could chose to allow PDC to collect bind variable data on a temporary basis. Any thoughts on how that would work - or would it be save and sufficient to say that PDC accepts bind variables / inserts for non-production environments but blocks them in production?

Pega
September 16, 2019 - 5:18pm
Response to JohnB097

Inserts are actually stripped / dropped by PDC at present. This is intentional behavior - most of the time inserts (bind variables) contain business data and we don't want to accept business data in the PDC service. We need some type of security policy workflow where designated, authorized and verified system administrators could chose to allow PDC to collect bind variable data on a temporary basis. Any thoughts on how that would work - or would it be save and sufficient to say that PDC accepts bind variables / inserts for non-production environments but blocks them in production?