I do think metrics like this would be valuable. However, they wouldn't be measured or presented specifically in the context of MQTT. They would be general metrics for authn & authz for all protocols. Right now I'm thinking of adding the following for both authentication and authorization:
- success count - failure count - cache hit count - cache miss count - cache size This would be a total of 10 new metrics. I could also add success/failure counts for each and every different authorization permission (e.g. send, consume, browse, createDurableQueue, createAddress, etc.), but that would be 20 additional metrics. Do you have any thoughts or preferences regarding this? Keep in mind that notifications [1] are sent for every authn & authz failure so you can *already* set up something to monitor and alert if necessary. Justin [1] https://activemq.apache.org/components/artemis/documentation/latest/management.html#management-notifications On Tue, May 9, 2023 at 12:03 PM andrea bisogno <bisoma...@hotmail.it> wrote: > Hi support, > do you have any info to share here? > Many thanks in advance, > > Andrea > ________________________________ > Da: andrea bisogno <bisoma...@hotmail.it> > Inviato: giovedì 27 aprile 2023 08:54 > A: users@activemq.apache.org <users@activemq.apache.org> > Oggetto: Metrics on Artemis for negative use cases > > Hi, > I would need support for understanding if the Metrics offered by Artemis > (as documented at > https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Factivemq.apache.org%2Fcomponents%2Fartemis%2Fdocumentation%2Flatest%2Fmetrics.html&data=05%7C01%7C%7C11071d1eb504475dba7c08db46fd0f55%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638181824912753093%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=36tTJERr10WmiUki8m1A6IvZbQVizRhJb2yyq6l%2BU7U%3D&reserved=0 > )< > https://activemq.apache.org/components/artemis/documentation/latest/metrics.html> > cover the negative use cases too. > I mean, it would be great to be able to trace: > > * the number of the MQTT connections failed due to authorization issues > * the number of the messages not published due to authorization issues > (e.g. no role for that user to send messages on a destination) > * the number of the subscriptions failed due to authorization issues > (e.g. no role for that user to subscribe to a destination) > > If these scenarios are currently not covered by the metrics, is it > possible to add these in one of the next releases? > Being able to trace also these negative scenarios could be very useful, > for example for comparing how many MQTT connection succeded and how many > failed due to authorization issues. > > Many thanks in advance, > > Andrea >
