Validating the Transmitted Between Your System and Azul Intelligence Cloud
On What Info is Transmitted Between Your System and Azul Intelligence Cloud the data that is sent from your system is documented. You can validate this data using one of the following methods.
Check the Forwarder Logging
Set the LOG_LEVEL
of the Forwarder to TRACE
to get a print of every message that is received in the Forwarder. See Forwarder Configuring Options for more info.
Capturing the Transmitted Data Using Wireshark
Since the data that is being transmitted between the JVMs and the Forwarder is encrypted with TLS, Wireshark needs access to the encryption keys. Use the following steps to be able to capture this data.
-
Configure Wireshark to find the keys:
-
Preferences > Protocols > TLS > Pre-Master-Secret log filename.
-
Specify a local filename.
-
-
Configure your JVM to put the keys in the file.
-
Use the jSSKeyLog agent.
-
Instructions on downloading and setting up jSSKeyLog can be found at github.com/jsslkeylog.
-
Example:
-javaagent:~/Projects/jSSLKeyLog/jSSLKeyLog.jar=~/Projects/avdtest/conf/sslkey.log
-
-
Configure Wireshark to capture packets to the IP address of the Forwarder.
-
Run your Java application that has been configured for CRS and also has the jSSKeyLog agent attached.
-
You should see the packets in Wireshark and when you look an HTTP/JSON packet with URI prefix /crs the payload should be in plain text (readable JSON).
-
To reduce the Wireshark output to just the packets of interest add the following filter:
http.request.method == POST && http.request.uri contains "/crs" -
Save this capture to a file.
NoteThis is important as the next step only works on a saved file, not a live capture. -
Export the contents of the JSON out of Wireshark into a JSON file.
-
File > Export Packet Dissections > As JSON
-
-
The resulting file has more details about the HTTP conversation. It is an array that you need to parse to get to another array.
-
Each array item is an HTTP/Post that contains the actual payload in
_source.layers.http[http.file_data]
. -
This payload is a JSON in a string with an array of events.
-
These are the events that CRS sent to the Forwarder.
NoteMethod data does not always have the string name of the class in the event but it does include a classId that can be used to find the class name in other EVENTS. -
AVD data is sent with an eventName and payload, as described in "VM Event".
-
Data Examples
{
"eventId": "d8b1947c-5337-427b-979c-6e4bb36fde49",
"eventType": "VM_CREATE",
"eventPayload": {
"agentVersion": "1.0.26-1462",
"agentRevision": "41ffdd5",
"inventory": {
"hostName": "localhost",
"systemProperties": {
"java.specification.version": "11",
"sun.management.compiler": "HotSpot 64-Bit Tiered Compilers",
"sun.jnu.encoding": "UTF-8",
"java.runtime.version": "11.0.20+0-LTS-dev-20230413100725",
"user.name": "test",
"java.class.path": "target/jtest-2.14.1.jar:lib-2.14.1/log4j-core-2.14.1.jar:lib-2.14.1/log4j-api-2.14.1.jar",
"java.vm.vendor": "Azul Systems, Inc.",
"path.separator": ":",
"sun.arch.data.model": "64",
"os.version": "13.3.1",
"file.encoding": "UTF-8",
"os.name": "Mac OS X",
"java.vm.name": "OpenJDK 64-Bit Server VM",
"java.vendor.version": "Zulu11.66+0-CA-dev-20230413100725",
"sun.java.launcher": "SUN_STANDARD",
"user.country": "US",
"sun.boot.library.path": "/Users/test/IdeaProjects/ictest/jdks/Zulu11.66+0-CA-dev-20230413100725/lib",
"java.io.tmpdir": "/var/folders/0s/g4h1_8y13bggncbny502s5b80000gp/T/",
"java.version": "11.0.20",
"sun.cpu.endian": "little",
"user.home": "/Users/test",
"user.dir": "/Users/test/IdeaProjects/ictest/apps/log4jTest",
"user.language": "en",
"os.arch": "x86_64",
"java.home": "/Users/test/IdeaProjects/ictest/jdks/Zulu11.66+0-CA-dev-20230413100725",
"sun.os.patch.level": "unknown",
"file.separator": "/",
"line.separator": "\n",
"java.library.path": "/Users/test/Library/Java/Extensions:/Library/Java/Extensions:/Network/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java:.",
"jdk.vendor.version": "Zulu11.66+0-CA-dev-20230413100725",
"java.vendor": "Azul Systems, Inc.",
"java.vm.version": "11.0.20+0-LTS-dev-20230413100725",
"sun.io.unicode.encoding": "UnicodeBig"
},
"osEnvironment": {
"AZ_CRS_ARGUMENTS": "UnlockExperimentalCRS,enable,api.url=https://127.0.0.1:443,api.mailbox=mailbox@crs,log=debug+time,delayInitiation=0,delayTermination=120000,notifyFirstCall=true",
"CRS_TAGS": "testtid=92E54103-4145-4DA4-AC79-578A1109A327;testapp=Log4j;testmod=14_PRESENT"
},
"mainMethod": "jdk/internal/jimage/BasicImageReader$1.run"
},
"startTime": 1681488478704,
"owner": "mailbox@crs"
}
}
{
"eventId": "4ff1aaea-806c-4804-9697-5223608b1470",
"eventType": "VM_ARTIFACT_CREATE",
"eventPayload": {
"artifactId": "1",
"artifactType": "CRS_LOG",
"metadata": {
"name": "crs.log"
}
}
}
{
"eventId": "07749e32-3ace-41d4-bcd1-f6c6f797b930",
"eventType": "VM_ARTIFACT_DATA",
"eventPayload": {
"data": "0.455: [CRS.args][error] unrecognized CRS agent option printParameters ignored\n0.525: [CRS.id][debug] 0.525: [CRS.id][warning] notifyToJavaCall name 'jdk/internal/jimage/BasicImageReader$1.run' accepted.\nnotifyToJavaCall - name jdk/internal/jimage/BasicImageReader$1.run has been already accepted, skip jdk/internal/loader/BuiltinClassLoader$2.run\n0.537: [CRS.connection][info] Using CRS endpoint configuration\n0.537: [CRS.connection][info] API url = https://127.0.0.1:443\n0.537: [CRS.connection][info] mailbox = mailbox@crs\n0.540: [CRS.id][trace] checking if startup is complete and waiting for it to finish (120000 ms)\n0.561: [CRS.id][debug] CRS agent (1.0.26-1462+41ffdd5) started. Start time 1681488478704, VM uptime 531ms\n0.663: [CRS.id][trace] Post VM start to CRS service\n0.685: [CRS.id][trace] Active VMCRSCapabilities: [POST_JAR_LOAD_EVENTS, POST_CLASS_LOAD_EVENTS, POST_FIRST_CALL_EVENTS, POST_NOTIFY_TO_JAVA_CALLS, POST_VM_TOOLING_EVENT]\n1.257: [CRS.connection][info] Get runtime token: clientVersion=1.0.26-1462, mailbox=mailbox@crs\n2.355: [CRS.id][info] Agent authenticated: vmId=b6426012-27d0-4107-89c5-9d7c79f92640\n2.357: [CRS.id][debug] VM uptime 2327ms\n",
"artifactId": "1"
}
}
{
"eventId": "659f1361-19ad-46d2-84e4-8340ff55938f",
"eventType": "VM_CLASS_LOADED",
"eventTime": 1681488481265,
"eventPayload": {
"classId": "2878",
"loaderId": "1",
"className": "java/lang/ProcessHandleImpl$1",
"source": "/Users/test/IdeaProjects/ictest/jdks/Zulu11.66+0-CA-dev-20230413100725/lib/modules",
"hash": "66b2551812eb9d408752e884ea503ee1dd181797926e5498bacca932869ac50d"
}
}
{
"eventId": "15478e09-43b1-4c2f-b58d-b02574f5a824",
"eventType": "VM_METHOD_FIRST_CALLED",
"eventTime": 1681488481249,
"eventPayload": {
"classId": "2878",
"methodName": "run()V"
}
}
{
"eventId": "3fdf2e5e-d60c-4f32-b3e0-225a55ab7d6a",
"eventType": "VM_CLASS_LOADED",
"eventTime": 1681488481524,
"eventPayload": {
"classId": "1307",
"loaderId": "3",
"className": "com/azul/test/Main",
"source": "file:/Users/test/IdeaProjects/ictest/apps/log4jTest/target/jtest-2.14.1.jar",
"hash": "ac04bef1ef16cdc754483b694af31a36db1f8e42b5dd7243c800be22c8a1d95d"
}
}
{
"eventId": "1133fed5-45ee-4d00-ac4d-40e007f858f8",
"eventType": "VM_METHOD_FIRST_CALLED",
"eventTime": 1681488481524,
"eventPayload": {
"classId": "1307",
"methodName": "main([Ljava/lang/String;)V"
}
}