Auditing, logging, and monitoring Satellite Link endpoints

Add auditing, logging, and monitoring to your link endpoints to help ensure the health and performance of the services and resources attached to your location.

Auditing events for endpoint actions

IBM Cloud Satellite integrates with IBM Cloud Activity Tracker to collect and send audit events for all link endpoints in your location to your Activity Tracker instance.

Provision an instance of Activity Tracker in the IBM Cloud region that your Satellite location is managed from.
From the Satellite Locations dashboard, click the name of your location.
From the Link endpoints tab, click the name of your endpoint.
From the actions menu, click Launch Auditing. The dashboard for your Activity Tracker instance is opened, and the events are filtered for your endpoint's ID.

For more information about the types of Satellite events that you can track, see Auditing events for Satellite.

Logging and monitoring network traffic for endpoints

Log traffic that flows from your source to your destination resource over a Satellite endpoint.

Setting up Monitoring for Satellite Link metrics

Metrics are available for the Satellite Link component of your location to help you monitor the performance of specific Link endpoints or of all Link endpoints for the location. For example, you can monitor the latency or throughput of a specific Link endpoint that you created. To get started, see Setting up Monitoring for Satellite location platform metrics.

Running a packet capture of endpoint traffic

Run a packet capture to view the traffic that is flowing from your source to your destination resource over a Satellite endpoint. Packet captures can be useful to help you debug problems with your endpoint connectivity or to monitor sources that access your destination.

Before you begin, install a packet capture tool, such as tcpdump, on your local machine.

Get the host name and port for your endpoint in the Address field. For cloud endpoints, the host name is the Satellite Link connector host name. For location endpoints, the host name is the Satellite Link tunnel server host name.

ibmcloud sat endpoint ls --location <location_ID>

Example output

ID                           Name                                         Destination Type   Address
c0mnbnkw0jl8si22djkg_cEomQ   openshift-api-c0mpnn4w0bv28oq2dks0           location           TCP  c-02.us-east.link.satellite.cloud.ibm.com:32823
c0mnbnkw0jl8si22djkg_6UTZd   satellite-healthcheck-c0mnbnkw0jl8si22djkg   location           HTTP c-02.us-east.link.satellite.cloud.ibm.com:32822

By using the host name and port, start a packet capture. The following command is an example for using tcpdump.

tcpdump -i <interface> host <link_host> and port <endpoint_port> [-n] [-w <filename>.pcap]

Understanding the API request
Component	Description
`-i <interface>`	The interface that routes traffic through the endpoint. To view available interfaces, run `tcpdump -D`. If you do not know which interface is used, specify `-i any`.
`host <link_host>`	The host name that was assigned by Satellite Link to your endpoint.
`port <endpoint_port>`	The port that was assigned by Satellite Link to your endpoint.
`-n`	Include this option if you do not want the IP addresses and port numbers in the output to be converted to DNS host names.
`-w <filename>`	Include this option to print the output of the packet capture into a `.pcap` file.

In the output, you can check the sources and destinations of packets that are sent through the endpoint.

Example output for a cloud endpoint that allows sources in a Satellite location (10.171.52.151) to access a target resource in IBM Cloud (166.9.12.121).

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
05:58:13.471632 IP 10.171.52.151.33666 > 166.9.12.121.filenet-nch: Flags [S], seq 2853445049, win 29200, options [mss 1460,sackOK,TS val 592612262 ecr 0,nop,wscale 7], length 0
05:58:13.474685 IP 166.9.12.121.filenet-nch > 10.171.52.151.33666: Flags [S.], seq 2264270242, ack 2853445050, win 28960, options [mss 1460,sackOK,TS val 1156479729 ecr 592612262,nop,wscale 9], length 0
05:58:13.474718 IP 10.171.52.151.33666 > 166.9.12.121.filenet-nch: Flags [.], ack 1, win 229, options [nop,nop,TS val 592612265 ecr 1156479729], length 0
05:58:13.474806 IP 10.171.52.151.33666 > 166.9.12.121.filenet-nch: Flags [P.], seq 1:115, ack 1, win 229, options [nop,nop,TS val 592612265 ecr 1156479729], length 114
05:58:13.476559 IP 166.9.12.121.filenet-nch > 10.171.52.151.33666: Flags [.], ack 115, win 57, options [nop,nop,TS val 1156479729 ecr 592612265], length 0
05:58:13.583080 IP 166.9.12.121.filenet-nch > 10.171.52.151.33666: Flags [P.], seq 1:145, ack 115, win 57, options [nop,nop,TS val 1156479756 ecr 592612265], length 144
05:58:13.583132 IP 10.171.52.151.33666 > 166.9.12.121.filenet-nch: Flags [.], ack 145, win 237, options [nop,nop,TS val 592612373 ecr 1156479756], length 0
05:58:13.583399 IP 10.171.52.151.33666 > 166.9.12.121.filenet-nch: Flags [F.], seq 115, ack 145, win 237, options [nop,nop,TS val 592612373 ecr 1156479756], length 0
05:58:13.585237 IP 166.9.12.121.filenet-nch > 10.171.52.151.33666: Flags [F.], seq 145, ack 116, win 57, options [nop,nop,TS val 1156479756 ecr 592612373], length 0
05:58:13.585273 IP 10.171.52.151.33666 > 166.9.12.121.filenet-nch: Flags [.], ack 146, win 237, options [nop,nop,TS val 592612375 ecr 1156479756], length 0

If you want to quickly generate traffic logs to test your endpoint, you can send 100 requests to your endpoint's host name and port: for ((i=1;i<=100;i++)); do curl -v --header "Connection: keep-alive" "<host>:<port>"; done.