AppSight 5.0 Advanced Concepts Training

I D E N T I F Y S O F T W A R E

AppSight 5.0AppSight 5.0Advanced Concepts Training

Damian RochmanSr. Software Engineer and Consultantdrochman@us.identify.com

I D E N T I F Y S O F T W A R E

The Application

What is an Application?

The term application is a shorter form of application program.

An application program is a program designed to perform a specific function directly for the user or, in some cases, for another application program.

Applications use the services of the computer's operating system and other supporting applications.

The formal requests and means of communicating with other programs that an application program uses is called the application program interface (API).

Source: www.whatis.com

The Application Layers

User InterfaceUser Interface

Application ConfigurationApplication Configuration

System OperationsSystem Operations

COM CallsCOM Calls

CodeCode

User Interface Layer for Client Applications

Visual Playback

User Interface Layer for Client Applications

GUI Operations

“User Interface Layer” for Server Applications

Performance Counters

“User Interface Layer” for Server Applications

IIS Sessions ViewClient IP

ASP Session ID

Pages visited in the session

Application Configuration

System Configuration (static snapshot)

Application Configuration

File Configuration (dynamic scan)

Application Configuration

Registry Configuration (dynamic scan)

Application Configuration

Modules Configuration (dynamic scan)

Application Configuration

COM/COM+ Configuration (dynamic scan)

Application Configuration

IIS Configuration (static snapshot)

Application Configuration

.NET Configuration (dynamic scan)

Application Configuration

Internet Explorer Configuration (static snapshot)

System Operations Layer

myApp.exe

Files

Registry

Database

IIS

LibraryNetworking

Notifications

Web Services

.NET Remoting

Process Operations

COM Calls Layer

myApp.exe

myCOMObject

WriteFile

ExecuteQuery

SendMessage

EncryptData

Code Layer

Cal

c.ex

e

Add(int a, int b)

Subtract(int a, int b)

Divide(int a, int b)

Multiply(int a, int b)

Int Add (int a, int b){ return a+b;}

I D E N T I F Y S O F T W A R E

The Recording Profile

What is a Good Recording Profile?

A good recording profile is designed to capture all the requiredrequired information with an acceptableacceptable performance impact

Think Like a Black Box

Three questions the Black Box needs to know:

1.1. WhoWho do I need to trace?

2.2. WhatWhat information should I capture?

3.3. HowHow should I operate?

Who?

• Add the required process (es) to the list

• ADD the process do not ATTACH (!)

Who? (cont.)

• What if you do not have the process in your computer?

• The Black Box only checks for a process name.

• Take any process in your computer and rename it to the name of the process you wish to trace on the target computer.

• Add the “dummy” application to the list.

What?

• Select the Operations to trace.

• Select the Performance counters to trace.

• Select the COM/COM+ functions to trace.

• Define Alerts to process.

What? (cont.)

Select to modify operations for all processes

Select a process to modify the operations for that process only

This process has different settings than the default

To Trace Or Not To Trace?

Full TraceFull TraceFull TraceFull Trace

Operation Operation Called?Called?

Operation Operation Called?Called?

Remove From Remove From Recording ProfileRecording Profile

Remove From Remove From Recording ProfileRecording Profile

Repetitive?Repetitive?Repetitive?Repetitive?

Information Information Useful?Useful?

Information Information Useful?Useful?

Can I get the Can I get the Information in a Information in a different way?different way?

Can I get the Can I get the Information in a Information in a different way?different way?

Yes

Yes

No

No

No

Yes

NoYes

Include in Recording Include in Recording ProfileProfile

Include in Recording Include in Recording ProfileProfile

What? : Creating Alerts

Right Click on the operation Add Alert

Select the operation Add Alert

What? : Creating Alerts (cont.)

Operation includes/excludes substring

Operation result

•Record Alert•Stack Dump•Add Comment•Send Mail•Net Send•Run Application•Create New Session•Set Recording Profile•Call Function

What? : Creating Alerts (cont.)

• Record Alert– Useful for sending traced information to the AppSight Server

• Stack Dump– Escalation to code level

• Add Comment– Add your comments into the execution log

• Send Mail– Send e-mail with alert information

• Net Send– Send a network message to another computer

• Run Application– Rerun application if crashes– Trigger your custom application on event

• Create New Session– Archive/manage your sessions with meaningful definitions

• Set Recording Profile– Change recording profile automatically on any event

• Call Function– Execute a function in the address space of your application

What? : User & Resources

What? : File Attachments

How? : General Recording Settings

How? : Process Attachment Settings

I D E N T I F Y S O F T W A R E

Troubleshooting Applications

AppSight Architecture

What is the most important component in the AppSight Solution? (and why?)

AppSight Server

AppSight Black Box

AppSight Console

AppSight Architecture

1. The Black Box does not have any artificial intelligence.

2. The Black Box will not fix your problem.

The Optimistic vs. The Pessimistic

What is wrong?

Faster resolutionSlower resolution

Methodology Experience

OptimisticOptimistic PessimisticPessimistic

What is right?

Troubleshooting Process

• Analyze the different Application Layers.

– Always from the top one down.

• Divide and conquer

– Use the synchronization between the different layers.

– Use the filters to divide and trim down the execution activity of the application.

Typical Troubleshooting ScenarioC

od

eS

yste

mU

ser

Level 1 Level 2 Level 3

DefectTrackingSystem

User

Get AppSight

Log

Check Compatibility

Visual Log Analysis

View / Compare

Configuration

Advanced System

Troubleshooting

Escalation to Code Level

Advanced Code Level

Troubleshooting

The Three Troubleshooting Qs

• Questions that need to be answered to identify the root cause of a problem:

– What?What?Understand what is the problem that you need to troubleshoot.

– Where?Where?Narrow down to the tier/module where the problem occurs (or does not).

– Why?Why?Understand why the problem occurs in order to fix it.

90% of the effort

What?

• Watch Visual Playback

• Look for Performance problems

– Use Performance Counters

– Use the Application Performance

– Use the Performance Timeline

– Use the start time of each operation

• Look for failures

– Use the Summary tab

– Use the IIS Sessions view

Where?

• Filter the system log using the synchronization of the:

– Visual playback

– Performance graph

– IIS sessions view

– Summary tab

– Advanced filters

Why?

• Exception/Crash in your application/module?– Escalate to code level

• DB problem?– Wrong connection string?– Database is down?– Malformed SP?

• Network problem?– Network “busy”?

• Etc.

I D E N T I F Y S O F T W A R E

Analyzing AppSight Log Files

Visual Playback Analysis

Jump to next GUI OperationJump to previous

GUI Operation

Play the visual playback

Stop the visual playback

Jump to next frame

Jump to previous frame

Rewind visual playback

Zoom in/out visual playback

System Tab

Summary Tab Analysis

Summary Definitions

Modules Tab Analysis

Select process instance

Statically loaded module

Dynamically loaded module

Connections Tab Analysis

Process name

PID

IP + Port + Socket

XML Viewer

Filtering the Log File

Canceling the Filters

Cancel advanced filters

Filter in processes / threads

Filter in operations