Header background

Automated and fine-grained control of monitoring at scale (Early Adopter Release)

Dynatrace is proud to announce a major update to how you can use process group monitoring rules to control the “deep” monitoring of your applications at the code and transaction levels.

Automatic monitoring with Dynatrace OneAgent

Dynatrace OneAgent automatically monitors all process groups detected in your environment—just restart any processes that are running during OneAgent installation. Additionally, OneAgent provides deep monitoring of all processes that it can monitor at the request and PurePath levels, delivering end-to-end visibility into requests of all auto-detected server-side services, including database services.

This delivers two important advantages:

  • Dynatrace delivers value quickly, typically within minutes of installation.
  • Dynatrace simplifies monitoring of large-scale environments that contain hundreds of hosts and thousands of processes. In such environments, it’s not feasible to manually configure monitoring for so many entities. Dynatrace OneAgent doesn’t require any configuration and fully automates the monitoring process.

However, not all processes are of equal importance to your monitoring.

  • You may have a number of unimportant or short-lived processes that you don’t want to monitor at the code level.
  • You may not be able to run deep monitoring on applications that belong to your customers and are outside your control.
  • More traditional customers may insist on strict control over which processes are monitored.
  • Dynatrace doesn’t automatically perform deep monitoring of .NET and Go processes, as there are many arbitrary processes that rely on these processes. At the same time, you will want to monitor all ASP.NET applications and all Go and .NET core applications running on Cloud Foundry or Kubernetes.

This is where the new built-in process group monitoring rules can help.

Set up process group monitoring

To tell Dynatrace which processes you want to monitor, go to Settings > Process groups > Process group monitoring.

The Process group monitoring settings page allows you to enable deep process monitoring and define any specific exceptions that may be required to the enabled set of monitoring rules.

Process group monitoring settings

Enable automatic deep monitoring

The Enable automatic deep monitoring switch determines whether or not Dynatrace OneAgent automatically runs deep monitoring of all detected processes.

Process group monitoring - enable

  • When set to On (the default setting), Dynatrace OneAgent runs deep monitoring for all processes it can monitor unless you specify exceptions for a specific process or by creating rules that define exceptions. Only disable this setting if your company policies require it.
  • When set to Off, Dynatrace OneAgent runs deep monitoring only for processes that are specified explicitly or that are covered by a deep monitoring rule. You can then manually enable monitoring at the process level or process group level, or you can choose to define rules about what you want to monitor.

Note: Deep monitoring can only be disabled if all installed OneAgents in your monitored environment are at version 1.123 or higher.

How process monitoring rules are applied

The global automatic deep monitoring setting doesn’t take precedence over any individual process monitoring rules you may have set up. If a process monitoring rule indicates that a certain process should be monitored, and the Enable automatic deep monitoring setting is set to Off, the individual rule will take precedence and the process will be monitored. Therefore, each process monitoring rule is an exception to the general monitoring policy.

Monitoring rules are split into two categories, custom rules and built-in rules. See below for details.

Custom monitoring rules

These are rules that you define to suit your needs for specific processes running in your environment. For example, the second rule in the image below tells Dynatrace not to monitor any Java process that is started by a JAR file that contains the stringcmdlauncher.

process group monitoring rules

To add a custom monitoring rule

  1. Click Add new rule to display controls you can use to define your custom monitoring rule.
    Process group monitoring - custom rules - add
  2. Select Monitor or Do not monitor from the first droplist to specify that the rule defines processes are to be monitored or processes that should be excluded from monitoring.
  3. Select the property on which the rule should be based. The list of properties is the same as that used for process group detection rules.
  4. Define any additional condition that a process needs to meet for the rule to be applied.

The example rule below specifies that OneAgent shouldn’t be injected into any process in Cloud Foundry spaces that contain the string customer.

Process group monitoring - sample custom rule

As you can see, custom process monitoring rules give you fine-grained control over which processes OneAgent monitors with an approach that scales easily within large environments. You don’t need to adjust your system configuration, and a few rules can cover many thousands of processes.

Importance of rule order

Process monitoring rules are executed in the order in which they are listed. This allows for some interesting possibilities. For example, according to the rules below:

Process group monitoring - rule order

  • The first rule states that no Java process with a JAR file that containsapl-remotecontrol.jar should be monitored, regardless of where the JAR file runs.
  • The second rule states that OneAgent should monitor all admin Cloud Foundry applications.
  • The third rule states that processes in the Cloud Foundry customer space shouldn’t be monitored.

In combination, these rules restrict monitoring to just the admin applications. Because the second rule is executed before the third rule, we would also monitor admin applications in the customer space, but nothing else. And, thanks to the first rule, deep process monitoring won’t be enabled for Java processes with JAR files that contain apl-remotecontrol.jar even if they’re part of the admin application.

Built-in monitoring rules

Dynatrace provides a long list of standard process monitoring rules that are enabled by default (see below). These rules can be disabled as needed.

Built-in process group monitoring rules

Why Dynatrace provides built-in process monitoring rules

Dynatrace OneAgent doesn’t carry out deep monitoring of all .NET and Go processes. This is because both .NET and Go are rather popular languages. Applications like Outlook, Notepad, and PowerPoint are written in .NET. Similarly, many common infrastructure components are written in Go. This is why Dynatrace only performs deep monitoring of those .NET and Go processes that you either explicitly enable or that are covered by monitoring rules.
By default, Dynatrace monitors:
  • All .NET and Go Kubernetes applications
  • All .NET and Go Cloud Foundry applications
  • All .NET and Go applications deployed in Docker containers
  • ASP.NET Core applications started by IIS
  • Core components of CloudFoundry written in Go
  • Caddy – a Web Server written in Go
  • InfluxDB – a Timeseries database written in Go

Dynatrace understands that these built-in rules will almost exclusively cover interesting applications in your environment. Other built-in rules ensure that we cover all Cloud Foundry platform processes.

These built-in rules won’t, however, cover your own .NET and Go applications unless those applications are deployed in containers, Cloud Foundry, or Kubernetes. If this is not the case for your .NET and Go applications, you should add your own .NET and Go applications as custom monitoring rules.

The other built-in rules mostly ensure that processes that we can run deep monitoring on, but that typically aren’t interesting, are blocked by default. You should leave these rules as is and define your own custom rules as required.

At Dynatrace, we strive to deliver the most value with the least configuration worry. Auto-discovery, zero configuration, and auto-injection of OneAgent are important aspects of our approach. Process-group monitoring rules provide you with convenient control over these configurations even when deployed at scale within large environments.

Limitations

  • Deep monitoring rules only affect service- and code-level monitoring.
  • Deep monitoring rules are only effective when OneAgent is installed on your hosts or images.
  • Application-only integrations without a full OneAgent installation don’t support monitoring rules. However, in such situations, the integrations themselves provide effectively the same level of control over your process monitoring setup.
  • Rules may work on earlier versions of OneAgent, but they’re only supported for OneAgent version 1.151 or higher.