API Firewall Metrics of the NGINX Node¶
This article describes the API Firewall metrics of the NGINX Node. The API Firewall provides the core functionality for API Specification Enforcement, which detects discrepancies between your API specification and actual REST API requests.
The metrics include data on HTTP request performance, request counts, and service errors. They help you monitor and troubleshoot the NGINX Node.
Enabling API Firewall metrics¶
API Firewall metrics are not enabled by default. You need to enable them differently depending on your deployment type.
For Docker image:
-
Set the
APIFW_METRICS_ENABLED
environment variable totrue
when deploying the NGINX Node.Once enabled, metrics are available at
http://<host>:9010/metrics
unless custom host or path are used (see step 2 below). -
(Optional) You can change the default API Firewall metrics endpoint
http://<host>:9010/metrics
using the following environment variables:APIFW_METRICS_ENDPOINT_NAME
- the path at which the metrics endpoint is exposed.APIFW_METRICS_HOST
- the IP address and/or port for the metrics endpoint. When specifying a port, prefix it with a colon (:).
Expose the metrics port in your container or deployment configuration (e.g., for the default state, use-p 9010:9010
).
-
Add the
controller.wallarm.apiFirewall.metrics*
values to the Helm Chart during NGINX Ingress Controller deployment or upgrade.controller: wallarm: apiFirewall: metrics: enabled: true port: 9010 endpointPath: /metrics host: ":9010" service: servicePort: 9010
Once enabled, metrics are available at
http://<host>:9010/metrics
unless custom host or path are used (see step 2 below). -
(Optional) You can change the default API Firewall metrics endpoint using the values described above.
For Sidecar:
-
Add the
config.wallarm.apiFirewall.metrics.*
values to the Helm Chart during Sidecar deployment or upgrade.config: wallarm: # Other configuration values... apiFirewall: mode: "on" readBufferSize: 8192 writeBufferSize: 8192 maxRequestBodySize: 4194304 disableKeepalive: false maxConnectionsPerIp: 0 maxRequestsPerConnection: 0 metrics: enabled: true endpointName: "metrics" host: ":9010" fallback: "on"
Once enabled, metrics are available at
http://<host>:9010/metrics
unless custom host or path are used (see step 2 below). -
(Optional) You can change the default API Firewall metrics endpoint using the values described above.
For All-in-one installer and cloud images (AWS AMI, GCP Machine Image):
-
Once you have deployed the NGINX Node, add
APIFW_METRICS_ENABLED=true
to/opt/wallarm/env.list
. -
(Optional) You can change the default API Firewall metrics endpoint
http://<host>:9010/metrics
by adding the following to/opt/wallarm/env.list
:APIFW_METRICS_ENDPOINT_NAME
- the path at which the metrics endpoint is exposed.APIFW_METRICS_HOST
- the IP address and/or port for the metrics endpoint. When specifying a port, prefix it with a colon (:).
-
To apply the custom API Firewall metrics settings, restart NGINX and then restart the Wallarm service:
Once enabled, metrics are available at http://<host>:9010/metrics
unless custom host or path are used (see step 2 above).
Example of API Firewall metrics¶
See the example of API Firewall metrics below.
Each metric includes HELP
and TYPE
metadata lines, which describe its purpose and format in detail.
# HELP wallarm_apifw_http_request_duration_seconds HTTP request duration in seconds
# TYPE wallarm_apifw_http_request_duration_seconds histogram
wallarm_apifw_http_request_duration_seconds_bucket{schema_id="1",le="0.001"} 2
wallarm_apifw_http_request_duration_seconds_bucket{schema_id="1",le="0.005"} 2
wallarm_apifw_http_request_duration_seconds_bucket{schema_id="1",le="0.025"} 2
wallarm_apifw_http_request_duration_seconds_bucket{schema_id="1",le="0.05"} 2
wallarm_apifw_http_request_duration_seconds_bucket{schema_id="1",le="0.25"} 2
wallarm_apifw_http_request_duration_seconds_bucket{schema_id="1",le="0.5"} 2
wallarm_apifw_http_request_duration_seconds_bucket{schema_id="1",le="1"} 2
wallarm_apifw_http_request_duration_seconds_bucket{schema_id="1",le="2.5"} 2
wallarm_apifw_http_request_duration_seconds_bucket{schema_id="1",le="5"} 2
wallarm_apifw_http_request_duration_seconds_bucket{schema_id="1",le="+Inf"} 2
wallarm_apifw_http_request_duration_seconds_sum{schema_id="1"} 0.00028954100000000004
wallarm_apifw_http_request_duration_seconds_count{schema_id="1"} 2
# HELP wallarm_apifw_http_requests_total Total number of HTTP requests
# TYPE wallarm_apifw_http_requests_total counter
wallarm_apifw_http_requests_total{schema_id="1",status_code="200"} 2
# HELP wallarm_apifw_service_errors_total Total number of errors occurred in the APIFW service.
# TYPE wallarm_apifw_service_errors_total counter
wallarm_apifw_service_errors_total 0