Latest versions of out Authentication server provide various operational metrics that allow monitoring service usage and create alerts for anomalies. Metrics are in Prometheus format and available directly from Notakey Appliance node. 

Statistics are aggregated by stats-agent plugin that has to be configured on one or more nodes. A configuration with VRRP address for metrics is also possible. 

# minimal plugin configuration 

ntk cfg set :plugins.\"stats-agent\" '{
   "ports": [
    "tag": "statsagent"
  }' --json-input

Run ntk plugins update to update all plugin container images followed by ntk plugins restart


After the agent is configured you need to enable stats on Authentication server: 

ntk cfg set :nas.custom_params "ENABLE_STATS=1,STATS_HOST=stats-agent"
ntk as restart

Now metrics from Authentication server will be accessible on  http://<internal-ip>:9394/metrics

Some metrics to measure: 

ntk_as_auth_requests_created: Number of created auth requests per service 
ntk_as_auth_requests_failed: Number of failed creations of auth requests
ntk_as_auth_requests_signed: Number of signing events for auth requests per service 
ntk_as_api_auth_success_total: Number of successful API client authentication requests
ntk_as_api_auth_failures_total: Number of failed API client authentication requests
ntk_as_api_token_auth_fail_total: Token auth validation requests that failed
ntk_as_api_tokens_emitted_total: Number of issued authentication tokens
ntk_as_seats_issued_total: Total number of issued licensed seats
ntk_as_seats_total: Total number of available licensed seats
ntk_as_seat_destroy_count: Number of license seat removal events
ntk_as_seat_create_count: Number of license seat create events
ntk_as_http_duration_seconds_count: Request Request count of HTTP reqs, per endpoint
ntk_as_http_duration_seconds_sum: Time spent in HTTP reqs in seconds, per endpoint

To configure stats-agent plugin to use VRRP IP address use the following commands: 

# VRRP service must be configured on every node running stats-agent

# is the default internal bridge IP address, available on every node
ntk cfg set vrrp.track.generic.url ''

# Adjust IP address and select different priorities for each node
ntk cfg set  '{
      "prio": "100",
      "vrid": "54",
      "interface": "eth0",
      "address": "",
      "preempt": "off",
      "track": [
    }' --json-input

# Any VRRP config changes require restart
ntk vrrp restart 

After VRRP configuration instruct authentication server to publish stats to VRRP IP by setting STATS_HOST= and restarting service ("ntk as restart").