Performance and security alerts
At run time, the Pega Platform™ generates alerts for performance and security-related application issues. Alerts are text-based messages that serve as important notifications about the functioning of your system.
Performance alerts are generated when rule execution exceeds a performance threshold. Security alerts are generated when the security of a Pega Platform server is at risk. Analyze alerts to identify the root cause of a performance or security issue.
Performance issues are captured in the ALERT log and security issues are captured in the ALERTSECURITY log. You can access alerts from your session from the My Alerts display. You can access the My Alerts display in App Studio or Dev Studio from the Developer Toolbar > Issues. The My Alerts display shows performance alerts by default. Click Security Alerts to show security alerts.
The alert format provides information about the alert. You can determine whether the alert is performance or security related, the type of alert, the type of requestor (for example, a browser), and the activity or stream that triggered the alert from the alert format.
In the following image, click the + icons to learn more about the format of an alert.
The most frequently-generated alert is the PEGA0001 alert, which occurs when the elapsed time for an HTTP interaction time exceeds the threshold setting. This alert represents a single server interaction and can occur due to long-running calculations, waiting for database connections, or waiting for information from an external service.
This alert is typically a consequence of other alerts, as it encapsulates the entire time the browser needs to wait. A PEGA0001 alert may accompany one or more other alerts, such as a database connection alert. Fixing the accompanying alert or alerts generally resolves a PEGA0001 alert. By addressing the other alerts, such as DB Connections and Rule Assembly Time, you can reduce the frequency of this alert.
If your alert log contains a large number of PEGA0001 messages, a problem on the server might be causing a significant slowdown. Check the server for the underlying problem. If the alert message identifies an activity, the activity might take a long time to process. Use the PAL performance tool or Tracer to check which steps the activity is running.
The SECU0005 alert is generated when Pega Platform encounters a thread name in the URL of an HTTP request that does not already exist in the requestor and whose name contains invalid characters.
This alert allows you to identify potentially malicious scripts that have been inserted into the thread name portion of the URL so that you can research and correct the thread name or other issues as appropriate.
Modify your application to avoid creating thread names with invalid characters. Verify that the invalid character is safe to use from a security standpoint and it does not make your application vulnerable to cross-site scripting attacks. Add the character to the AdditionalValidCharactersInThreadNames setting.
Check your knowledge with the following interaction.