Monitoring

You can monitor your local or cloud-hosted OWASP Juice Shop instance using internally gathered metrics and visualize those on dashboards.

Challenge metrics in Grafana

Business metrics in Grafana

Technical metrics in Grafana

Prometheus Metrics

Juice Shop collects functional and technical metrics using a Prometheus client module. Its endpoint is publicly accessible and there is even a challenge asking you to "Find the endpoint that serves usage data to be scraped by a popular monitoring system".

To consume these metrics you need to set up a Prometheus server which is very straightforward:

  1. Install Prometheus on the machine that will monitor your Juice Shop instance
  2. Configure your Juice Shop instance as a scraping target in the prometheus.yml. A simple config example you can find below.
  3. Start your Prometheus server which by default runs on http://localhost:9090
  4. Check if your scraping endpoint shows "UP" as its state at http://localhost:9090/targets
scrape_configs:
  - job_name: 'juiceshop_local'
    scrape_interval: 30s
    scrape_timeout: 10s
    static_configs:
    - targets: ['localhost:3000']

You can create dashboards and alert rules in Prometheus itself, but if you want to have a fancy dashboard like the one in the screenshots above, you need a bit more visualization firepower.

Grafana Dashboard

This is where Grafana comes in. Juice Shop comes with a full-fledged JSON template that you can import as a new dashboard into your own Grafana installation. It consumes and displays all metrics gathered via Prometheus as seen in the screenshots above.

  1. Install Grafana (for ease-of-use, best use the machine you also have Prometheus running on)
  2. Start Grafana and visit it at http://localhost:3000 (ℹ️ Its default port is the same as Juice Shop's, so if you run both on the same machine, one needs to be moved to a different port.)
  3. Log in with admin/admin.
  4. Go to Configuration > Data Sources at http://localhost:3000/datasourcesand click Add data source
  5. Select Prometheus and in its configuration screen set http://localhost:9090 as the HTTP > URL. Clicking Save & Test will confirm if Grafana could find your Prometheus server.
  6. Now go to Dashboards > Manage at http://localhost:3000/dashboards
  7. Click Import and either upload or paste the contents of the monitoring/grafana-dashboard.json found in the Juice Shop's GitHub repository.
  8. Now visit the imported Juice Shop Instance Dashboard by clicking on its name to view it! Voilá!

ℹ️ The "Juice Shop Instance Dashboard" template was forked from the multi-instance dashboard of MultiJuicer, so if you need to run and subsequently monitor multiple Juice Shop instances, best take a look at MultiJuicer and our Trainer's guide.

results matching ""

    No results matching ""