Перейти к содержимому

09 - Metrics, Alerting & Structured Logging

This document defines the observability strategy for the Admin Service, covering business metrics, technical metrics, alert thresholds, and structured logging specifications.


Metric NameDescriptionSourceAggregation
admin_registrations_totalTotal number of admin registration completionsAdminAuthServiceCounter (monotonic)
admin_logins_totalTotal number of successful admin loginsAdminAuthServiceCounter (monotonic)
admin_verification_codes_sentVerification codes dispatched, labeled by typeAdminAuthServiceCounter by type (register, login)
admin_verification_failuresFailed verification code attempts (wrong code, expired, not found)AdminAuthServiceCounter (monotonic)
admin_projects_soft_deletedTotal number of projects soft-deleted by adminsAdminProjectServiceCounter (monotonic)
admin_users_blockedTotal number of users blocked by adminsAdminUserServiceCounter (monotonic)
admin_users_unblockedTotal number of users unblocked by adminsAdminUserServiceCounter (monotonic)
admin_project_status_changesProject status transitions performed by adminsAdminProjectServiceCounter by from_status, to_status

Metric NameTypeLabelsDescription
http_request_duration_secondsHistogrammethod, route, statusLatency distribution of inbound HTTP requests
http_requests_totalCountermethod, route, statusTotal count of inbound HTTP requests
redis_operation_duration_secondsHistogramoperation (get, set, del)Latency distribution of Redis commands
email_send_duration_secondsHistogramtemplateLatency distribution of outbound SMTP email delivery
email_send_failures_totalCountertemplateTotal failed email send attempts
prisma_query_duration_secondsHistogrammodel, operationLatency distribution of Prisma ORM queries
jwt_token_generation_duration_secondsHistogramLatency distribution of JWT token signing operations

graph LR
AdminAuthService -->|admin_registrations_total| Prometheus
AdminAuthService -->|admin_logins_total| Prometheus
AdminAuthService -->|admin_verification_codes_sent| Prometheus
AdminAuthService -->|admin_verification_failures| Prometheus
AdminProjectService -->|admin_projects_soft_deleted| Prometheus
AdminProjectService -->|admin_project_status_changes| Prometheus
AdminUserService -->|admin_users_blocked| Prometheus
AdminUserService -->|admin_users_unblocked| Prometheus
RedisClientService -->|redis_operation_duration_seconds| Prometheus
EmailSenderService -->|email_send_duration_seconds| Prometheus
EmailSenderService -->|email_send_failures_total| Prometheus
HttpInterceptor -->|http_request_duration_seconds| Prometheus
HttpInterceptor -->|http_requests_total| Prometheus
PrismaMiddleware -->|prisma_query_duration_seconds| Prometheus
AdminAuthService -->|jwt_token_generation_duration_seconds| Prometheus

Alert NameConditionSeverityAction
HighVerificationFailureRaterate(admin_verification_failures[5m]) / rate(admin_verification_codes_sent[5m]) > 0.4WarningInvestigate potential brute-force attempts; review rate-limiting and cooldown configuration
EmailSendFailureSpikerate(email_send_failures_total[5m]) > 5CriticalCheck SMTP provider connectivity and credentials; verify email service health
SlowDBQuerieshistogram_quantile(0.95, prisma_query_duration_seconds) > 1.0WarningAnalyze slow query logs; review missing indexes and query plans
HighAdminAuthErrorRaterate(http_requests_total{route=~"/admin/auth/.*", status=~"4.."}[5m]) / rate(http_requests_total{route=~"/admin/auth/.*"}[5m]) > 0.5WarningReview authentication flow for misconfiguration; check for credential stuffing attacks
RedisConnectionFailureredis_up == 0 or rate(redis_operation_duration_seconds_count[1m]) == 0CriticalVerify Redis instance health; check network connectivity and restart if necessary

EventLog LevelFieldsWhen
admin.register.initiatedINFO{ email, domain }On incoming register request
admin.register.domain_rejectedWARN{ email, domain, allowedDomains }Email domain fails allowlist validation
admin.register.completedINFO{ userId, email }After successful registration and verification
admin.login.initiatedINFO{ email }On incoming login request
admin.login.blockedWARN{ userId, email }Blocked user attempts to log in
admin.verification.failedWARN{ email, reason }Verification code is invalid, expired, or not found
admin.project.soft_deletedINFO{ projectId, adminId }After a project is soft-deleted
admin.user.blockedINFO{ targetUserId, adminId }After a user is blocked
admin.user.unblockedINFO{ targetUserId, adminId }After a user is unblocked
admin.user.block_admin_rejectedWARN{ targetUserId, adminId }Attempt to block another admin is rejected

All log entries are emitted as structured JSON with the following base fields appended automatically: timestamp, correlationId, service: "admin-service".


sequenceDiagram
autonumber
participant Client
participant HttpInterceptor
participant Controller
participant Service
participant PrismaMiddleware
participant Database
participant RedisClientService
participant EmailSenderService
participant Prometheus
Client->>HttpInterceptor: HTTP Request
HttpInterceptor->>HttpInterceptor: Start timer for http_request_duration_seconds
HttpInterceptor->>Controller: Forward request
Controller->>Controller: Validate DTO
Controller->>Service: Call service method
Service->>Service: Emit structured log (e.g. admin.login.initiated)
Service->>PrismaMiddleware: Execute query
PrismaMiddleware->>PrismaMiddleware: Start timer for prisma_query_duration_seconds
PrismaMiddleware->>Database: SQL query
Database-->>PrismaMiddleware: Query result
PrismaMiddleware->>Prometheus: Record prisma_query_duration_seconds
PrismaMiddleware-->>Service: Return data
Service->>RedisClientService: Redis operation (get/set/del)
RedisClientService->>RedisClientService: Start timer for redis_operation_duration_seconds
RedisClientService-->>Service: Redis result
RedisClientService->>Prometheus: Record redis_operation_duration_seconds
Service->>EmailSenderService: Send verification email
EmailSenderService->>EmailSenderService: Start timer for email_send_duration_seconds
EmailSenderService-->>Service: Email sent / failure
EmailSenderService->>Prometheus: Record email_send_duration_seconds or email_send_failures_total
Service->>Prometheus: Increment business metric counter
Service->>Service: Emit structured log (e.g. admin.login.completed)
Service-->>Controller: Return result
Controller-->>HttpInterceptor: Response
HttpInterceptor->>Prometheus: Record http_request_duration_seconds and http_requests_total
HttpInterceptor-->>Client: HTTP Response