- 0 minutes to read

Release Notes

Apache ActiveMQ Configuration Example

Unlock seamless log event integration by configuring the Nodinite Pickup Log Events Logging Service to fetch JSON Log Events directly from your Apache ActiveMQ queues. This page will help you get started quickly and avoid common pitfalls.

✅ Set up secure, reliable log event collection from ActiveMQ queues
✅ Route invalid messages to Dead Letter Queues for compliance and troubleshooting
✅ Leverage JSON and Replace Rules for advanced message processing
✅ Ensure long-term storage and easy retrieval of log data in Nodinite

Whether you're new to Nodinite or an experienced administrator, configuring ActiveMQ integration is straightforward. Begin by identifying the queues you want to collect log events from and ensure you have the necessary access credentials. The Pickup Service will automatically process messages, route invalid ones to the Dead Letter Queue, and store valid events for long-term analysis.

Tip

For best results, start with a single queue and verify your setup before scaling to multiple queues. Always use strong credentials and keep your configuration file secure.

graph TD subgraph "ActiveMQ" roS(" Queue") roBO(" Dead Letter Queue") end subgraph "Nodinite instance" roPS(" Pickup Service") roPS -.->|Bad/invalid messages| roBO roS --> roPS roPS --> |Long term storage|roDB(" Log Database") end style roS fill:#87CEEB style roBO fill:#FF6B6B style roPS fill:#90EE90 style roDB fill:#90EE90

Diagram: Apache ActiveMQ integration showing message flow from queue to Pickup Service, with color-coded components (blue=queue, green=healthy/active services, red=dead letter queue for failed messages). Invalid messages are routed to the Dead Letter Queue for review.

Security and Account Management

Before configuring your ActiveMQ integration, understand how credentials and access control work. Each ActiveMQ configuration requires a login, and you can use different accounts for different brokers or assign unique credentials to individual queues. This flexibility allows you to tailor access rights and improve security across your integration landscape.

Key Security Principles:

  • ✅ Using separate accounts for each broker or queue helps limit access and reduce risk
  • ✅ Credentials can be managed independently for compliance and auditing
  • ✅ Improved security by isolating sensitive data and operations

Best Practices to Implement:

  • Create dedicated service accounts for each queue or broker (not shared accounts)
  • Use strong, unique passwords that meet your organization's security standards
  • Never use default credentials (e.g., admin/admin or system/manager) in production environments
  • Avoid embedding credentials in version control or documentation
  • Regularly rotate credentials and monitor access logs for unauthorized connection attempts
  • Ensure accounts have minimal required permissions—only access to the specific queues needed for log event collection
  • Document which accounts are used for which brokers/queues for compliance and troubleshooting
  • Use separate credentials for development, staging, and production environments
  • Implement account lockout policies and failed login attempt monitoring on your ActiveMQ broker
  • Regularly review access permissions and remove unused accounts
  • Use a secrets management system to store and rotate broker credentials

These principles apply whether you're configuring via the GUI (Remote Configuration) or the older configuration file method described below.

ActiveMQs

The ActiveMQs section lets you manage all Apache ActiveMQ sources for your log events.

In the Remote Configuration GUI, navigate to the ActiveMQs tab. Here, you can add, edit, or remove ActiveMQ queue configurations. Each configuration defines how the Nodinite Pickup Log Events Logging Service connects to and processes messages from a specific ActiveMQ queue.

ActiveMQ Configuration Tab
Example of the ActiveMQ configuration tab in the Remote Configuration GUI.

Click the Add button to create a new ActiveMQ configuration. Fill in the required fields, such as connection string, queue name, and credentials. You can also specify a Dead Letter Queue for handling invalid messages.

ActiveMQ Configuration Accordion
Example of an ActiveMQ configuration accordion in the Remote Configuration GUI.

Expand the accordion for each ActiveMQ configuration to access advanced settings, including Replace Rules for message processing. These rules allow you to modify message content before it's stored in Nodinite, ensuring consistency and compliance with your logging standards.

General tab

The General tab provides the fundamental settings for your ActiveMQ configuration within the Remote Configuration GUI.
General Tab
The General tab allows you to enable/disable the configuration and provide a display name and description.

The following key fields are required:

Field Description Required Notes
Enabled Checkbox to activate or deactivate this ActiveMQ configuration No When unchecked, the Pickup Service will skip this configuration
Display Name User-friendly name for this ActiveMQ source configuration Yes Used in the GUI and logs for easy identification
Description Optional detailed description of the ActiveMQ configuration No Helps document the purpose and details of this specific queue setup

Follow these guidelines when setting up the General tab:

  • Use descriptive names that clearly indicate the ActiveMQ broker and queue purpose (e.g., "Production ActiveMQ - Order Events")
  • In the Description field, note important details such as the queue's business purpose, owner contact, or any special processing notes
  • The Display Name appears throughout the Nodinite interface, so keep it concise yet meaningful
  • Leave the configuration disabled during initial setup if you're not ready to start consuming messages

Source tab

The Source tab contains the connection and queue settings required to establish communication with your ActiveMQ broker and specify which queues to retrieve log events from.
Source Tab
The Source tab allows you to configure connection details, queue names, and Dead Letter Queue settings.

The following key fields must be configured:

Field Description Required Notes
Broker URI URI used to connect to your ActiveMQ broker Yes Supports plain (tcp://host:port) and failover connections for high availability setups
Queue Name of the ActiveMQ queue to fetch messages from Yes The queue must exist on the broker and contain JSON Log Events
Dead Letter Queue Queue name where failed or invalid messages are automatically moved Yes Use a unique DLQ per source for easier troubleshooting and monitoring

Use one of these broker URI examples:

  • Single broker (plain): tcp://127.0.0.1:61616
  • Failover setup: failover:(tcp://broker1:61616,tcp://broker2:61616)?randomize=false&timeout=1000&startupMaxReconnectAttempts=2&maxReconnectDelay=2000

Follow these guidelines when configuring the Source tab:

  • Ensure the specified Queue exists on the ActiveMQ broker before enabling this configuration
  • Use a descriptive Queue name that reflects the type of events it contains (e.g., Order.Events.Log, Integration.Errors)
  • Always configure a Dead Letter Queue to capture and review invalid or unparseable messages
  • For production environments, use failover URIs to ensure high availability
  • Test the connection with a single queue before scaling to multiple ActiveMQ sources

Destination tab

The Destination tab configures where processed log events are stored. By default, events are sent to the Nodinite Log API where they are written to the Log Database for long-term storage and analysis.
Destination Tab - Unprotected
The Destination tab allows you to configure the Log API endpoint and authentication settings.

Destination Tab - Protected
The Destination tab with Protected authentication enabled.

The following key fields control log API destination settings:

Field Description Required Notes
Use Log API Checkbox to enable sending events to the Log API Yes When checked, processed events are written to the Log Database through the Log API
Log API Base URL Base URL for your Log API instance Yes Example: http://{host}:{port}/LogAPI/
Protected Checkbox to enable OAuth 2.0 authentication No Check this if you are using an authenticated Log API
Client ID Public identifier for your application (issued by IDP) Conditional Required when Protected is checked
Client Secret Confidential key for application authentication Conditional Required when Protected is checked; keep this secure
Scope Space-separated list of access permissions Conditional Required when Protected is checked (e.g., read write)
IDP Token Endpoint URL where authentication requests are sent Conditional Required when Protected is checked; this is where the client obtains access tokens

Follow these guidelines when configuring the Destination tab:

  • Always ensure Use Log API is checked to maintain proper log event storage
  • For local/development environments, use unprotected Log API URLs (e.g., http://localhost:40002/LogAPI/)
  • For production environments with authentication, check the Protected checkbox and provide valid OAuth 2.0 credentials
  • When using Protected authentication, ensure your Client ID, Client Secret, and Scope are correctly configured with your identity provider (IDP)
  • The IDP Token Endpoint must be accessible from the Pickup Service instance
  • Keep Client Secret values secure and never commit them to version control

Here are example Destination tab configurations:

  • Unprotected: http://localhost:40002/LogAPI/ (Protected checkbox unchecked)
  • Protected: https://mynodinite.acme.com:40002/LogAPI/ Requires Client ID, Client Secret, Scope, and IDP Token Endpoint configured with your OAuth provider

Authentication tab

The Authentication tab contains the credentials required to connect to and authenticate with your ActiveMQ broker. These credentials ensure only authorized access to your message queues.
Authentication Tab
The Authentication tab allows you to configure the username and password for ActiveMQ access.

The following key fields are required for authentication:

Field Description Required Notes
Username ActiveMQ broker username Yes The account must have permission to consume messages from the specified queue
Password ActiveMQ broker password Yes The password associated with the username; kept secure in the configuration

Follow these guidelines for authentication configuration:

  • Create dedicated service accounts for each ActiveMQ broker or queue to improve security and auditability
  • Use strong, unique passwords that meet your organization's security standards
  • Regularly rotate credentials and monitor access logs for unauthorized connection attempts
  • Avoid using default credentials (e.g., admin/admin or system/manager) in production environments
  • Ensure the account has minimal required permissions—only access to the specific queues needed for log event collection
  • Document which accounts are used for which brokers/queues for compliance and troubleshooting
  • Keep credentials secure and never commit them to version control systems

Implement these security best practices:

  • Use separate credentials for development, staging, and production environments
  • Implement account lockout policies and failed login attempt monitoring on your ActiveMQ broker
  • Regularly review access permissions and remove unused accounts
  • Consider using a secrets management system to store and rotate broker credentials

Replace rules

Read about Replace Rules in the shared configuration section. Replace Rules allow you to modify message content before it's stored in Nodinite, ensuring consistency and compliance with your logging standards. Replace Rules Tab
The Replace Rules tab allows you to configure rules for modifying message content.

Configuration file

Note

This section applies for older versions (<7.1.x) of the Nodinite Pickup Log Events Logging Service.

You configure these sources in the Settings.json file, which uses JSON format. The default path is:

C:\Program Files\Nodinite\Logging Agent - Pickup Service\Settings.json

{
  ...

  "ActiveMQs": [
    {
      "Enabled": true,
      "LogApi": "https://localhost/Nodinite/Dev/LogAPI/",
      "UseConfigurationDatabase": false,
      "ConfigurationDatabaseConnectionString": null,
      "ActiveConsumers": 4,
      "ConnectionString": "tcp://127.0.0.1:61616",
      "Username": "system",
      "Password": "manager",
      "Queue": "Nodinite.LogAgent.PickupService.Test",
      "DeadLetterQueue": "Nodinite.LogAgent.PickupService.Test.DLQ",
      "ReplaceRules": [
        {
          "Name": "Fix Endpoint real customer id to {customerId}",
          "ReplaceName": false,
          "ReplaceUri": true,
          "Pattern": "/([0-9]{4,})$",
          "Group1Value": "{customerId}"
        }
      ]
    }
  ]
  ...                      
}

ActiveMQs is an array of ActiveMQ queue configurations. Each entry defines how the Log Agent connects to and processes messages from a specific ActiveMQ queue. This setup ensures your Nodinite JSON Log Events are reliably collected and managed.

Tip

  • Use a unique Dead Letter Queue for each configured queue to simplify troubleshooting.
  • Adjust the number of consumers (ActiveConsumers) based on your expected message volume.
  • Use Replace Rules to standardize and enrich log data for downstream analysis.
  • Always restart the Pickup Service after making changes to your configuration.
Property Description Value Example Comment
ActiveConsumers Number of consumers the agent uses to collect messages 1-n A positive integer between 1 and 4 is recommended
ConnectionString Connection string to the ActiveMQ server (can be a fail-over address) tcp://127.0.0.1:61616 or failover:(tcp://127.0.0.1:61616,tcp://host2:61616)?randomize=false&timeout=1000&startupMaxReconnectAttempts=2&maxReconnectDelay=2000
Username Username for ActiveMQ access system
Password Password for the user manager
Queue Name of the ActiveMQ Queue to pick up JSON Log Event from
DeadLetterQueue Name of the Dead Letter Queue for invalid or failed events
Enabled See the Shared Configuration section for more info
LogAPI See the Shared Configuration section for more info
UseConfigurationDatabase See the Shared Configuration section for more info
ConfigurationDatabaseConnectionString See the Shared Configuration section for more info
ReplaceRules See the shared Replace Rules section for more info

Important

When you are done editing the configuration, you must restart the Nodinite Pickup Logging Service for configuration changes to take effect.

Next Step