Mulesoft AnypointMQ Configuration
Effortlessly integrate your enterprise systems by configuring the Nodinite Pickup Logging Service to fetch JSON Log Events directly from your Mulesoft AnypointMQ queues. This guide walks you through secure, scalable, and reliable log event collection, ensuring your business-critical data is always available for analysis and compliance.
- ✅ Seamless integration with Mulesoft AnypointMQ
- ✅ Secure and reliable Log Event collection
- ✅ Scalable setup for enterprise environments
- ✅ Long-term storage and compliance-ready
The diagram above illustrates how the Pickup Service interacts with AnypointMQ queues, processes messages, and stores them in the Nodinite Log Database. Invalid messages are routed to the Dead Letter Queue for further review.
Configuring Access to an Anypoint MQ Queue
To configure this card to fetch messages from an Anypoint MQ queue, click the AnypointMQ tab in the Remote Configuration.
- Enable the configuration by checking the Enabled box.
- Provide a clear Display Name and Description to identify the purpose.
- Enter your Username and Password or enable Use Connected App for OAuth-based access.
- If using OAuth, fill in Client ID and Client Secret.
- Specify the Queue name you want to consume messages from.
- (Optional) Set a Dead Letter Queue to capture failed messages.
- Adjust the Active Consumers value to control the number of concurrent consumers.
- (Optional) Enable Protected, Is EU Panel, or Use Configuration DB based on your security and data location needs.
Once configured, the system will start polling the queue and logging events according to your settings.
AnypointMQs
The AnypointMQs section lets you manage all Mulesoft AnypointMQ sources for your log events.
In the Remote Configuration GUI, navigate to the AnypointMQs tab. Here, you can add, edit, or remove AnypointMQ queue configurations. Each configuration defines how the Nodinite Pickup Log Events Logging Service connects to and processes messages from a specific AnypointMQ queue.
Example of the AnypointMQ configuration tab in the Remote Configuration GUI.
Click the Add button to create a new AnypointMQ configuration. Fill in the required fields, such as connection credentials, queue name, and consumer settings. You can also specify a Dead Letter Queue for handling invalid messages.
Example of an AnypointMQ configuration accordion in the Remote Configuration GUI.
Expand the accordion for each AnypointMQ configuration to access advanced settings, including Replace Rules for message processing. These rules allow you to modify message content before it's stored in Nodinite, ensuring consistency and compliance with your logging standards.
General tab
The General tab provides the fundamental settings for your AnypointMQ configuration within the Remote Configuration GUI.
The General tab contains basic settings for the AnypointMQ configuration, including enabling/disabling the configuration and providing descriptive information.
Key Fields:
| Field | Description | Required | Notes |
|---|---|---|---|
| Enabled | Checkbox to activate or deactivate this AnypointMQ configuration | No | When unchecked, the Pickup Service will skip this configuration |
| Display Name | User-friendly name for this AnypointMQ source configuration | Yes | Used in the GUI and logs for easy identification |
| Description | Optional detailed description of the AnypointMQ configuration | No | Helps document the purpose and details of this specific queue setup |
Guidelines:
- Use descriptive names that clearly indicate the AnypointMQ queue purpose (e.g., "Production AnypointMQ - Order Events")
- In the Description field, note important details such as the queue's business purpose, owner contact, or any special processing notes
- The Display Name appears throughout the Nodinite interface, so keep it concise yet meaningful
- Leave the configuration disabled during initial setup if you're not ready to start consuming messages
Source tab
The Source tab contains the queue settings and consumer configuration required to consume messages from your AnypointMQ queue.
The Source tab contains settings for connecting to the AnypointMQ queue and configuring consumer options.
Key Fields:
| Field | Description | Required | Notes |
|---|---|---|---|
| Queue | Name of the AnypointMQ queue to fetch messages from | Yes | The queue must exist in your Mulesoft environment and contain JSON Log Events |
| Dead Letter Queue | Queue name where failed or invalid messages are automatically moved | Yes | Use a unique DLQ per source for easier troubleshooting and monitoring |
| Active Consumers | Number of parallel consumers processing messages | No | Value between 1-10; default is 3. Higher values increase throughput but consume more resources |
| Use EU Panel | Enables EU control plane for AnypointMQ | No | When checked, ensures data and operations comply with EU data residency requirements |
Guidelines for Active Consumers:
- Low value (1-2): Use for low message volumes or when you want to minimize resource usage and avoid overwhelming downstream systems
- Medium value (3-5): Recommended for most production environments; balances throughput and resource consumption
- High value (6-10): Use for high message volumes when your infrastructure can handle parallel consumption and needs faster processing
- Test different values to find the optimal balance for your message volume and system resources
Guidelines:
- Ensure the specified Queue exists in your Mulesoft AnypointMQ environment before enabling this configuration
- Use a descriptive Queue name that reflects the type of events it contains (e.g.,
Order.Events.Log,Integration.Errors) - Always configure a Dead Letter Queue to capture and review invalid or unparseable messages
- For EU-based organizations or those with EU data residency requirements, check the Use EU Panel option
Destination tab
The Destination tab configures where processed log events are stored. By default, events are sent to the Nodinite Log API where they are written to the Log Database for long-term storage and analysis.
The Destination tab contains settings for connecting to the Log API and authentication options.
Key Fields:
| Field | Description | Required | Notes |
|---|---|---|---|
| Use Log API | Checkbox to enable sending events to the Log API | Yes | When checked, processed events are written to the Log Database through the Log API |
| Log API Base URL | Base URL for your Log API instance | Yes | Example: http://{host}:{port}/LogAPI/ |
| Protected | Checkbox to enable OAuth 2.0 authentication | No | Check this if you are using an authenticated Log API |
| Client ID | Public identifier for your application (issued by IDP) | Conditional | Required when Protected is checked |
| Client Secret | Confidential key for application authentication | Conditional | Required when Protected is checked; keep this secure |
| Scope | Space-separated list of access permissions | Conditional | Required when Protected is checked (e.g., read write) |
| IDP Token Endpoint | URL where authentication requests are sent | Conditional | Required when Protected is checked; this is where the client obtains access tokens |
Guidelines:
- Always ensure Use Log API is checked to maintain proper log event storage
- For local/development environments, use unprotected Log API URLs (e.g.,
http://localhost:40002/LogAPI/) - For production environments with authentication, check the Protected checkbox and provide valid OAuth 2.0 credentials
- When using Protected authentication, ensure your Client ID, Client Secret, and Scope are correctly configured with your identity provider (IDP)
- The IDP Token Endpoint must be accessible from the Pickup Service instance
- Keep Client Secret values secure and never commit them to version control
Example Configurations:
- Unprotected:
http://localhost:40002/LogAPI/(Protected checkbox unchecked) - Protected:
https://mynodinite.acme.com:40002/LogAPI/Requires Client ID, Client Secret, Scope, and IDP Token Endpoint configured with your OAuth provider
Example of the Destination tab with Protected authentication enabled.
Authentication tab
The Authentication tab contains the credentials required to connect to and authenticate with your AnypointMQ environment. AnypointMQ supports both basic authentication (username/password) and OAuth 2.0 client credentials authentication.
![Authentication Tab][7]
The Authentication tab contains settings for connecting to AnypointMQ, including authentication options.
Key Fields:
| Field | Description | Required | Notes |
|---|---|---|---|
| Username | AnypointMQ account username | Conditional | Required when not using "Use Connected App"; the account must have permission to consume from the specified queue |
| Password | AnypointMQ account password | Conditional | Required when not using "Use Connected App"; kept secure in the configuration |
| Use Connected App | Checkbox to enable OAuth 2.0 client credentials | No | When checked, authentication uses Client ID and Client Secret instead of username/password |
| Client ID | OAuth client identifier | Conditional | Required when "Use Connected App" is checked; issued by Mulesoft identity provider |
| Client Secret | OAuth client secret | Conditional | Required when "Use Connected App" is checked; the confidential key for authentication |
Guidelines for Basic Authentication (Username/Password):
- Create dedicated service accounts for each AnypointMQ queue to improve security and auditability
- Use strong, unique passwords that meet your organization's security standards
- Regularly rotate credentials and monitor access logs for unauthorized connection attempts
- Ensure the account has minimal required permissions—only access to the specific queues needed for log event collection
- Document which accounts are used for which queues for compliance and troubleshooting
- Keep credentials secure and never commit them to version control systems
Guidelines for OAuth Authentication (Use Connected App):
- Use OAuth/Connected App authentication for enhanced security and to avoid storing passwords
- Ensure your Mulesoft organization has OAuth configured and a Connected App created
- Keep Client Secret values secure and regenerate them periodically
- Use appropriate OAuth scopes that grant only the necessary permissions
- Document which Connected Apps are used for which configurations
Security Best Practices:
- Use separate credentials for development, staging, and production environments
- Implement access controls and audit logs on your Mulesoft organization
- Regularly review access permissions and remove unused accounts or apps
- Consider using a secrets management system to store and rotate credentials
- Monitor failed authentication attempts to detect potential security issues
Replace Rules
Read about Replace Rules in the shared configuration section. Replace Rules allow you to modify message content before it's stored in Nodinite, ensuring consistency and compliance with your logging standards.
The Replace Rules tab allows you to configure rules for modifying message content.
AnypointMQs (versions <7.1.x)
Note
This section applies to versions <7.1.x. Later versions include a Remote Configuration feature that allows configuration via the Nodinite web interface (Web Client).
The AnypointMQs section lets you manage all Mulesoft AnypointMQ sources for your log events.
You configure these sources in the Settings.json file, which uses JSON format. The default path is:
C:\Program Files\Nodinite\Logging Agent - Pickup Service\Settings.json
{
...
"AnypointMQs": [
{
"Enabled": true,
"LogAPI": "http://localhost/Nodinite/Dev/LogAPI/",
"UseConfigurationDatabase": false,
"ConfigurationDatabaseConnectionString": null,
"ActiveConsumers": 1,
"Username": "nodinite-reader",
"Password":"1337",
"Environment": "prod",
"EnvironmentId" : "f7a16b7b-1337-4cb5-93ba-1e5289f707ec",
"OrganizationId": "75ec82b6-f930-4ea2-1337-7c56ee24c9d3",
"UseConnectedApp": true,
"IsEuPanel": false,
"ClientId": "9186414a9dc4dfc94c4ccf670d25e4e",
"ClientSecret": "replaceme",
"RegionId": "eu-west-1",
"Queue": "LogEvents",
"DeadLetterQueue": "LogEvents.dlq",
"ReplaceRules": [
{
"Name": "Fix Endpoint real customer id to {customerId}",
"ReplaceName": false,
"ReplaceUri": true,
"Pattern": "/([0-9]{4,})$",
"Group1Value": "{customerId}"
}]
}]
...
}
AnypointMQs is an array of AnypointMQ queue configurations. Each entry defines how the Log Agent connects to and processes messages from a specific AnypointMQ queue. This setup ensures your Nodinite JSON Log Events are reliably collected and managed.
| Property | Description | Value Example | Comment |
|---|---|---|---|
| ActiveConsumers | Number of threads to run | 1 | Currently limited to 1 thread |
| Username | The name of the user to log on with | nodinite-reader | |
| Password | Password for user | 1337 | |
| Environment | The name of the environment | Test | |
| EnvironmentId | Identifier for environment | f7a16b7b-1337-4cb5-93ba-1e5289f707ec | Guid |
| OrganizationId | Identifier for organization | 65ec82b6-f930-4ea2-1337-7c56ee24c9d3 | Guid |
| RegionId | Name of region | eu-west-1 | According to your run-time |
| UseConnectedApp | Flag to use Connected App | true or false |
True when ClientId and ClientSecret is set |
| IsEuPanel | True when using EU control plane | true or false |
|
| ClientId | ClientId when using Connected App option | 9186414a9dc4dfc94c4ccf670d25e4e | |
| ClientSecret | ClientSecret when using Connected App option | replaceme | |
| Queue | Name of the queue with JSON Log Events | Nodinite-LogEvents | |
| DeadLetterQueue | Name of queue for invalid Log Events | Nodinite-LogEvents.DLQ | |
| Enabled | See the Shared Configuration section for more info | ||
| LogAPI | See the Shared Configuration section for more info | ||
| UseConfigurationDatabase | See the Shared Configuration section for more info | ||
| ConfigurationDatabaseConnectionString | See the Shared Configuration section for more info | ||
| ReplaceRules | See the shared Replace Rules section for more info |
Important
You must restart the Nodinite Pickup Logging Service for configuration changes to take effect.