Versions Compared

Old Version 1

changes.mady.by.user Juan Tomás Alonso Nieto (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Accepted authentication methods

Authentication method

Customer ID

Client ID

Client secret

Service Account Credentials

Status
colourGreen
titleREQUIRED

Status
colourGreen
titleREQUIRED

Status
colourGreen
titleREQUIRED

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

<any_directory> └── devo-collectors/ └── <product_name>/ ├── certs/ │ ├── chain.crt │ ├── <your_domain>.key
Rw ui tabs macro
│ └── <your_domain>.crt
Rw tab
titleOn-premise collector

This data collector can be run in any machine that has the Docker service available because it should be executed as a docker container. The following sections explain how to prepare all the required setup for having the data collector running.

Structure

The following directory structure should be created for being used when running the collector:

Code Block
Cloud collector

We use a piece of software called Collector Server to host and manage all our available collectors.

To enable the collector for a customer:

  1. In the Collector Server GUI, access the domain in which you want this instance to be created

  2. Click Add Collector and find the one you wish to add.

  3. In the Version field, select the latest value.

  4. In the Collector Name field, set the value you prefer (this name must be unique inside the same Collector Server domain).

  5. In the sending method select Direct Send. Direct Send configuration is optional for collectors that create Table events, but mandatory for those that create Lookups.

  6. In the Parameters section, establish the Collector Parameters as follows below:

Code Block
{
  "global_overrides": {
    "debug": false
  },
  "inputs": {
    "google_workspace_logs_in_bigquery": {
       ├── state/"id": "<short_unique_id>",
      "enabled": true,
 └── config/      "credentials": {
        "service_account_info": "<service_account_info_value>"
  └── config.yaml
Note

Replace <product_name> with the proper value.

Devo credentials

In Devo, go to Administration → Credentials → X.509 Certificates, download the Certificate, Private key and Chain CA and save them in <product_name>/certs/. Learn more about security credentials in Devo here.

image-20240624-105853.pngImage Removed
Note

Replace <product_name> with the proper value.

Editing the config.yaml file

Code Block
globals:
  debug: false
  id: <collector_id_value>
  name: <collector_name_value>
  persistence:
    type: filesystem
    config:
      directory_name: state
outputs:
  devo_us_1:
    type: devo_platform
    config:
      address: <devo_address>
      port: 443
      type: SSL   },
      "dataset_id": "<dataset_id_value>",
      "environment": "<environment_value>",
      "services": {
        "activity_records": {
          "request_period_in_seconds": "<request_period_in_seconds_value>",
          "start_time_in_utc": "<start_time_in_utc_value>",
          "include_record_types": "<include_record_type_values>",
       chain: <chain_filename>  "exclude_record_types": "<exclude_record_type_values>",
   cert: <cert_filename>       key"override_tag": <key_filename>
inputs:"<override_tag_value>",
   google_workspace_logs_in_bigquery:     id: <short_unique_id>
    enabled: true
    credentials:
      service_account_info: <service_account_info_value>
    dataset_id: <dataset_id_value> "override_table_id": "<override_table_id_value>"
    environment: <environment_value>   }
 services:       activity_records:}
    }
   request_period_in_seconds: <request_period_in_seconds_value>
        start_time_in_utc: <start_time_in_utc_value>
        include_record_types: <include_record_type_values>
        exclude_record_types: <exclude_record_type_values>
        override_tag: <override_tag_value>
        override_table_id: <override_table_id_value>
Info

All defined service entities will be executed by the collector. If you do not want to run any of them, just remove the entity from the services object.

Replace the placeholders with your required values following the description table below:

Parameter

Data type

Requirement

Value range / Format

Description

short_unique_id

str

Mandatory

Min length: 1, Max length: 5

Short, unique ID for input service, used in persistence addressing. Avoid duplicates to prevent collisions.

service_account_info

json

Mandatory

Min length: 1

The service account credential info. This is a JSON block downloadable from Google upon creating a service account credential. The service account must have read access to the BigQuery dataset that stores the activity records.

environment_value
}
}

The following table outlines the parameters available for configuring the collector. Each parameter is categorized by its necessity (mandatory or optional), data type, acceptable values or formats, and a brief description.

Parameter

Data type

Requirement

Value range / Format

Description

short_unique_id

str

Mandatory

Min length: 1, Max length: 5

Short, unique ID for input service, used in persistence addressing. Avoid duplicates to prevent collisions.

service_account_info

json

Mandatory

Min length: 1

The service account credential info. This is a JSON block downloadable from Google upon creating a service account credential. The service account must have read access to the BigQuery dataset that stores the activity records.

environment_value

str

Optional

Min length: 1

Differentiates environments (e.g., dev, prod). Remove if unused.

dataset_id

str

Optional

Min length: 1

The BigQuery dataset ID that contains the activity data.

request_period_in_seconds_value

int

Optional

Min: 60

Custom period in seconds between data pulls, overriding default (300s).

start_time_in_utc_value

str

Optional

UTC datetime format: %Y-%m-%dT%H-%M-%SZ

Custom start date for data retrieval, for historical data download. Remove if unused.

include_record_types

list

Optional

List of strings. E.g. ["gmail", "login"]

If specified, the service will fetch only those record types defined in the list. The record types are present in the record_type field in the BigQuery table.

exclude_record_types

list

Optional

List of strings. E.g. ["gmail", "login"]

If specified, the service will exclude the record types defined in the list. The record types are present in the record_type field in the BigQuery table.

override_tag

str

Optional

Min length: 1

Differentiates environments (e.g., dev, prod). Remove if unused.

dataset

An optional tag to override the default tag for the Devo table.

override_table_id

str

Optional

Min length: 1

The BigQuery dataset ID that contains the activity data.

request_period_in_seconds_value

int

Optional

Min: 60

Custom period in seconds between data pulls, overriding default (300s).

start_time_in_utc_value

str

Optional

UTC datetime format: %Y-%m-%dT%H-%M-%SZ

Custom start date for data retrieval, for historical data download. Remove if unused.

include_record_types

list

Optional

List of strings. E.g. ["gmail", "login"]

If specified, the service will fetch only those record types defined in the list. The record types are present in the record_type field in the BigQuery table.

exclude_record_types

list

Optional

List of strings. E.g. ["gmail", "login"]

If specified, the service will exclude the record types defined in the list. The record types are present in the record_type field in the BigQuery table.

override_tag

str

Optional

Min length: 1

An optional tag to override the default tag for the Devo table.

override_table_id

str

Optional

Min length: 1

An optional override to support users whose activity data is stored in a table other than activity.

Info

Parameters marked as "Mandatory" are required for the collector's configuration. Optional parameters can be omitted or removed if not used, but they provide additional customization and control over the collector's behavior.

Download the Docker image

The collector should be deployed as a Docker container. Download the Docker image of the collector as a .tgz file by clicking the link in the following table:

Collector Docker image

SHA-256 hash

collector-google_workspace_logs_in_bigquery-docker-image-1.0.0

37f402945ba2fbb8385d9a8c010e676802a0b55687b21eed5753e9ffc7dce9e3

Use the following command to add the Docker image to the system:

Code Block
gunzip -c <image_file>-<version>.tgz | docker load
Note

Once the Docker image is imported, it will show the real name of the Docker image (including version info). Replace <image_file> and <version> with a proper value.

The Docker image can be deployed on the following services:

Docker

Execute the following command on the root directory <any_directory>/devo-collectors/<product_name>/

Code Block
docker run 
--name collector-<product_name> 
--volume $PWD/certs:/devo-collector/certs 
--volume $PWD/config:/devo-collector/config 
--volume $PWD/state:/devo-collector/state 
--env CONFIG_FILE=config.yaml 
--rm 
--interactive 
--tty 
<image_name>:<version>
Note

Replace <product_name>, <image_name> and <version> with the proper values.

Docker Compose

The following Docker Compose file can be used to execute the Docker container. It must be created in the <any_directory>/devo-collectors/<product_name>/ directory.

Code Block
version: '3'
services:
  collector-<product_name>:
    image: <image_name>:${IMAGE_VERSION:-latest}
    container_name: collector-<product_name>
    volumes:
      - ./certs:/devo-collector/certs
      - ./config:/devo-collector/config
      - ./credentials:/devo-collector/credentials
      - ./state:/devo-collector/state
    environment:
      - CONFIG_FILE=${CONFIG_FILE:-config.yaml}

To run the container using docker-compose, execute the following command from the <any_directory>/devo-collectors/<product_name>/ directory:

Code Block
IMAGE_VERSION=<version> docker-compose up -d
Note

Replace <product_name>, <image_name> and <version> with the proper values.

Rw tab
titleCloud collector

We use a piece of software called Collector Server to host and manage all our available collectors.

To enable the collector for a customer:

  1. In the Collector Server GUI, access the domain in which you want this instance to be created

  2. Click Add Collector and find the one you wish to add.

  3. In the Version field, select the latest value.

  4. In the Collector Name field, set the value you prefer (this name must be unique inside the same Collector Server domain).

  5. In the sending method select Direct Send. Direct Send configuration is optional for collectors that create Table events, but mandatory for those that create Lookups.

  6. In the Parameters section, establish the Collector Parameters as follows below:

Code Block
{
  "global_overrides": {
    "debug": false
  },
  "inputs": {
    "google_workspace_logs_in_bigquery": {
      "id": "<short_unique_id>",
      "enabled": true,
      "credentials": {
        "service_account_info": "<service_account_info_value>"
      },
      "dataset_id": "<dataset_id_value>",
      "environment": "<environment_value>",
      "services": {
        "activity_records": {
          "request_period_in_seconds": "<request_period_in_seconds_value>",
          "start_time_in_utc": "<start_time_in_utc_value>",
          "include_record_types": "<include_record_type_values>",
          "exclude_record_types": "<exclude_record_type_values>",
          "override_tag": "<override_tag_value>",
          "override_table_id": "<override_table_id_value>"
        }
      }
    }
  }
}

The following table outlines the parameters available for configuring the collector. Each parameter is categorized by its necessity (mandatory or optional), data type, acceptable values or formats, and a brief description.

Parameter

Data type

Requirement

Value range / Format

Description

short_unique_id

str

Mandatory

Min length: 1, Max length: 5

Short, unique ID for input service, used in persistence addressing. Avoid duplicates to prevent collisions.

service_account_info

json

Mandatory

Min length: 1

The service account credential info. This is a JSON block downloadable from Google upon creating a service account credential. The service account must have read access to the BigQuery dataset that stores the activity records.

environment_value

str

Optional

Min length: 1

Differentiates environments (e.g., dev, prod). Remove if unused.

dataset_id

str

Optional

Min length: 1

The BigQuery dataset ID that contains the activity data.

request_period_in_seconds_value

int

Optional

Min: 60

Custom period in seconds between data pulls, overriding default (300s).

start_time_in_utc_value

str

Optional

UTC datetime format: %Y-%m-%dT%H-%M-%SZ

Custom start date for data retrieval, for historical data download. Remove if unused.

include_record_types

list

Optional

List of strings. E.g. ["gmail", "login"]

If specified, the service will fetch only those record types defined in the list. The record types are present in the record_type field in the BigQuery table.

exclude_record_types

list

Optional

List of strings. E.g. ["gmail", "login"]

If specified, the service will exclude the record types defined in the list. The record types are present in the record_type field in the BigQuery table.

override_tag

str

Optional

Min length: 1

An optional tag to override the default tag for the Devo table.

override_table_id

str

Optional

Min length: 1

An optional override to support users whose activity data is stored in a table other than activity.

InfoParameters marked as "Mandatory" are required for the collector's configuration. Optional parameters can be omitted or removed if not used, but they provide additional customization and control over the collector's behavior

An optional override to support users whose activity data is stored in a table other than activity.

Info

Parameters marked as "Mandatory" are required for the collector's configuration. Optional parameters can be omitted or removed if not used, but they provide additional customization and control over the collector's behavior.

Rw tab
titleOn-premise collector

This data collector can be run in any machine that has the Docker service available because it should be executed as a docker container. The following sections explain how to prepare all the required setup for having the data collector running.

Structure

The following directory structure should be created for being used when running the collector:

Code Block
<any_directory>
└── devo-collectors/
    └── <product_name>/
        ├── certs/
        │   ├── chain.crt
        │   ├── <your_domain>.key
        │   └── <your_domain>.crt
        ├── state/
        └── config/ 
            └── config.yaml
Note

Replace <product_name> with the proper value.

Devo credentials

In Devo, go to Administration → Credentials → X.509 Certificates, download the Certificate, Private key and Chain CA and save them in <product_name>/certs/. Learn more about security credentials in Devo here.

image-20240624-105853.pngImage Added
Note

Replace <product_name> with the proper value.

Editing the config.yaml file

Code Block
globals:
  debug: false
  id: <collector_id_value>
  name: <collector_name_value>
  persistence:
    type: filesystem
    config:
      directory_name: state
outputs:
  devo_us_1:
    type: devo_platform
    config:
      address: <devo_address>
      port: 443
      type: SSL
      chain: <chain_filename>
      cert: <cert_filename>
      key: <key_filename>
inputs:
  google_workspace_logs_in_bigquery:
    id: <short_unique_id>
    enabled: true
    credentials:
      service_account_info: <service_account_info_value>
    dataset_id: <dataset_id_value>
    environment: <environment_value>
    services:
      activity_records:
        request_period_in_seconds: <request_period_in_seconds_value>
        start_time_in_utc: <start_time_in_utc_value>
        include_record_types: <include_record_type_values>
        exclude_record_types: <exclude_record_type_values>
        override_tag: <override_tag_value>
        override_table_id: <override_table_id_value>
Info

All defined service entities will be executed by the collector. If you do not want to run any of them, just remove the entity from the services object.

Replace the placeholders with your required values following the description table below:

Parameter

Data type

Requirement

Value range / Format

Description

short_unique_id

str

Mandatory

Min length: 1, Max length: 5

Short, unique ID for input service, used in persistence addressing. Avoid duplicates to prevent collisions.

service_account_info

json

Mandatory

Min length: 1

The service account credential info. This is a JSON block downloadable from Google upon creating a service account credential. The service account must have read access to the BigQuery dataset that stores the activity records.

environment_value

str

Optional

Min length: 1

Differentiates environments (e.g., dev, prod). Remove if unused.

dataset_id

str

Optional

Min length: 1

The BigQuery dataset ID that contains the activity data.

request_period_in_seconds_value

int

Optional

Min: 60

Custom period in seconds between data pulls, overriding default (300s).

start_time_in_utc_value

str

Optional

UTC datetime format: %Y-%m-%dT%H-%M-%SZ

Custom start date for data retrieval, for historical data download. Remove if unused.

include_record_types

list

Optional

List of strings. E.g. ["gmail", "login"]

If specified, the service will fetch only those record types defined in the list. The record types are present in the record_type field in the BigQuery table.

exclude_record_types

list

Optional

List of strings. E.g. ["gmail", "login"]

If specified, the service will exclude the record types defined in the list. The record types are present in the record_type field in the BigQuery table.

override_tag

str

Optional

Min length: 1

An optional tag to override the default tag for the Devo table.

override_table_id

str

Optional

Min length: 1

An optional override to support users whose activity data is stored in a table other than activity.

Info

Parameters marked as "Mandatory" are required for the collector's configuration. Optional parameters can be omitted or removed if not used, but they provide additional customization and control over the collector's behavior.

Download the Docker image

The collector should be deployed as a Docker container. Download the Docker image of the collector as a .tgz file by clicking the link in the following table:

Collector Docker image

SHA-256 hash

collector-google_workspace_logs_in_bigquery-docker-image-1.0.0

37f402945ba2fbb8385d9a8c010e676802a0b55687b21eed5753e9ffc7dce9e3

Use the following command to add the Docker image to the system:

Code Block
gunzip -c <image_file>-<version>.tgz | docker load
Note

Once the Docker image is imported, it will show the real name of the Docker image (including version info). Replace <image_file> and <version> with a proper value.

The Docker image can be deployed on the following services:

Docker

Execute the following command on the root directory <any_directory>/devo-collectors/<product_name>/

Code Block
docker run 
--name collector-<product_name> 
--volume $PWD/certs:/devo-collector/certs 
--volume $PWD/config:/devo-collector/config 
--volume $PWD/state:/devo-collector/state 
--env CONFIG_FILE=config.yaml 
--rm 
--interactive 
--tty 
<image_name>:<version>
Note

Replace <product_name>, <image_name> and <version> with the proper values.

Docker Compose

The following Docker Compose file can be used to execute the Docker container. It must be created in the <any_directory>/devo-collectors/<product_name>/ directory.

Code Block
version: '3'
services:
  collector-<product_name>:
    image: <image_name>:${IMAGE_VERSION:-latest}
    container_name: collector-<product_name>
    volumes:
      - ./certs:/devo-collector/certs
      - ./config:/devo-collector/config
      - ./credentials:/devo-collector/credentials
      - ./state:/devo-collector/state
    environment:
      - CONFIG_FILE=${CONFIG_FILE:-config.yaml}

To run the container using docker-compose, execute the following command from the <any_directory>/devo-collectors/<product_name>/ directory:

Code Block
IMAGE_VERSION=<version> docker-compose up -d
Note

Replace <product_name>, <image_name> and <version> with the proper values.

Collector services detail

...

This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.

Error type

Error ID

Error message

Cause

Solution

InitVariablesError

1

Invalid start_time_in_utc: {ini_start_str}. Must be in parseable datetime format.

The configured start_time_in_utc parameter is a non-parseable format.

Update the start_time_in_utc value to have the recommended format as indicated in the guide.

InitVariablesError

2

Invalid start_time_in_utc: {ini_start_str}. Must be in the past.

The configured start_time_in_utc parameter is a future date.

Update the start_time_in_utc value to a past datetime.

ApiError

401

An error occurred while trying to authenticate with the Azure API. Exception: {e}

The collector is unable to authenticate with the Azure API.

Check the credentials and ensure that the collector has the necessary permissions to access the Azure API.

ApiError

410

An error occurred while trying to check if container {container_name} exists. Ensure that the blob storage account name or connection string is correct. Exception: {e}

The collector was unable to locate the specified blob storage container name.

Ensure the container exists and the credentials have READ access to the container

ApiError

411

An error occurred while trying to check if container {container_name} exists. Ensure that the application has necessary permissions to access the containers. Exception: {e}

The collector was unable to access the specified blob storage container name.

Ensure the container exists and the credentials have READ access to the container

ApiError

412

An error occurred while trying to create container {container_name}. Ensure that the application has necessary permissions to create containers. Exception: {e}

The collector was unable to create the container for the auto discover service and the user indicated to use Azure Blob Storage checkpointing.

Ensure the credentials have WRITE access to the container storage account.

ApiError

420

An error occurred while trying to get consumer group {consumer_group_name}. Exception: {e}

The collector was unable to access the specified consumer group name.

Ensure the consumer group exists and the credentials have READ access to the consumer group

ApiError

421

An error occurred while trying to create consumer group {consumer_group_name}. Ensure that the application has necessary permissions to create consumer groups. Exception: {e}

The collector was unable to create the consumer group for the auto discover service.

Ensure the credentials have WRITE access to the event hub namespace or use the $Default consumer group.

Collector operations

This section is intended to explain how to proceed with specific operations of this collector.

...