Page Comparison

...

To run this collector, there are some configurations detailed below that you need to consider.

Configuration	Details
OneTrust instance	You need to purchase or obtain a partner/NFR instance of OneTrust.
ClientID and SecretID	Configure the credentials in OneTrust instance.

Info

More information

Refer to the Vendor setup section to know more about these configurations.

...

OneTrust collector supports all versions of the OneTrust Threat Intelligence Access Management Platform. This collector fetches audit related via the OneTrust Access Management audit API.

Devo collector features

Feature	Details
Allow parallel downloading (`multipod`)	`Allowed`
Running environments	`Collector server` `On-premise`
Populated Devo events	`Table`
Flattening preprocessing	`No`

Data sources

Data source	Description	API endpoint	Collector service name	Devo table	Available from release
Audit Records of Login	User login activity	/api/access/v1/login_history	login_history	`grc.onetrust.audit.login_history`	v1.0
Audit Records of a User’s Profile	User profile change events	/api/audit/v1/users/{userId}/activities	profile_activity	`grc.onetrust.audit.profile_activity`	v1.0

For more information on how the events are parsed, visit our page.

Flattening preprocessing

Data source	Collector service	Optional
Source	Service	`No`

Anchor

	vendorsetup
	vendorsetup

...

Info
This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.

Setting	Details
client_id	Client ID obtained when configuring access.
client_secret	Client secret obtained when configuring access.
domain	Your OneTrust domain, for example myorg.onetrust.com.

Info
See the Accepted authentication methods section to verify what settings are required based on the desired authentication method.

Accepted authentication methods

Authentication method

client_id

client_secret

client_id/client_secret

Status

colour	Green
title	REQUIRED

Status

colour	Green
title	REQUIRED

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Rw ui tabs macro

Rw tab

title	On-premise collector

This data collector can be run in any machine that has the Docker service available because it should be executed as a docker container. The following sections explain how to prepare all the required setup for having the data collector running.

Structure

The following directory structure should be created for being used when running the collector:

Code Block

<any_directory>
└── devo-collectors/
    └── <product_name>/
        ├── certs/
        │   ├── chain.crt
        │   ├── <your_domain>.key
        │   └── <your_domain>.crt
        ├── state/
        └── config/ 
            └── config.yaml

Note
Replace `<product_name>` with the proper value.

Devo credentials

In Devo, go to Administration → Credentials → X.509 Certificates, download the Certificate, Private key and Chain CA and save them in <product_name>/certs/. Learn more about security credentials in Devo here.

Note
Replace `<product_name>` with the proper value.

Editing the config.yaml file

Code Block

globals:
  debug: <debug_status>
  id: <collector_id>
  name: <collector_name>
  persistence:
    type: filesystem
    config:
      directory_name: state
outputs:
  devo_us_1:
    type: devo_platform
    config:
      address: <devo_address>
      port: 443
      type: SSL
      chain: <chain_filename>
      cert: <cert_filename>
      key: <key_filename>
inputs:
  onetrust:
    id: <input_id>
    enabled: <input_status>
    requests_per_second: <requests_per_second_value>
    credentials:
      client_id: <client_id>
      client_secret: <client_secret>
    commons:
      domain: <domain>
      add_user_details: <add_user_details>
    services:
      login_history:
        tag: <tag>>
        add_user_details: <add_user_details_boolean>
        initial_start_time_in_utc: <initial_start_time_in_utc>
      profile_activity:
        tag: <tag>
        initial_start_time_in_utc: <initial_start_time_in_utc>

Info
All defined service entities will be executed by the collector. If you do not want to run any of them, just remove the entity from the `services` object.

Replace the placeholders with your required values following the description table below:

Parameter

Data type

Type

Value range / Format

Details

<collector_id>

int

Mandatory

YMMDD

Use this param to give a unique id to this input service.

Note
This parameter is used to build the persistence address, do not use the same value for multiple collectors. It could cause a collision.

debug_status

bool

Mandatory

false / true

If the value is true, the debug logging traces will be enabled when running the collector. If the value is false, only the info, warning and error logging levels will be printed.

input_id

int

Mandatory

Minimum length: 1

Maximum length: 5

Use this param to give an unique id to this input service.

This parameter is used to build the persistence address, do not use the same value for multiple collectors. It could cause a collision.

input_status

bool

Mandatory

false / true

Use this param to enable or disable the given input logic when running the collector. If the value is true, the input will be run. If the value is false, it will be ignored.

client_id

str

Mandatory

Minimum length: 1

The OneTrust client ID.

client_secret

str

Mandatory

Minimum length: 1

The OneTrust client secret.

domain

str

Mandatory

Minimum length: 1

The OneTrust domain, as app-apac.onetrust.com

requests_per_second_value

int

Optional

Minimum length: 1

Maximun number of request to the API per second.

This parameter can be removed or commented.

initial_start_time_in_utc

str

Optional

UTC with format: YYYY-mm-ddTHH:MM:SS.sssZ

This configuration allows you to set a custom date as the beginning of the period to download. This allows downloading historical data (1 month back for example) before downloading new events.

This parameter can be removed or commented.

tag

str

Optional

Minimum length: 1

Allows the user to override default service tag value.

This parameter can be removed or commented.

add_user_details_boolean

bool

Optional

false / true

Enrich the login_history data with additional information about the user that logged into the system.

This parameter can be removed or commented. The default value is false, so add the value true if actually you want the data enriched.

Download the Docker image

The collector should be deployed as a Docker container. Download the Docker image of the collector as a .tgz file by clicking the link in the following table:

Collector Docker image	SHA-256 hash
collector-onetrust_collector_if-docker-image-1.2.0	`5225ce146e574b472ad5dcbef6639b405cb79a793baca594a6a5f211922a981b`

Use the following command to add the Docker image to the system:

Code Block
gunzip -c <image_file>-<version>.tgz \| docker load

Note
Once the Docker image is imported, it will show the real name of the Docker image (including version info). Replace `<image_file>` and `<version>` with a proper value.

The Docker image can be deployed on the following services:

Docker

Execute the following command on the root directory <any_directory>/devo-collectors/<product_name>/

Code Block

docker run 
--name collector-<product_name> 
--volume $PWD/certs:/devo-collector/certs 
--volume $PWD/config:/devo-collector/config 
--volume $PWD/state:/devo-collector/state 
--env CONFIG_FILE=config.yaml 
--rm 
--interactive 
--tty 
<image_name>:<version>

Note
Replace `<product_name>`, `<image_name>` and `<version>` with the proper values.

Docker Compose

The following Docker Compose file can be used to execute the Docker container. It must be created in the <any_directory>/devo-collectors/<product_name>/ directory.

Code Block

version: '3'
services:
  collector-<product_name>:
    image: <image_name>:${IMAGE_VERSION:-latest}
    container_name: collector-<product_name>
    volumes:
      - ./certs:/devo-collector/certs
      - ./config:/devo-collector/config
      - ./credentials:/devo-collector/credentials
      - ./state:/devo-collector/state
    environment:
      - CONFIG_FILE=${CONFIG_FILE:-config.yaml}

To run the container using docker-compose, execute the following command from the <any_directory>/devo-collectors/<product_name>/ directory:

Code Block
IMAGE_VERSION=<version> docker-compose up -d

Note
Replace `<product_name>`, `<image_name>` and `<version>` with the proper values.

Rw tab

title	Cloud collector

We use a piece of software called Collector Server to host and manage all our available collectors. If you want us to host this collector for you, get in touch with us and we will guide you through the configuration.

Collector services detail

This section is intended to explain how to proceed with specific actions for services.

Events service

Setup output

A successful run has the following output messages for the setup module:

Expand

title	Verify data collection

Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.

This service has the following components:

Component

Description

Setup

The setup module is in charge of authenticating the service and managing the token expiration when needed.

Puller

The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.

Code Block

2022-11-29T06:23:09.220    INFO InputProcess::MainThread -> OneTrustBasePullerSetup(unknown,onetrust#onetrust_1,profile_activity#predefined) -> Starting thread
2022-11-29T06:23:09.221    INFO InputProcess::MainThread -> OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) - Starting thread
2022-11-29T06:23:09.222 WARNING InputProcess::OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) -> Waiting until setup will be executed
2022-11-29T06:23:09.244    INFO InputProcess::MainThread -> [GC] global: 64.7% -> 64.7%, process: RSS(54.09MiB -> 54.09MiB), VMS(33.80GiB -> 33.80GiB)
2022-11-29T06:23:09.245    INFO InputProcess::MainThread -> global_status: {"input_process": {"process_id": 27965, "process_status": "running", "thread_counter": 10, "thread_names": ["MainThread", "pydevd.Writer", "pydevd.Reader", "pydevd.CommandThread", "pydevd.CheckAliveThread", "QueueFeederThread", "OneTrustBasePullerSetup(unknown,onetrust#onetrust_1,profile_activity#predefined)", "OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined)", "ServiceThread(onetrust,onetrust_1,profile_activity,predefined)", "InputThread(onetrust,onetrust_1)"], "memory_info": {"rss": "54.09MiB", "vms": "33.80GiB", "pfaults": "16.21KiB", "pageins": "17.00B"}, "input_threads": [[]], "running_flag": true, "message_queues": {"standard": {"name": "standard_queue_multiprocessing", "max_size_in_messages": 10000, "max_size_in_mb": 1024, "max_wrap_size_in_items": 100, "current_size": 0, "put_lock": "<Lock(owner=unknown)>", "input_lock": "<multiprocessing.synchronize.Event object at 0x10fdba760>"}, "lookup": {"name": "lookup_queue_multiprocessing", "max_size_in_messages": 10000, "max_size_in_mb": 1024, "max_wrap_size_in_items": 100, "current_size": 0, "put_lock": "<Lock(owner=unknown)>", "input_lock": "<multiprocessing.synchronize.Event object at 0x10fdc80d0>"}, "internal": {"name": "internal_queue_multiprocessing", "max_size_in_messages": 10000, "max_size_in_mb": 1024, "max_wrap_size_in_items": 100, "current_size": 1, "put_lock": "<Lock(owner=unknown)>", "input_lock": "<multiprocessing.synchronize.Event object at 0x10fdce7f0>"}}}}
2022-11-29T06:23:10.097    INFO InputProcess::OneTrustBasePullerSetup(unknown,onetrust#onetrust_1,profile_activity#predefined) -> Setup for module <OneTrustProfileActivityPuller> has been successfully executed

Puller output

A successful initial run has the following output messages for the puller module:

Info
Note that the `PrePull` action is executed only one time before the first run of the `Pull` action.

Code Block2022-11-29T06:23:10.227 INFO InputProcess::OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) -> Detected initial start time in UTC change: {'values_changed': {'root': {'new_value': DateTime(2022, 6, 1, 0, 0, 0, tzinfo=Timezone('UTC')), 'old_value': DateTime(2022, 11, 1, 1, 0, 0, tzinfo=Timezone('UTC'))}}}. Setting last run time to 2022-11-01T01:00:00+00:00 2022-11-29T06:23:10.230 INFO InputProcess::OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) -> Starting data collection every 60 seconds 2022-11-29T06:23:10.231 INFO InputProcess::

To enable the collector for a customer:

In the Collector Server GUI, access the domain in which you want this instance to be created
Click Add Collector and find the one you wish to add.
In the Version field, select the latest value.
In the Collector Name field, set the value you prefer (this name must be unique inside the same Collector Server domain).
In the sending method select Direct Send. Direct Send configuration is optional for collectors that create Table events, but mandatory for those that create Lookups.
In the Parameters section, establish the Collector Parameters as follows below:

Editing the JSON configuration

Code Block

{
  "global_overrides": {
    "debug": <debug_status>
  },
  "inputs": {
    "onetrust": {
      "id": "<input_id>",
      "enabled": "<input_status>",
      "requests_per_second": "<requests_per_second_value>",
      "credentials": {
        "client_id": "<client_id>",
        "client_secret": "<client_secret>"
      },
      "commons": {
        "domain": "<domain>",
      },
      "services": {
        "login_history": {
          "add_user_details": "<add_user_details_boolean>",
          "initial_start_time_in_utc": "<initial_start_time_in_utc>"
        },
        "profile_activity": {
          "initial_start_time_in_utc": "<initial_start_time_in_utc>"
        }
      }
    }
  }
}

Info
All defined service entities will be executed by the collector. If you do not want to run any of them, just remove the entity from the `services` object.

Please replace the placeholders with real world values following the description table below:

Parameter	Data Type	Type	Value Range / Format	Details
`debug_status`	`bool`	`Mandatory`	`false` / `true`	If the value is `true`, the debug logging traces will be enabled when running the collector. If the value is `false`, only the `info`, `warning` and `error` logging levels will be printed.
`input_id`	`int`	`Mandatory`	Minimum length: 1 Maximum length: 5	Use this param to give an unique id to this input service. This parameter is used to build the persistence address, do not use the same value for multiple collectors. It could cause a collision.
`input_status`	`bool`	`Mandatory`	`false` / `true`	Use this param to enable or disable the given input logic when running the collector. If the value is `true`, the input will be run. If the value is `false`, it will be ignored.
`client_id`	`str`	`Mandatory`	Minimum length: 1	The OneTrust client ID.
`client_secret`	`str`	`Mandatory`	Minimum length: 1	The OneTrust client secret.
`domain`	`str`	`Mandatory`	Minimum length: 1	The OneTrust domain, as `app-apac.onetrust.com`
`requests_per_second_value`	`int`	`Optional`	Minimum length: 1	Maximun number of request to the API per second. This parameter can be removed or commented.
`initial_start_time_in_utc`	`str`	`Optional`	UTC with format: `YYYY-mm-ddTHH:MM:SS.sssZ`	This configuration allows you to set a custom date as the beginning of the period to download. This allows downloading historical data (1 month back for example) before downloading new events. This parameter can be removed or commented.
`tag`	`str`	`Optional`	Minimum length: 1	Allows the user to override default service tag value. This parameter can be removed or commented.
`add_user_details_boolean`	`bool`	`Optional`	`false` / `true`	Enrich the login_history data with additional information about the user that logged into the system. This parameter can be removed or commented. The default value is `false`, so add the value `true` if actually you want the data enriched.

Image Added

Collector services detail

This section is intended to explain how to proceed with specific actions for services.

Events service

Expand

title	Verify data collection

Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.

This service has the following components:

Component	Description
Setup	The setup module is in charge of authenticating the service and managing the token expiration when needed.
Puller	The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.

Setup output

A successful run has the following output messages for the setup module:

Code Block

2022-11-29T06:23:09.220    INFO InputProcess::MainThread -> OneTrustBasePullerSetup(unknown,onetrust#onetrust_1,profile_activity#predefined) -> Starting thread
2022-11-29T06:23:09.221    INFO InputProcess::MainThread -> OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) -> Retrieving profile_activity events since 2022-11-01T01:00:00+00:00 to 2022-11-29 11:23:10.225980+00:00 and sending to my.app.onetrust.audit.profile_activity
Starting thread
2022-11-29T06:23:1309.114222 WARNING   INFO InputProcess::OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) -> FoundWaiting 42until ofsetup 102will users having profiles having modified date >= 2022-11-01T01:00:00+00:00 and created date <=be executed
2022-11-29T11:23:10.225980+00:00
2022-11-29T06:23:3109.258244    INFO InputProcess::OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined)MainThread -> Sending 48 events to my.app.onetrust.audit.profile_activity[GC] global: 64.7% -> 64.7%, process: RSS(54.09MiB -> 54.09MiB), VMS(33.80GiB -> 33.80GiB)
2022-11-29T06:23:3109.264245    INFO InputProcess::OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined)MainThread -> Retrieved and sent 48 profile_activity event(s) to my.app.onetrust.audit.profile_activity for period 2022-11-01T01:00:00+00:00 to 2022-11-29 11:23:10.225980+00:00
2022-11-29T06:23:31.264    INFO InputProcess::OneTrustProfileActivityPullerglobal_status: {"input_process": {"process_id": 27965, "process_status": "running", "thread_counter": 10, "thread_names": ["MainThread", "pydevd.Writer", "pydevd.Reader", "pydevd.CommandThread", "pydevd.CheckAliveThread", "QueueFeederThread", "OneTrustBasePullerSetup(unknown,onetrust#onetrust_1,profile_activity#predefined)", "OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined)", "ServiceThread(onetrust,onetrust_1,profile_activity,predefined) -> Data collection completed. Elapsed time: 21.038 seconds. Waiting for 38.962 second(s) until the next one

After a successful collector’s execution (that is, no error logs found), you will see the following log message:

Code Block

2023-01-11T18:09:21.852    INFO InputProcess::OneTrustLoginHistoryPuller(onetrust,onetrust_1,login_history,predefined) -> Data collection completed. Elapsed time: 0.526 seconds. Waiting for 59.474 second(s) until the next one

Info
The value `@devo_pulling_id` is injected in each event to group all events ingested by the same pull action. You can use it to get the exact events downloaded in that `Pull` action in Devo’s search window.

Expand

title	Restart the persistence

This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:

Edit the configuration file.
Change the value of the initial_start_time_in_utc parameter to a different one.
Save the changes.
Restart the collector.

The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.

Note
Note that this action clears the persistence and cannot be recovered in any way. Resetting persistence could result in duplicate or lost events.

...

title	Troubleshooting

This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.

...

Error type

...

Error ID

...

Error message

...

Cause

...

Solution

...

SetupError

...

101

...

The credentials do not seem to be valid. Please doublecheck.

...

The API returns an “unauthorized” message.

...

Generate a new client_id/client_secret pair and add it to config file.

...

InitVariablesError

...

1

...

Error while fetching collector variables: [..]

...

One of required parameters is absent or a parameter has an incorrect type

...

Add the parameter or correct the type.

...

2

...

Error validating collector variables: [...]

...

One of the parameters has the correct type but it is not correct.

For instance, a date is not a valid date, or a number is out of its range.

...

Correct the parameter in the configuration file.

...

3

...

Error while setting up collector variables: [...]

...

The URLs of the API cannot be created

...

Review the domain value in config file.

...

5

...

Error while creating client: [..]

...

Other error inizializing the collector.

...

Solution depends on specific error message.

...

Prepull Error

...

200

...

Error during pre_pull: [...]

...

Something was wrong creating the checkpoints

...

Review the initial_start_time_in_utc

...

Pull Error

...

300

...

Encountered pull error: [...]

...

Something was wrong contacting the API.

...

Read the HTTP error code as long as the response’s text. This information should be enough to understand why is the error happening.

Collector operations

This section is intended to explain how to proceed with the specific operations of this collector.

Expand

title	Verify collector operations

Initialization

The initialization module is in charge of setup and running the input (pulling logic) and output (delivering logic) services and validating the given configuration.

A successful run has the following output messages for the initializer module:

Code Block

2022-11-29T06:23:09.220    INFO InputProcess::MainThread -> ", "InputThread(onetrust,onetrust_1)"], "memory_info": {"rss": "54.09MiB", "vms": "33.80GiB", "pfaults": "16.21KiB", "pageins": "17.00B"}, "input_threads": [[]], "running_flag": true, "message_queues": {"standard": {"name": "standard_queue_multiprocessing", "max_size_in_messages": 10000, "max_size_in_mb": 1024, "max_wrap_size_in_items": 100, "current_size": 0, "put_lock": "<Lock(owner=unknown)>", "input_lock": "<multiprocessing.synchronize.Event object at 0x10fdba760>"}, "lookup": {"name": "lookup_queue_multiprocessing", "max_size_in_messages": 10000, "max_size_in_mb": 1024, "max_wrap_size_in_items": 100, "current_size": 0, "put_lock": "<Lock(owner=unknown)>", "input_lock": "<multiprocessing.synchronize.Event object at 0x10fdc80d0>"}, "internal": {"name": "internal_queue_multiprocessing", "max_size_in_messages": 10000, "max_size_in_mb": 1024, "max_wrap_size_in_items": 100, "current_size": 1, "put_lock": "<Lock(owner=unknown)>", "input_lock": "<multiprocessing.synchronize.Event object at 0x10fdce7f0>"}}}}
2022-11-29T06:23:10.097    INFO InputProcess::OneTrustBasePullerSetup(unknown,onetrust#onetrust_1,profile_activity#predefined) -> Setup for module <OneTrustProfileActivityPuller> has been successfully executed

Puller output

A successful initial run has the following output messages for the puller module:

Info
Note that the `PrePull` action is executed only one time before the first run of the `Pull` action.

Code Block

2022-11-29T06:23:10.227    INFO InputProcess::OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) -> Detected initial start time in UTC change: {'values_changed': {'root': {'new_value': DateTime(2022, 6, 1, 0, 0, 0, tzinfo=Timezone('UTC')), 'old_value': DateTime(2022, 11, 1, 1, 0, 0, tzinfo=Timezone('UTC'))}}}. Setting last run time to 2022-11-01T01:00:00+00:00
2022-11-29T06:23:10.230    INFO InputProcess::OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) -> Starting data collection every 60 seconds
2022-11-29T06:23:10.231    INFO InputProcess::OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) -> Retrieving profile_activity events since 2022-11-01T01:00:00+00:00 to 2022-11-29 11:23:10.225980+00:00 and sending to my.app.onetrust.audit.profile_activity
2022-11-29T06:23:13.114    INFO InputProcess::OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) -> Found 42 of 102 users having profiles having modified date >= 2022-11-01T01:00:00+00:00 and created date <= 2022-11-29T11:23:10.225980+00:00
2022-11-29T06:23:31.258    INFO InputProcess::OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) -> Sending 48 events to my.app.onetrust.audit.profile_activity
2022-11-29T06:23:31.264    INFO InputProcess::OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) -> Retrieved and sent 48 profile_activity event(s) to my.app.onetrust.audit.profile_activity for period 2022-11-01T01:00:00+00:00 to 2022-11-29 11:23:10.225980+00:00
2022-11-29T06:23:31.264    INFO InputProcess::OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) -> Data collection completed. Elapsed time: 21.038 seconds. Waiting for 38.962 second(s) until the next one

After a successful collector’s execution (that is, no error logs found), you will see the following log message:

Code Block

2023-01-11T18:09:21.852    INFO InputProcess::OneTrustLoginHistoryPuller(onetrust,onetrust_1,login_history,predefined) -> Data collection completed. Elapsed time: 0.526 seconds. Waiting for 59.474 second(s) until the next one

Info
The value `@devo_pulling_id` is injected in each event to group all events ingested by the same pull action. You can use it to get the exact events downloaded in that `Pull` action in Devo’s search window.

Expand

title	Restart the persistence

This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:

Edit the configuration file.
Change the value of the initial_start_time_in_utc parameter to a different one.
Save the changes.
Restart the collector.

The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.

Note
Note that this action clears the persistence and cannot be recovered in any way. Resetting persistence could result in duplicate or lost events.

Expand

title	Troubleshooting

This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.

Error type	Error ID	Error message	Cause	Solution
SetupError	101	`The credentials do not seem to be valid. Please doublecheck.`	The API returns an “unauthorized” message.	Generate a new client_id/client_secret pair and add it to config file.
InitVariablesError	1	`Error while fetching collector variables: [..]`	One of required parameters is absent or a parameter has an incorrect type	Add the parameter or correct the type.
	2	`Error validating collector variables: [...]`	One of the parameters has the correct type but it is not correct. For instance, a date is not a valid date, or a number is out of its range.	Correct the parameter in the configuration file.
	3	`Error while setting up collector variables: [...]`	The URLs of the API cannot be created	Review the `domain` value in config file.
	5	`Error while creating client: [..]`	Other error inizializing the collector.	Solution depends on specific error message.
Prepull Error	200	`Error during pre_pull: [...]`	Something was wrong creating the checkpoints	Review the `initial_start_time_in_utc`
Pull Error	300	`Encountered pull error: [...]`	Something was wrong contacting the API.	Read the HTTP error code as long as the response’s text. This information should be enough to understand why is the error happening.

Collector operations

This section is intended to explain how to proceed with the specific operations of this collector.

Sender statistics

Each service displays its own performance statistics that allow checking how many events have been delivered to Devo by type:

Expand

title	Verify collector operations

Initialization

The initialization module is in charge of setup and running the input (pulling logic) and output (delivering logic) services and validating the given configuration.

A successful run has the following output messages for the initializer module:

Code Block

2022-11-29T06:23:09.220    INFO InputProcess::MainThread -> OneTrustBasePullerSetup(unknown,onetrust#onetrust_1,profile_activity#predefined) -> Starting thread
2022-11-29T06:23:09.221    INFO InputProcess::MainThread -> OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) - Starting thread
2022-11-29T06:23:09.222 WARNING InputProcess::OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) -> Waiting until setup will be executed
2022-11-29T06:23:09.244    INFO InputProcess::MainThread -> [GC] global: 64.7% -> 64.7%, process: RSS(54.09MiB -> 54.09MiB), VMS(33.80GiB -> 33.80GiB)
2022-11-29T06:23:09.245    INFO InputProcess::MainThread -> global_status: {"input_process": {"process_id": 27965, "process_status": "running", "thread_counter": 10, "thread_names": ["MainThread", "pydevd.Writer", "pydevd.Reader", "pydevd.CommandThread", "pydevd.CheckAliveThread", "QueueFeederThread", "OneTrustBasePullerSetup(unknown,onetrust#onetrust_1,profile_activity#predefined) -> Starting thread
2022-11-29T06:23:09.221    INFO InputProcess::MainThread -> ", "OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined) - Starting thread
2022-11-29T06:23:09.222 WARNING InputProcess::OneTrustProfileActivityPuller", "ServiceThread(onetrust,onetrust_1,profile_activity,predefined) -> Waiting until setup will be executed
2022-11-29T06:23:09.244    INFO InputProcess::MainThread -> [GC] global: 64.7% -> 64.7%, process: RSS(54.09MiB -> 54.09MiB), VMS(33.80GiB -> 33.80GiB)
2022-11-29T06:23:09.245    INFO InputProcess::MainThread -> global_status: {"input_process": {"process_id": 27965, "process_status": "running", "thread_counter": 10, "thread_names": ["MainThread", "pydevd.Writer", "pydevd.Reader", "pydevd.CommandThread", "pydevd.CheckAliveThread", "QueueFeederThread", "OneTrustBasePullerSetup(unknown,onetrust#onetrust_1,profile_activity#predefined)", "OneTrustProfileActivityPuller(onetrust,onetrust_1,profile_activity,predefined)", "ServiceThread(onetrust,onetrust_1,profile_activity,predefined)", "InputThread(onetrust,onetrust_1)"], "memory_info": {"rss": "54.09MiB", "vms": "33.80GiB", "pfaults": "16.21KiB", "pageins": "17.00B"}, "input_threads": [[]], "running_flag": true, "message_queues": {"standard": {"name": "standard_queue_multiprocessing", "max_size_in_messages": 10000, "max_size_in_mb": 1024, "max_wrap_size_in_items": 100, "current_size": 0, "put_lock": "<Lock(owner=unknown)>", "input_lock": "<multiprocessing.synchronize.Event object at 0x10fdba760>"}, "lookup": {"name": "lookup_queue_multiprocessing", "max_size_in_messages": 10000, "max_size_in_mb": 1024, "max_wrap_size_in_items": 100, "current_size": 0, "put_lock": "<Lock(owner=unknown)>", "input_lock": "<multiprocessing.synchronize.Event object at 0x10fdc80d0>"}, "internal": {"name": "internal_queue_multiprocessing", "max_size_in_messages": 10000, "max_size_in_mb": 1024, "max_wrap_size_in_items": 100, "current_size": 1, "put_lock": "<Lock(owner=unknown)>", "input_lock": "<multiprocessing.synchronize.Event object at 0x10fdce7f0>"}}}}
2022-11-29T06:23:10.097    INFO InputProcess::OneTrustBasePullerSetup(unknown,onetrust#onetrust_1,profile_activity#predefined) -> Setup for module <OneTrustProfileActivityPuller> has been successfully executed

Events delivery and Devo ingestion

The event delivery module is in charge of receiving the events from the internal queues where all events are injected by the pullers and delivering them using the selected compatible delivery method.

A successful run has the following output messages for the initializer module:

Code Block

", "InputThread(onetrust,onetrust_1)"], "memory_info": {"rss": "54.09MiB", "vms": "33.80GiB", "pfaults": "16.21KiB", "pageins": "17.00B"}, "input_threads": [[]], "running_flag": true, "message_queues": {"standard": {"name": "standard_queue_multiprocessing", "max_size_in_messages": 10000, "max_size_in_mb": 1024, "max_wrap_size_in_items": 100, "current_size": 0, "put_lock": "<Lock(owner=unknown)>", "input_lock": "<multiprocessing.synchronize.Event object at 0x10fdba760>"}, "lookup": {"name": "lookup_queue_multiprocessing", "max_size_in_messages": 10000, "max_size_in_mb": 1024, "max_wrap_size_in_items": 100, "current_size": 0, "put_lock": "<Lock(owner=unknown)>", "input_lock": "<multiprocessing.synchronize.Event object at 0x10fdc80d0>"}, "internal": {"name": "internal_queue_multiprocessing", "max_size_in_messages": 10000, "max_size_in_mb": 1024, "max_wrap_size_in_items": 100, "current_size": 1, "put_lock": "<Lock(owner=unknown)>", "input_lock": "<multiprocessing.synchronize.Event object at 0x10fdce7f0>"}}}}
2022-11-29T06:23:10.097    INFO InputProcess::OneTrustBasePullerSetup(unknown,onetrust#onetrust_1,profile_activity#predefined) -> Setup for module <OneTrustProfileActivityPuller> has been successfully executed

Events delivery and Devo ingestion

The event delivery module is in charge of receiving the events from the internal queues where all events are injected by the pullers and delivering them using the selected compatible delivery method.

A successful run has the following output messages for the initializer module:

Code Block

2023-01-11T18:12:49.017    INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_1) -> Number of available senders: 1, sender manager internal queue size: 0
2023-01-11T18:12:49.017    INFO OutputProcess::DevoSenderManagerMonitor(standard_senders,devo_1) -> This sender has not been used for 207.688733 seconds, it will be closed and destroyed
2023-01-11T18:12:49.018    INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_1) -> enqueued_elapsed_times_in_seconds_stats: {}
2023-01-11T18:12:49.022    INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_1) -> Sender: DevoSender(lookup_senders,devo_sender_0), status: {"internal_queue_size": 0, "is_connection_open": False}
2023-01-11T18:12:49.017023    INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_1) -> Number Lookup - Total number of availablemessages senderssent: 10, sendermessages managersent internal queue sizesince "2023-01-11 17:07:48.934646+00:00": 0 (elapsed 0.000 seconds)
2023-01-11T18:12:49.017024    INFO OutputProcess::DevoSenderManagerMonitor(standard_senders,devo_1) -> ThisNumber sender has not been used for 207.688733 seconds, it will be closed and destroyedof available senders: 1, sender manager internal queue size: 0
2023-01-11T18:12:49.018024    INFO OutputProcess::DevoSenderManagerMonitor(lookupstandard_senders,devo_1) -> enqueued_elapsed_times_in_seconds_stats: {}
2023-01-11T18:12:49.022024    INFO OutputProcess::DevoSenderManagerMonitor(lookupstandard_senders,devo_1) -> Sender: DevoSender(lookupstandard_senders,devo_sender_0), status: {"internal_queue_size": 0, "is_connection_open": False}
2023-01-11T18:12:49.023025    INFO OutputProcess::DevoSenderManagerMonitor(lookupstandard_senders,devo_1) -> LookupStandard - Total number of messages sent: 0225, messages sent since "2023-01-11 17:07:48.934646867824+00:00": 0225 (elapsed 0.000040 seconds)
2023-01-11T18:12:49.024032    INFO OutputProcess::DevoSenderManagerMonitor(standardinternal_senders,devo_1) -> Number of available senders: 1, sender manager internal queue size: 0
2023-01-11T18:12:49.024    INFO OutputProcess::DevoSenderManagerMonitor(standard_senders,devo_1) -> enqueued_elapsed_times_in_seconds_stats: {}1, sender manager internal queue size: 0
2023-01-11T18:12:49.024033    INFO OutputProcess::DevoSenderManagerMonitor(standardinternal_senders,devo_1) -> Sender: DevoSender(standard_senders,devo_sender_0), status: {"internal_queue_size": 0, "is_connection_open": Falseenqueued_elapsed_times_in_seconds_stats: {}
2023-01-11T18:12:49.025033    INFO OutputProcess::DevoSenderManagerMonitor(standardinternal_senders,devo_1) -> Standard - Total number of messages sent: 225, messages sent since "2023-01-11 17:07:48.867824+00:00": 225 (elapsed 0.040 seconds)
 Sender: DevoSender(internal_senders,devo_sender_0), status: {"internal_queue_size": 0, "is_connection_open": True}
2023-01-11T18:12:49.032033    INFO OutputProcess::DevoSenderManagerMonitor(internal_senders,devo_1) -> Number Internal - Total number of availablemessages senderssent: 198, sender manager internal queue size: 0
messages sent since "2023-01-11T1811 17:1207:49.033    INFO OutputProcess::DevoSenderManagerMonitor(internal_senders,devo_1) -> enqueued_elapsed_times_in_seconds_stats: {}
2023-01-11T18:12:49.033    INFO OutputProcess::DevoSenderManagerMonitor(internal_senders,devo_1) -> Sender: DevoSender(internal_senders,devo_sender_0), status: {"internal_queue_size": 0, "is_connection_open": True}
2023-01-11T18:12:49.033    INFO OutputProcess::DevoSenderManagerMonitor(internal_senders,devo_1) -> Internal - Total number of messages sent: 98, messages sent since "2023-01-11 17:07:48.992572+00:00": 98 (elapsed 0.374 seconds)

Info
By default, these information traces will be displayed every 10 minutes.

Sender services

The Integrations Factory Collector SDK has 3 different senders services depending on the event type to delivery (internal, standard, and lookup). This collector uses the following Sender Services:

Sender services

Description

internal_senders

In charge of delivering internal metrics to Devo such as logging traces or metrics.

standard_senders

In charge of delivering pulled events to Devo.

Logging trace

Description

Number of available senders: 1

Displays the number of concurrent senders available for the given Sender Service.

sender manager internal queue size: 0

Displays the items available in the internal sender queue.

Info
This value helps detect bottlenecks and needs to increase the performance of data delivery to Devo. This last can be made by increasing the concurrent senders.

Standard - Total number of messages sent: 57, messages sent since "2023-01-10 16:09:16.116750+00:00": 0 (elapsed 0.000 seconds

Displayes the number of events from the last time and following the given example, the following conclusions can be obtained:

44 events were sent to Devo since the collector started.
The last checkpoint timestamp was 2022-06-28 10:39:22.511671+00:00.
21 events where sent to Devo between the last UTC checkpoint and now.
Those 21 events required 0.007 seconds to be delivered.

Info
By default these traces will be shown every 10 minutes.

Expand

title	Check memory usage

To check the memory usage of this collector, look for the following log records in the collector which are displayed every 5 minutes by default, always after running the memory-free process.

The used memory is displayed by running processes and the sum of both values will give the total used memory for the collector.
The global pressure of the available memory is displayed in the global value.
All metrics (Global, RSS, VMS) include the value before freeing and after previous -> after freeing memory

Code Block

INFO InputProcess::MainThread -> [GC] global: 20.4% -> 20.4%, process: RSS(34.50MiB -> 34.08MiB), VMS(410.52MiB -> 410.02MiB)
INFO OutputProcess::MainThread -> [GC] global: 20.4% -> 20.4%, process: RSS(28.41MiB -> 28.41MiB), VMS(705.28MiB -> 705.28MiB)

Info

Differences between RSS and VMS memory usage:

RSS is the Resident Set Size, which is the actual physical memory the process is using
VMS is the Virtual Memory Size which is the virtual memory that process is using

Expand

title	Enable/disable the logging debug mode

Sometimes it is necessary to activate the debug mode of the collector's logging. This debug mode increases the verbosity of the log and allows you to print execution traces that are very helpful in resolving incidents or detecting bottlenecks in heavy download processes.

To enable this option you just need to edit the configuration file and change the debug_status parameter from false to true and restart the collector.
To disable this option, you just need to update the configuration file and change the debug_status parameter from true to false and restart the collector.

For more information, visit the configuration and parameterization section corresponding to the chosen deployment mode.

Change log for v1.x.x

...

Release

...

Released on

...

Release type

...

Details

...

48.992572+00:00": 98 (elapsed 0.374 seconds)

Info
By default, these information traces will be displayed every 10 minutes.

Sender services

The Integrations Factory Collector SDK has 3 different senders services depending on the event type to delivery (internal, standard, and lookup). This collector uses the following Sender Services:

Sender services	Description
`internal_senders`	In charge of delivering internal metrics to Devo such as logging traces or metrics.
`standard_senders`	In charge of delivering pulled events to Devo.

Sender statistics

Each service displays its own performance statistics that allow checking how many events have been delivered to Devo by type:

Logging trace

Description

Number of available senders: 1

Displays the number of concurrent senders available for the given Sender Service.

sender manager internal queue size: 0

Displays the items available in the internal sender queue.

Info
This value helps detect bottlenecks and needs to increase the performance of data delivery to Devo. This last can be made by increasing the concurrent senders.

Standard - Total number of messages sent: 57, messages sent since "2023-01-10 16:09:16.116750+00:00": 0 (elapsed 0.000 seconds

Displayes the number of events from the last time and following the given example, the following conclusions can be obtained:

44 events were sent to Devo since the collector started.
The last checkpoint timestamp was 2022-06-28 10:39:22.511671+00:00.
21 events where sent to Devo between the last UTC checkpoint and now.
Those 21 events required 0.007 seconds to be delivered.

Info
By default these traces will be shown every 10 minutes.

Expand

title	Check memory usage

To check the memory usage of this collector, look for the following log records in the collector which are displayed every 5 minutes by default, always after running the memory-free process.

The used memory is displayed by running processes and the sum of both values will give the total used memory for the collector.
The global pressure of the available memory is displayed in the global value.
All metrics (Global, RSS, VMS) include the value before freeing and after previous -> after freeing memory

Code Block

INFO InputProcess::MainThread -> [GC] global: 20.4% -> 20.4%, process: RSS(34.50MiB -> 34.08MiB), VMS(410.52MiB -> 410.02MiB)
INFO OutputProcess::MainThread -> [GC] global: 20.4% -> 20.4%, process: RSS(28.41MiB -> 28.41MiB), VMS(705.28MiB -> 705.28MiB)

Info

Differences between RSS and VMS memory usage:

RSS is the Resident Set Size, which is the actual physical memory the process is using
VMS is the Virtual Memory Size which is the virtual memory that process is using

Expand

title	Enable/disable the logging debug mode

Sometimes it is necessary to activate the debug mode of the collector's logging. This debug mode increases the verbosity of the log and allows you to print execution traces that are very helpful in resolving incidents or detecting bottlenecks in heavy download processes.

To enable this option you just need to edit the configuration file and change the debug_status parameter from false to true and restart the collector.
To disable this option, you just need to update the configuration file and change the debug_status parameter from true to false and restart the collector.

For more information, visit the configuration and parameterization section corresponding to the chosen deployment mode.

Change log for v1.x.x

Release

Released on

Release type

Details

Recommendations

v1.2.0

24 Aug 2023

Status

colour	Green
title	IMPROVEMENTS

Improvements:

Upgraded DCSDK from 1.5.1 to 1.9.1
- Store lookup instances into DevoSender to avoid creation of new instances for the same lookup
- Ensure service_config is a dict into templates
- Ensure special characters are properly sent to the platform
- Changed log level to some messages from info to debug
- Changed some wrong log messages
- Upgraded some internal dependencies
- Changed queue passed to setup instance constructor
- Ability to validate collector setup and exit without pulling any data
- Ability to store in the persistence the messages that couldn't be sent after the collector stopped
- Ability to send messages from the persistence when the collector starts and before the puller begins working
- Ensure special characters are properly sent to the platform
- Added a lock to enhance sender object
- Added new class attrs to the setstate and getstate queue methods
- Fix sending attribute value to the setstate and getstate queue methods
- Added log traces when queues are full and have to wait
- Added log traces of queues time waiting every minute in debug mode
- Added method to calculate queue size in bytes
- Block incoming events in queues when there are no space left
- Send telemetry events to Devo platform
- Upgraded internal Python dependency Redis to v4.5.4
- Upgraded internal Python dependency DevoSDK to v5.1.3
- Fixed obfuscation not working when messages are sent from templates
- New method to figure out if a puller thread is stopping
- Upgraded internal Python dependency DevoSDK to v5.0.6
- Improved logging on messages/bytes sent to Devo platform
- Fixed wrong bytes size calculation for queues
- New functionality to count bytes sent to Devo Platform (shown in console log)
- Upgraded internal Python dependency DevoSDK to v5.0.4
- Fixed bug in persistence management process, related to persistence reset
- Aligned source code typing to be aligned with Python 3.9.x
- Inject environment property from user config
- Obfuscation service can be now configured from user config and module definiton
- Obfuscation service can now obfuscate items inside arrays

Recommended version

v1.1.0

23 Dec 2022

Status

colour	Purple
title	NEW FEATURE

Improvements:

Add data user enrichment to “login history” information

Recommended version

Versions Compared

Old Version 5

New Version Current

Key

Devo collector features

Data sources

Flattening preprocessing

Accepted authentication methods

Run the collector

Structure

Devo credentials

Editing the config.yaml file

Download the Docker image

Docker

Docker Compose

Collector services detail

Events service

Setup output

Puller output

Editing the JSON configuration

Collector services detail

Events service

Setup output

Collector operations

Initialization

Puller output

Collector operations

Sender statistics

Initialization

Events delivery and Devo ingestion

Events delivery and Devo ingestion

Sender services

Change log for v1.x.x

Sender services

Sender statistics

Change log for v1.x.x