Microsoft 365 Exchange Message Tracing collector

Overview

Microsoft 365 is a widely adopted productivity suite from Microsoft. The suite includes Microsoft Exchange Online collaboration service for email, calendars, contacts, and tasks. Message tracing is one of the basic tools used by administrators to monitor email flow.

Some email information is stored in logs and is available for administrative purposes. The administrator will be able to see sent and received emails even though the user has deleted or purged them. With message tracing, you can’t see the content of the messages but you can get very useful information such as:

Sender and recipient.
Send and received dated.
Subject and size of the email.
Status and details of events. There are seven possible values in the delivery status field: delivered, failed, pending, expanded, quarantined, filtered as spam, and unknown.
IP address used to send the message.
Message ID: This is a unique number that identifies the message. If a message is sent to more than one recipient it will display once for every recipient, but all will have the same Message ID.

Message tracking logs

You won’t be able to edit the messages in Office 365 since they are not simple text files. To do that you can use message tracking logs in on-prem Exchange that allow you to edit them directly since they are simple text files.

Configuration requirements

To run this collector, there are some configurations detailed below that you need to consider.

Configuration	Details
Microsot Azure account	It is a requirement to have an account so you can run this collector.
Microsoft 365 account	It is a requirement to have an account so you can run this collector.

More information

Refer to the Vendor setup section to know more about these configurations.

Devo collector features

Feature	Details
Allow parallel downloading (`multipod`)	`Not allowed`
Running environments	`Collector server` `On-premise`
Populated Devo events	`Table`
Flattening preprocessing	`No`

Data sources

Data source	Description	API endpoint	Collector service name	Devo table	Available from release
Message Reports	Reports for every email sent and received through the Exchange Online organization	`https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace`	`office365_exchange_message_service`	`cloud.office365.messagetracing`	`2.0.0`

For more information on how the events are parsed, visit our page.

Minimum configuration required for basic pulling

Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.

This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.

Setting	Details
`tenant_id`	This is the Tenant ID you copied during the Obtain the client credentials step.
`client_id`	This is the Application (client) ID you copied during the Obtain the client credentials step.
`client_secret`	This is the created secret’s Value field you copied during the Obtain the client credentials step.

See the Accepted authentication methods section to verify what settings are required based on the desired authentication method.

Accepted authentication methods

Authentication method	Details
Modern OAuth2 Auth	You will need your `Tenant ID`, `client ID`, and `Client Secret`.

Vendor setup

There are some minimal requirements to enable this collector:

Microsoft Azure account: The account must be able to register applications and assign roles.
Microsoft Office 365 account: The account must have administrative permissions in the Office 365 organization.

There are some configurations you need to do to enable the collector.

Register the application in Microsoft Azure

Go to Microsoft Azure and log in with your account.
Navigate the App registration blade (you can search for it in the search toolbar).
Click on the + New Registration button.
Give the application a name. If needed change the Supported account types.
Click the Register button.

Obtain the client credentials

On the Overview page, search for your application in the list.
Under the Essentials section, copy the Application (client) ID and Directory (tenant) ID values.
On the left side menu, navigate to the Certificates & secrets page.
Click on + New client secret button.
Set a description and an expiration for the secret.
Click on the Add button.
Copy its Value field.

Credentials troubleshooting

If you get errors, please, check your subscriptions and permissions:

# Update the client id, client secret, domain, tenant, and endpoint here
$ClientID = "<YOUR_APPLICATION_ID"
$ClientSecret = "<YOUR_CLIENT_SECRET>"
$loginURL = "https://login.microsoftonline.com/"
$tenantdomain = "<YOUR_DOMAIN>.onmicrosoft.com"
# Get the tenant GUID from Properties | Directory ID under the Azure Active Directory section. For $resource, use one of these endpoint values based on your subscription plan: Enterprise - manage.office.com; GCC - manage-gcc.office.com; GCC High: manage.office365.us; DoD: manage.protection.apps.mil
$TenantGUID = "<YOUR_TENANT_GUID>"
$resource = "https://<YOUR_API_ENDPOINT>"
# auth
$body = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
$oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
# This will try to return the subscriptions list
Invoke-WebRequest -Headers $headerParams -Uri "$resource/api/v1.0/$tenantGUID/activity/feed/subscriptions/list"

If this fails, then create the subscripttions that fail with this command:

Invoke-WebRequest -Method Post -Headers $headerParams -Uri "https://<YOUR_API_ENDPOINT>/api/v1.0/$tenantGUID/activity/feed/subscriptions/start?contentType=Audit.AzureActiveDirectory"

Check the Microsoft documentation if you experience any other issues.

Grant the required API permissions

On the left side panel of your previously registered application, navigate to the API permissions page.
Click the + Add a permission button.
On the right side modal, navigate the APIs my organization uses tab.
Select Office 365 Exchange Online entry from the list - you can use the search bar tool to find it -.
Click the Application permissions button.
Under the ReportingWebService section, mark the ReportingWebService.Read.All permission.
Click the Add permissions button.
Click ✓ Grant admin consent for {your_domain} button and then on the Yes button on the appeared modal.
To verify that the permission was correctly added, execute the following cURL command replacing (or assigning) the $CLIENT_ID, $CLIENT_SECRET, and $TENANT_ID shell variables with the credentials you obtained in the previous instructions:
```
$ curl -d "grant_type=client_credentials&client_id=$CLIENT_ID&client_secret=$CLIENT_SECRET&resource=https://outlook.office365.com" -X POST https://login.windows.net/$TENANTID/oauth2/token
```
A JSON response will be received containing an "access_token" field. By copying its value and pasting it on the jwt.ms: Welcome! web page, the token will appear decoded. Inside, there must be a "roles" field whose value is an array containing the ReportingWebService.Read.All permission. Otherwise, the permissions have not been correctly added.

Add the required role for the application

Navigate the Azure Active Directory blade (you can search for it in the search bar on the top).
On the left-side menu, navigate to the Roles and administrators page.
In the list, search for the Global Reader and click on it to select it.
Click the + Add assignments button.
On the right-side modal, use the search bar to find the application you created. Search by either its name (make sure you write the whole name, not only parts of it) or its Client ID in case you cannot find it. Once it appears on the list, select it.
Click the Add button.
To verify that the role has been correctly assigned, execute the following cURL command replacing (or assigning) the $REPORTING_TOKEN shell variable with the token you obtained in the previous instructions:
```
$ curl -i -H "Authorization: Bearer $REPORTING_TOKEN" https://reports.office365.com/ecp/ReportingWebService/Reporting.svc
```
This response will include the HTTP Response code and headers (note the -i parameter). You should expect to get an HTTP 200 OK response with an XML containing at least the <atom:title>MessageTrace</atom:title> tag. Other responses will be incorrect; here are some examples and their explanation:
1. 401 - Unauthorized: Access is denied due to invalid credentials.: your token is either invalid or outdated. Review the previous instructions to obtain a working token.
2. No permission to access the report for the organization.: The role has not been properly assigned. Review these instructions to do it.

Alternative URL Configuration for US Government Endpoints

Microsoft has an alternative set of URLs for configurations that need to perform their requests in government environments. You can get more information directly from the Microsoft documentation:

These are the default endpoints:

Setting	Default setting
`base_resource_url`	https://outlook.office365.com
`base_auth_url`	https://login.microsoftonline.com
`base_url`	https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace

Find the configuration that suits the appropriate configuration. They usually have the same structure, but a different TLD. For example, office365.us instead of office365.com, or microsoftonline.us instead of microsoftonline.com. Once you have the correct URLs, you can set them in the configuration file and use the override parameters to set them:

override_base_resource_url
override_base_auth_url
override_base_url

Source Event Obfuscation

This collector obfuscates the following parameters:

tenant_id
client_id
client_secret

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Collector services detail

This section is intended to explain how to proceed with specific actions for services.

Events service

Verify data collection

Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.

This service has the following components:

Component	Description
Setup	The setup module is in charge of authenticating the service and managing the token expiration when needed.
Puller	The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.

Setup output

A successful run has the following output messages for the setup module:

INFO InputProcess::MainThread -> Office365ExchangeMessageTracePullerSetup(unknown,office365_exchange_message#<short_unique_id>,office365_exchange_message_service#predefined) -> Starting thread
INFO InputProcess::Office365ExchangeMessageTracePullerSetup(unknown,office365_exchange_message#<short_unique_id>,office365_exchange_message_service#predefined) -> Puller Setup started
INFO InputProcess::Office365ExchangeMessageTracePullerSetup(unknown,office365_exchange_message#<short_unique_id>,office365_exchange_message_service#predefined) -> We do not have a token. Getting a new one from the server.
INFO InputProcess::Office365ExchangeMessageTracePullerSetup(unknown,office365_exchange_message#<short_unique_id>,office365_exchange_message_service#predefined) -> Attempting to get OAuth2 token from O365 Message Tracing server....
INFO InputProcess::Office365ExchangeMessageTracePullerSetup(unknown,office365_exchange_message#<short_unique_id>,office365_exchange_message_service#predefined) -> Successfully received JWT token from https://login.microsoftonline.com/{your-tenant-id}/oauth2/token which expires in 3599 seconds
INFO InputProcess::Office365ExchangeMessageTracePullerSetup(unknown,office365_exchange_message#<short_unique_id>,office365_exchange_message_service#predefined) -> Puller Setup terminated
INFO InputProcess::Office365ExchangeMessageTracePullerSetup(unknown,office365_exchange_message#<short_unique_id>,office365_exchange_message_service#predefined) -> Setup for module <Office365ExchangeMessageTracePuller> has been successfully executed

Puller output

A successful initial run has the following output messages for the puller module:

Note that the PrePull action is executed only one time before the first run of the Pull action.

   INFO InputProcess::MainThread -> Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) - Starting thread
WARNING InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> Waiting until setup will be executed
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> Due to remote API requirements, this collector cannot request data less than <90000> seconds or older than 11 days
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> Retrieved state from the persistence -> None
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> No saved state found, applying values by default
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> Validating the start and end time based on the maximum threshold (-11 days): 2022-12-11T14:17:16.229112
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> The persistence has been modified. Saving state as {'start_time': '2022-12-20T12:02:16.228314', 'buffer': [], 'end_time': None, 'dynamic_buffer': [], 'dynamic_buffer_received': None, 'next_link': None, 'requests_made': 0, 'events_retrieved_count': 0, 'reset_persistence_auth': None, 'filtered_events': 0, 'time_delay_in_seconds': 90000}
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> Starting data collection every 60 seconds
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> Pull started
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> Running a new pipeline (2022-12-20T12:02:16.228314 - 2022-12-20T12:17:16.228314)
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> Requesting data. URL: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$filter=StartDate eq datetime'2022-12-20T12:02:16.228314Z' and EndDate eq datetime'2022-12-20T12:17:16.228314Z'
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> 0 Events retrieved from the last API call.
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> No events detected. Pull Summary: 1 request(s) made, 0 event(s) filtered, 0 event(s) sent to Devo. Using tag: cloud.office365.messagetracing. Period from 2022-12-20T12:02:16.228314 to 2022-12-20T12:17:16.228314
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> Savepoint reached: Updating persistence with -> {'start_time': '2022-12-20T12:17:16.228314', 'buffer': [], 'end_time': None, 'dynamic_buffer': [], 'dynamic_buffer_received': None, 'next_link': None, 'requests_made': 0, 'events_retrieved_count': 0, 'reset_persistence_auth': None, 'filtered_events': 0, 'time_delay_in_seconds': 90000}
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> A new pipeline has been completed
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> Remote data is up to date!
   INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> Data collection completed. Elapsed time: 2.923 seconds. Waiting for 57.077 second(s) until the next one

After a successful collector’s execution (that is, no error logs found), you will see the following log message:

INFO InputProcess::Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) -> Data collection completed. Elapsed time: 2.923 seconds. Waiting for 57.077 second(s) until the next one

The value @devo_pulling_id is injected in each event to group all events ingested by the same pull action. You can use it to get the exact events downloaded in that Pull action in Devo’s search window.

Restart the persistence

This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:

Edit the configuration file.
Change the value of the reset_persistence_auth parameter to a different one.
Save the changes.
Restart the collector.

The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.

Note that this action clears the persistence and cannot be recovered in any way. Resetting persistence could result in duplicate or lost events.

Troubleshooting

This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.

Error type	Error ID	Error message	Cause	Solution
SetupError	100	`Authentication failed: [...]`	When asking for a token, we received an Unauthorized (401) HTTP response code.	The error details will be provided in the error message, but make sure you registered App has the right API permissions and the corect role assigned.
	101	`Unexpected status code when fetching Office365ExchangeMessageTrace JWT: [...]`	When asking for a token, we received an unsuccesful response.	The error details will be provided in the error message.
	102	`Error occurred while accessing the access_token: [...]`	An unexpected error occurred.	The error details will be provided in the error message.
InitVariablesError	0	`module_properties section does not exist on the configuration file or is empty. Contact Devo.`	This is an internal error.	Reach Devo Support.
	0	`credentials section does not exist on the configuration file or is empty`	The `credentials` section is missing from the config	Make sure it exists.
	1	`module_properties section is not a valid <dict> object. Contact Devo.`	This is an internal error.	Reach Devo Support.
	1	`credentials section is not a valid <dict> object`	The `credentials` section does not have any settings.	Make sure it has the required properties.
	2	`base_auth_url doesn't exist on the configuration file or is empty`	The `base_auth_url` is missing.	Make sure it exists and has a correct value.
	2	`base_resource_url doesn't exist on the configuration file or is empty`	The `base_resource_url` is missing.	Make sure it exists and has a correct value.
	2	`tenant_id doesn't exist on the configuration file or is empty`	The `tenant_id` is missing.	Make sure it exists and has a correct value.
	3	`base_auth_url must be an string`	The `base_auth_url` paramater has a type other than string.	Make sure it is a string and has a correct value.
	3	`base_resource_url must be an string`	The `base_resource_url` paramater has a type other than string.	Make sure it is a string and has a correct value.
	3	`tenant_id must be an string`	The `tenant_id` paramater has a type other than string.	Make sure it is a string and has a correct value.
	4	`client_id doesn't exist on the configuration file or is empty`	The `client_id` is missing.	Make sure it exists and has a correct value.
	4	`client_secret doesn't exist on the configuration file or is empty`	The `client_secret` is missing.	Make sure it exists and has a correct value.
	5	`client_id must be an string`	The `client_id` paramater has a type other than string.	Make sure it is a string and has a correct value.
	5	`client_secret must be an string`	The `client_secret` paramater has a type other than string.	Make sure it is a string and has a correct value.
	6	`base_tag doesn't exist on the configuration file or is empty`	The `base_tag` is missing.	Make sure it exists and has a correct value.
	7	`base_tag must be an string`	The `base_tag` paramater has a type other than string.	Make sure it is a string and has a correct value.
	8	`base_url doesn't exist on the configuration file or is empty`	The `base_url` is missing.	Make sure it exists and has a correct value.
	9	`base_url must be an string`	The `base_url` paramater has a type other than string.	Make sure it is a string and has a correct value.
	10	`time_delay_in_seconds doesn't exist on the configuration file or is empty`	The `time_delay_in_seconds` is missing.	Make sure it exists and has a correct value.
	11	`time_delay_in_seconds must be an string`	The `time_delay_in_seconds` paramater has a type other than string.	Make sure it is a string and has a correct value.
	12	`requests_timeout_in_seconds doesn't exist on the configuration file or is empty`	The `requests_timeout_in_seconds` is missing.	Make sure it exists and has a correct value.
	13	`requests_timeout_in_seconds is not a float instance`	The `requests_timeout_in_seconds` paramater has a type other than float.	Make sure it is a float and has a correct value.
	14	`requests_retries_before_error_in_units doesn't exist on the configuration file or is empty`	The `requests_retries_before_error_in_units` is missing.	Make sure it exists and has a correct value.
	15	`requests_retries_before_error_in_units is not an int instance`	The `requests_retries_before_error_in_units` paramater has a type other than int.	Make sure it is a int and has a correct value.
	16	`requests_wait_time_between_retries_in_seconds doesn't exist on the configuration file or is empty`	The `requests_wait_time_between_retries_in_seconds` is missing.	Make sure it exists and has a correct value.
	17	`requests_wait_time_between_retries_in_seconds is not an int instance`	The `requests_wait_time_between_retries_in_seconds` paramater has a type other than int.	Make sure it is a int and has a correct value.
	18	`Optional setting: <reset_persistence_auth> not of expected type: str`	The `time_delay_in_seconds` paramater has a type other than string.	Make sure it is a string and has a correct value.
	19	`Optional setting: <override_time_delay_in_seconds> not of expected type: int`	The `time_delay_in_seconds` paramater has a type other than integer.	Make sure it is an integer and has a correct value.
	20	`Optional setting: <override_time_delay_in_seconds> is out of range (1 to 90000)`	The `time_delay_in_seconds` paramater is out of the mentioned range.	Make sure it is inside the indicated range.

Collector operations

This section is intended to explain how to proceed with specific operations of this collector.

Verify collector operations

Initialization

The initialization module is in charge of setup and running the input (pulling logic) and output (delivering logic) services and validating the given configuration.

A successful run has the following output messages for the initializer module:

INFO MainProcess::MainThread -> {"build_time": "UNKNOWN", "os_info": "macOS-12.6.1-x86_64-i386-64bit", "collector_name": "o365_emt_collector", "collector_version": "2.0.0", "collector_owner": "integrations_factory@devo.com", "started_at": "2022-12-21T13:17:14.405816Z"}
INFO MainProcess::MainThread -> (CollectorMultiprocessingQueue) standard_queue_multiprocessing -> max_size_in_messages: 10000, max_size_in_mb: 1024, max_wrap_size_in_items: 100
INFO MainProcess::MainThread -> [OUTPUT] OutputMultiprocessingController::__init__ Configuration -> {[...]}
INFO MainProcess::MainThread -> OutputProcess - Starting thread (executing_period=300s)
INFO MainProcess::MainThread -> InputProcess - Starting thread (executing_period=300s)
INFO InputProcess::MainThread -> InputThread(office365_exchange_message,<short_unique_id>) - Starting thread (execution_period=600s)
INFO InputProcess::MainThread -> ServiceThread(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) - Starting thread (execution_period=600s)
INFO InputProcess::MainThread -> Office365ExchangeMessageTracePullerSetup(unknown,office365_exchange_message#<short_unique_id>,office365_exchange_message_service#predefined) -> Starting thread
INFO InputProcess::MainThread -> Office365ExchangeMessageTracePuller(office365_exchange_message,<short_unique_id>,office365_exchange_message_service,predefined) - Starting thread

Events delivery and Devo ingestion

The event delivery module is in charge of receiving the events from the internal queues where all events are injected by the pullers and delivering them using the selected compatible delivery method.

A successful run has the following output messages for the initializer module:

INFO OutputProcess::SyslogSenderManagerMonitor(standard_senders,sidecar_0) -> Number of available senders: 1, sender manager internal queue size: 0
INFO OutputProcess::SyslogSenderManagerMonitor(standard_senders,sidecar_0) -> enqueued_elapsed_times_in_seconds_stats: {}
INFO OutputProcess::SyslogSenderManagerMonitor(standard_senders,sidecar_0) -> Sender: SyslogSender(standard_senders,syslog_sender_0), status: {"internal_queue_size": 0, "is_connection_open": True}
INFO OutputProcess::SyslogSenderManagerMonitor(standard_senders,sidecar_0) -> Standard - Total number of messages sent: 44, messages sent since "2022-06-28 10:39:22.511671+00:00": 44 (elapsed 0.007 seconds)
INFO OutputProcess::SyslogSenderManagerMonitor(internal_senders,sidecar_0) -> Number of available senders: 1, sender manager internal queue size: 0
INFO OutputProcess::SyslogSenderManagerMonitor(internal_senders,sidecar_0) -> enqueued_elapsed_times_in_seconds_stats: {}
INFO OutputProcess::SyslogSenderManagerMonitor(internal_senders,sidecar_0) -> Sender: SyslogSender(internal_senders,syslog_sender_0), status: {"internal_queue_size": 0, "is_connection_open": True}
INFO OutputProcess::SyslogSenderManagerMonitor(internal_senders,sidecar_0) -> Internal - Total number of messages sent: 1, messages sent since "2022-06-28 10:39:22.516313+00:00": 1 (elapsed 0.019 seconds)```

By default, these information traces will be displayed every 10 minutes.

Sender services

The Integrations Factory Collector SDK has 3 different senders services depending on the event type to delivery (internal, standard, and lookup). This collector uses the following Sender Services:

Sender services	Description
`internal_senders`	In charge of delivering internal metrics to Devo such as logging traces or metrics.
`standard_senders`	In charge of delivering pulled events to Devo.

Sender statistics

Each service displays its own performance statistics that allow checking how many events have been delivered to Devo by type:

Logging trace

Description

Number of available senders: 1

Displays the number of concurrent senders available for the given Sender Service.

sender manager internal queue size: 0

Displays the items available in the internal sender queue.

Standard - Total number of messages sent: 57, messages sent since "2023-01-10 16:09:16.116750+00:00": 0 (elapsed 0.000 seconds

Displays the number of events from the last time the collector executed the pull logic. Following the given example, the following conclusions can be obtained:

57 events were sent to Devo since the collector started.
The last checkpoint timestamp was 2023-01-10 16:09:16.116750+00:00.
0 events were sent to Devo between the last UTC checkpoint and now.
Those 0 events required 0.00 seconds to be delivered.

Check memory usage

To check the memory usage of this collector, look for the following log records in the collector which are displayed every 5 minutes by default, always after running the memory-free process.

The used memory is displayed by running processes and the sum of both values will give the total used memory for the collector.
The global pressure of the available memory is displayed in the global value.
All metrics (Global, RSS, VMS) include the value before freeing and after previous -> after freeing memory

INFO InputProcess::MainThread -> [GC] global: 20.4% -> 20.4%, process: RSS(34.50MiB -> 34.08MiB), VMS(410.52MiB -> 410.02MiB)
INFO OutputProcess::MainThread -> [GC] global: 20.4% -> 20.4%, process: RSS(28.41MiB -> 28.41MiB), VMS(705.28MiB -> 705.28MiB)

Differences between RSS and VMS memory usage:

RSS is the Resident Set Size, which is the actual physical memory the process is using
VMS is the Virtual Memory Size which is the virtual memory that process is using

Enable/disable the logging debug mode

Sometimes it is necessary to activate the debug mode of the collector's logging. This debug mode increases the verbosity of the log and allows you to print execution traces that are very helpful in resolving incidents or detecting bottlenecks in heavy download processes.

To enable this option you just need to edit the configuration file and change the debug_status parameter from false to true and restart the collector.
To disable this option, you just need to update the configuration file and change the debug_status parameter from true to false and restart the collector.

For more information, visit the configuration and parameterization section corresponding to the chosen deployment mode.

Change log

Release	Released on	Release type	Recommendations
`v2.3.2`	22 Oct 2024	IMPROVEMENT BUG FIXING
`v2.3.2`	Details Improvements - Updated DC SDK from `v1.12.4` to `v1.13.1`: Bug Fixing - Fix parameters for credential requests
`v2.3.1`	17 Oct 2024	IMPROVEMENT
`v2.3.1`	Details Improvements - Add override for the default URL connection parameters `override_base_resource_url`,`override_base_auth_url` and `override_base_url`
`v2.3.0`	20 Aug 2024	IMPROVEMENT BUG FIXING
`v2.3.0`	Details Improvements Upgraded DCSDK from 1.9.2 to 1.12.4 Bug Fixing Implemented pull_pause method to fix issues with collector restart.
`v2.2.0`	11 Sep 2023	IMPROVEMENT	`Recommended version`
`v2.2.0`	Details Improvements: Upgraded DCSDK from 1.9.0 to 1.9.2 Store lookup instances into DevoSender to avoid creation of new instances for the same lookup Ensure service_config is a dict into templates Upgraded some internal dependencies Updated collector definitions with new rate limits and reverted changes to older version of collector
`v2.1.0`	21 Jul 2023	IMPROVEMENT BUG FIXING	`Update`
`v2.1.0`	Details Improvements: Upgraded DCSDK from 1.3.0 to 1.8.0 Bug fixing: Processing of special characters that the collector was not capable of doing. It has been fixed by adding the processing of non-ascii characters
`v2.0.0`	23 Dec 2022	NEW FEATURE IMPROVEMENT	`-`
`v2.0.0`	Details New features: New OAuth2 authentication method; basic authentication deprecated. New `max_historic_date_cutoff_days_back` and `max_historic_date_margins_second` parameters to customize historic pulling. Improvements: Puller setup is now handled in its own class.