Document toolboxDocument toolbox

Web application monitoring

Owned by Juan Tomás Alonso Nieto (Unlicensed)
Last updated: Jan 14, 2022
3 min read

The following set of tables can help you monitor different aspects of the web application itself. This may be useful in case you want to have a general overview of the web application normal development, extract specific information or identify abnormal situations that might require corrective measures.

siem.logtrust.web.activity

In this table, you can find detailed information about everything that happened in the current domain. You can see below the most relevant columns included in this table along with a brief explanation.

Column

Data type

Description

domain

str

Domain in which the action takes place (if the table is open in the self domain, the search extends to all domains)

username

str

User who performed the action

userId

str

Id associated with the user

sessionId

str

Session in which the action is framed

srcHost, srcPort

str, int

IP address and port from which the connection to Devo is requested

serverHost, serverPort

str, int

Server address and port through which the connection to Devo is established

type

str

Nature of the task performed

method

str

Data transfer method used

useragent

str

Web browser used to access Devo

locale

str

Language-variant combination employed by the user

country, region, city

str

Geographic location of the source connection established by the user

contentLength, responseLength

int

Number of data bytes contained in the request from the source and the response from the server

responseTime

int

Total amount of time (in milliseconds) it takes to respond to the request

Isp, org

str

Internet provider

siem.logtrust.web.navigation

In this table, you can find specific information about user activity. It contains a data structure similar to the siem.logtrust.web.activity with the difference that it includes only activity triggered by users and excludes platform and server response. You can see below the most relevant columns included in this table along with a brief explanation.

Column

Data type

Description

domain

str

Domain in which the action takes place (if the table is open in the self domain, the search extends to all domains)

userId

str

Id associated with the user

sessionId

str

Session in which the action is framed

userEmail

str

Email address employed by the user to register and log in

srcHost, srcPort

str, int

IP address and port from which the connection to Devo is requested

serverHost, serverPort

str, int

Server address and port through which the connection to Devo is established

section

str

Area of the web application the user accessed

action

str

Task performed

method

str

Data transfer method used

useragent

str

Web browser used to access Devo

locale

str

Language-variant combination employed by the user

country, region, city

str

Geographic location of the source connection established by the user

contentLength, responseLength

int

Number of data bytes contained in the request from the source and the response from the server

responseTime

int

Total amount of time (in milliseconds) it takes to respond to the request

Isp, org

str

Internet provider

siem.logtrust.web.info

In this table, you can find information about the development of the web application. It can be used to analyze the different events that take place in the platform to have an overview of the global situation. You can see below the most relevant columns included in this table along with a brief explanation.

Column

Data type

Description

level

str

Level of importance or urgency of the event

  • info → Messages for both end-users and system administrators to indicate the progress of the application
  • warn → Potentially harmful situations to end-users or system administrators
  • error → Events of great importance that threaten the normal development of the application

domain

str

Domain in which the event occurred (if the table is open in the self domain, the search extends to all domains)

userId

str

Id associated with the user

sessionId

str

Session in which the action is framed

message

str

Full text describing the nature and content of the error

siem.logtrust.web.error

In this table, you can find information about the errors that occurred in the web application. It can be used to analyze common errors to possibly identify the cause. It is very similar to the siem.logtrust.web.info table with the difference that it includes only events that contain errors and excludes the rest of the levels. You can see below the most relevant columns included in this table along with a brief explanation.

Column

Data type

Description

level

str

Level of importance or urgency of the event (in this case only error)

domain

str

Domain in which the error occurred (if the table is open in the self domain, the search extends to all domains)

userId

str

Id associated with the user

sessionId

str

Session in which the action is framed

message

str

Full text describing the nature and content of the error