Cato SASE collector

[ 1 Overview ] [ 2 Devo collector features ] [ 3 Data sources ] [ 4 Flattening preprocessing ] [ 5 Minimum configuration required for basic pulling ] [ 6 Accepted authentication methods ] [ 7 Run the collector ] [ 8 Collector services detail ] [ 9 Collector operations ] [ 10 Change log ]

Overview

Cato SASE enables customers to be ready for whatever comes next. Cato achieves this transformational impact by partnering with customers to change the ownership model of IT infrastructure from "own it" to "use it".

Devo collector features

Feature	Details

Feature	Details
Allow parallel downloading (`multipod`)	`not allowed`
Running environments	`collector server` `on-premise`
Populated Devo events	`table`
Flattening preprocessing	`no`
Requires IP Whitelisting	`yes`

Data sources

Data source	Description	GraphQL query	Collector service name	Devo table	Available from

Data source	Description	GraphQL query	Collector service name	Devo table	Available from
`Security`	Get all the Security event type	`{ eventsFeed( accountIDs: [$accountIDs] marker: $marker filters: [{ fieldName: event_type, operator: is, values: ["Security"] }] ) { marker fetchedCount accounts { records { time fieldsMap } } } }`	`sase_security`	`sase.cato.security.{event_sub_type}`	`v1.0.0`
`Connectivity`	Get all the Connectivity event type	`{ eventsFeed( accountIDs: [$accountIDs] marker: $marker filters: [{ fieldName: event_type, operator: is, values: ["Connectivity"] }] ) { marker fetchedCount accounts { records { time fieldsMap } } } }`	`sase_connectivity`	`sase.cato.connectivity.{event_sub_type}`	`v1.0.0`
`Routing`	Get all the Security event type	`{ eventsFeed( accountIDs: [$accountIDs] marker: $marker filters: [{ fieldName: event_type, operator: is, values: ["Routing"] }] ) { marker fetchedCount accounts { records { time fieldsMap } } } }`	`sase_routing`	`sase.cato.routing.{event_sub_type}`	`v1.0.0`
`Sockets Management`	Get all the Sockets Management event type	`{ eventsFeed( accountIDs: [$accountIDs] marker: $marker filters: [ { fieldName: event_type, operator: is, values: ["Sockets Management"] } ] ) { marker fetchedCount accounts { records { time fieldsMap } } } }`	`sase_sockets_management`	`sase.cato.sockets_management.{event_sub_type}`	`v1.0.0`
`System`	Get all the System event type	`{ eventsFeed( accountIDs: [$accountIDs] marker: $marker filters: [{ fieldName: event_type, operator: is, values: ["System"] }] ) { marker fetchedCount accounts { records { time fieldsMap } } } }`	`sase_system`	`sase.cato.system.{event_sub_type}`	`v1.0.0`

For more information on how the events are parsed, visit our page.

Flattening preprocessing

Data source	Collector service	Optional	Flattening details

Data source	Collector service	Optional	Flattening details
`Security`	`sase_security`	`yes`	not required
`Connectivity`	`sase_connectivity`	`yes`	not required
`Routing`	`sase_routing` (beta)	`yes`	not required
`Sockets Management`	`sase_sockets_management` (beta)	`yes`	not required
`System`	`sase_system` (beta)	`yes`	not required

Minimum configuration required for basic pulling

Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.

This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.

Setting	Details

Setting	Details
`x-api-key`	The API Key for CATO API.
`account_id`	The account ID for CATO API.

See the Accepted authentication methods section to verify what settings are required based on the desired authentication method.

Accepted authentication methods

Authentication method	x-api-key	account_id

Authentication method	x-api-key	account_id
`credentials`	status:REQUIRED	status:REQUIRED

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Collector services detail

This section is intended to explain how to proceed with specific actions for services.

Beta services

Services sase_system, sase_sockets_management and sase_routing are in beta.

sase_security

Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.

This service has the following components:

Component	Description

Component	Description
Setup	The setup module is in charge of authenticating the service and managing the token expiration when needed.
Puller	The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.

Setup output

A successful run has the following output messages for the setup module:

2024-06-20T12:03:46.296    INFO OutputProcess::MainThread -> Process started
2024-06-20T12:03:46.298    INFO MainProcess::MainThread -> Started all object from "MainProcess" process
2024-06-20T12:03:46.298    INFO InputProcess::MainThread -> Process Started
2024-06-20T12:03:46.320    INFO InputProcess::MainThread -> CatoSaseBasePuller(cato_sase,12345,sase_security,predefined) Starting the execution of init_variables()
2024-06-20T12:03:46.321    INFO InputProcess::MainThread -> Validating service metadata
2024-06-20T12:03:46.322    INFO InputProcess::MainThread -> Validating defined module definition
2024-06-20T12:03:46.323    INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread
2024-06-20T12:03:46.323    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T12:03:46.323    INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T12:03:46.324    INFO InputProcess::MainThread -> Validating common input config
2024-06-20T12:03:46.324    INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputStandardConsumer(standard_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread
2024-06-20T12:03:46.324    INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(standard_senders,manager,devo_1) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.324    INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(lookup_senders,manager,devo_1) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread
2024-06-20T12:03:46.324    INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputLookupConsumer(lookup_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T12:03:46.325    INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread
2024-06-20T12:03:46.325    INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(internal_senders,manager,devo_1) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Validating service input config
2024-06-20T12:03:46.325    INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputInternalConsumer(internal_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Running overriding rules
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Validating the rate limiter config given by the user
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> <requests_limits> setting has not been defined. The generic settings will be used instead.
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Adding raw config to the collector store
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Running custom validation rules
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> CatoSaseBasePuller(cato_sase,12345,sase_security,predefined) Finalizing the execution of init_variables()
2024-06-20T12:03:46.326    INFO InputProcess::MainThread -> InputThread(cato_sase,12345) - Starting thread (execution_period=60s)
2024-06-20T12:03:46.327    INFO InputProcess::MainThread -> ServiceThread(cato_sase,12345,sase_security,predefined) - Starting thread (execution_period=60s)
2024-06-20T12:03:46.327    INFO InputProcess::MainThread -> CatoSaseBasePullerSetup(cato_sase_collector,cato_sase#12345,sase_security#predefined) -> Starting thread
2024-06-20T12:03:46.327    INFO InputProcess::MainThread -> CatoSaseBasePuller(cato_sase,12345,sase_security,predefined) - Starting thread
2024-06-20T12:03:46.327 WARNING InputProcess::CatoSaseBasePullerSetup(cato_sase_collector,cato_sase#12345,sase_security#predefined) -> The token/header/authentication has not been created yet
2024-06-20T12:03:46.328 WARNING InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_security,predefined) -> Waiting until setup will be executed
2024-06-20T12:03:46.338    INFO OutputProcess::MainThread -> [GC] global: 37.7% -> 37.8%, process: RSS(41.24MiB -> 42.62MiB), VMS(928.44MiB -> 928.44MiB)
2024-06-20T12:03:46.342    INFO InputProcess::MainThread -> [GC] global: 37.7% -> 37.8%, process: RSS(41.54MiB -> 41.54MiB), VMS(496.17MiB -> 496.17MiB)
2024-06-20T12:03:46.864    INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Created a sender: {"name": "DevoSender(internal_senders,devo_sender_0)", "url": "collector-eu.devo.io:443", "chain_path": "/home/md_tausif/gitlab/devo-collector-cato/certs/chain.crt", "cert_path": "/home/md_tausif/gitlab/devo-collector-cato/certs/int-if-integrations-india.crt", "key_path": "/home/md_tausif/gitlab/devo-collector-cato/certs/int-if-integrations-india.key", "transport_layer_type": "SSL", "last_usage_timestamp": null, "socket_status": null}, hostname: "2023-apac-0046", session_id: "137487836937952"
2024-06-20T12:03:48.700    INFO InputProcess::CatoSaseBasePullerSetup(cato_sase_collector,cato_sase#12345,sase_security#predefined) -> Setup for module <CatoSaseBasePuller> has been successfully executed

Puller output

A successful initial run has the following output messages for the puller module:

Note that the PrePull action is executed only one time before the first run of the Pull action.

2024-06-20T12:03:49.338    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_security,predefined) -> Pull Started
2024-06-20T12:03:55.758    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_security,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1718865229332):Number of requests made: 1; Number of events received: 36; Number of duplicated events filtered out: 0; Number of events generated and sent: 0; Average of events per second: 0.000.
2024-06-20T12:03:55.759    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_security,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1718865229332):Number of requests made: 1; Number of events received: 36; Number of duplicated events filtered out: 0; Number of events generated and sent: 0; Average of events per second: 0.000.

After a successful collector’s execution (that is, no error logs found), you will see the following log message:

2024-06-20T12:03:55.759    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_security,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1718865229332):Number of requests made: 1; Number of events received: 36; Number of duplicated events filtered out: 0; Number of events generated and sent: 0; Average of events per second: 0.000.

The value @devo_pulling_id is injected in each event to group all events ingested by the same pull action. You can use it to get the exact events downloaded in that Pull action in Devo’s search window.

This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:

Edit the configuration file.
Change the value of the request_period_in_seconds parameter to a different one.
Save the changes.
Restart the collector.

The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.

Note that this action clears the persistence and cannot be recovered in any way. Resetting persistence could result in duplicate or lost events.

This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.

Error type	Error ID	Error message	Cause	Solution

Error type	Error ID	Error message	Cause	Solution
`SetupError`	`100`	HTTP Error occurred while retrieving events from CATO server: summary `{error_message} {details}`	Error occurred on the CATO server.	In this error you will find the HTTP error code as well as the summary and details.
	`101`	Some error occurred while retrieving events from the CATO server. Error details `{error}`	Some error while retrieving the events from CATO server.	Please provide the error details
	`102`	Credentials provided are not correct	`x-api-key` or `account_id` provided is not correct	Please provide the correct `x-api-key` and `account_id`.
`PullError`	`300`	HTTP Error occurred while retrieving events from CATO server: summary `{error_message} {details}`	This error happens when the collector tries to fetch the data from API.	In this error you will find the HTTP error code as well as the summary and details.
`PullError`	`301`	Some error occurred while retrieving events from CATO server. Error details: `{details}`	Some exceptions occurred while making the API request.	Reach out to the developer with the exact error message.

sase_system (beta)

Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.

This service has the following components:

Component	Description

Component	Description
Setup	The setup module is in charge of authenticating the service and managing the token expiration when needed.
Puller	The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.

Setup output

A successful run has the following output messages for the setup module:

2024-06-20T12:03:46.296    INFO OutputProcess::MainThread -> Process started
2024-06-20T12:03:46.298    INFO MainProcess::MainThread -> Started all object from "MainProcess" process
2024-06-20T12:03:46.298    INFO InputProcess::MainThread -> Process Started
2024-06-20T12:03:46.320    INFO InputProcess::MainThread -> CatoSaseBasePuller(cato_sase,12345,sase_system,predefined) Starting the execution of init_variables()
2024-06-20T12:03:46.321    INFO InputProcess::MainThread -> Validating service metadata
2024-06-20T12:03:46.322    INFO InputProcess::MainThread -> Validating defined module definition
2024-06-20T12:03:46.323    INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread
2024-06-20T12:03:46.323    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T12:03:46.323    INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T12:03:46.324    INFO InputProcess::MainThread -> Validating common input config
2024-06-20T12:03:46.324    INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputStandardConsumer(standard_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread
2024-06-20T12:03:46.324    INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(standard_senders,manager,devo_1) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.324    INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(lookup_senders,manager,devo_1) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread
2024-06-20T12:03:46.324    INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputLookupConsumer(lookup_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T12:03:46.325    INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread
2024-06-20T12:03:46.325    INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(internal_senders,manager,devo_1) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Validating service input config
2024-06-20T12:03:46.325    INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputInternalConsumer(internal_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Running overriding rules
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Validating the rate limiter config given by the user
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> <requests_limits> setting has not been defined. The generic settings will be used instead.
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Adding raw config to the collector store
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Running custom validation rules
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> CatoSaseBasePuller(cato_sase,12345,sase_system,predefined) Finalizing the execution of init_variables()
2024-06-20T12:03:46.326    INFO InputProcess::MainThread -> InputThread(cato_sase,12345) - Starting thread (execution_period=60s)
2024-06-20T12:03:46.327    INFO InputProcess::MainThread -> ServiceThread(cato_sase,12345,sase_system,predefined) - Starting thread (execution_period=60s)
2024-06-20T12:03:46.327    INFO InputProcess::MainThread -> CatoSaseBasePullerSetup(cato_sase_collector,cato_sase#12345,sase_system#predefined) -> Starting thread
2024-06-20T12:03:46.327    INFO InputProcess::MainThread -> CatoSaseBasePuller(cato_sase,12345,sase_system,predefined) - Starting thread
2024-06-20T12:03:46.327 WARNING InputProcess::CatoSaseBasePullerSetup(cato_sase_collector,cato_sase#12345,sase_system#predefined) -> The token/header/authentication has not been created yet
2024-06-20T12:03:46.328 WARNING InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_system,predefined) -> Waiting until setup will be executed
2024-06-20T12:03:46.338    INFO OutputProcess::MainThread -> [GC] global: 37.7% -> 37.8%, process: RSS(41.24MiB -> 42.62MiB), VMS(928.44MiB -> 928.44MiB)
2024-06-20T12:03:46.342    INFO InputProcess::MainThread -> [GC] global: 37.7% -> 37.8%, process: RSS(41.54MiB -> 41.54MiB), VMS(496.17MiB -> 496.17MiB)
2024-06-20T12:03:46.864    INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Created a sender: {"name": "DevoSender(internal_senders,devo_sender_0)", "url": "collector-eu.devo.io:443", "chain_path": "/home/md_tausif/gitlab/devo-collector-cato/certs/chain.crt", "cert_path": "/home/md_tausif/gitlab/devo-collector-cato/certs/int-if-integrations-india.crt", "key_path": "/home/md_tausif/gitlab/devo-collector-cato/certs/int-if-integrations-india.key", "transport_layer_type": "SSL", "last_usage_timestamp": null, "socket_status": null}, hostname: "2023-apac-0046", session_id: "137487836937952"
2024-06-20T12:03:48.700    INFO InputProcess::CatoSaseBasePullerSetup(cato_sase_collector,cato_sase#12345,sase_system#predefined) -> Setup for module <CatoSaseBasePuller> has been successfully executed

Puller output

A successful initial run has the following output messages for the puller module:

Note that the PrePull action is executed only one time before the first run of the Pull action.

2024-06-20T12:03:49.338    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_system,predefined) -> Pull Started
2024-06-20T12:03:55.758    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_system,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1718865229332):Number of requests made: 1; Number of events received: 36; Number of duplicated events filtered out: 0; Number of events generated and sent: 0; Average of events per second: 0.000.
2024-06-20T12:03:55.759    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_system,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1718865229332):Number of requests made: 1; Number of events received: 0; Number of duplicated events filtered out: 0; Number of events generated and sent: 0; Average of events per second: 0.000.After a successful collector’s execution (that is, no error logs found), you will see the following log message:

After a successful collector’s execution (that is, no error logs found), you will see the following log message:

2024-06-20T12:03:55.759    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_sockets_management,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1718865229332):Number of requests made: 1; Number of events received: 0; Number of duplicated events filtered out: 0; Number of events generated and sent: 0; Average of events per second: 0.000.

The value @devo_pulling_id is injected in each event to group all events ingested by the same pull action. You can use it to get the exact events downloaded in that Pull action in Devo’s search window.

This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:

Edit the configuration file.
Change the value of the request_period_in_seconds parameter to a different one.
Save the changes.
Restart the collector.

The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.

Note that this action clears the persistence and cannot be recovered in any way. Resetting persistence could result in duplicate or lost events.

This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.

Error type	Error ID	Error message	Cause	Solution

Error type	Error ID	Error message	Cause	Solution
`SetupError`	`100`	HTTP Error occurred while retrieving events from CATO server: summary `{error_message} {details}`	Error occurred on the CATO server.	In this error you will find the HTTP error code as well as the summary and details.
	`101`	Some error occurred while retrieving events from the CATO server. Error details `{error}`	Some error while retrieving the events from CATO server.	Please provide the error details
	`102`	Credentials provided are not correct	`x-api-key` or `account_id` provided is not correct	Please provide the correct `x-api-key` and `account_id`.
`PullError`	`300`	HTTP Error occurred while retrieving events from CATO server: summary `{error_message} {details}`	This error happens when the collector tries to fetch the data from API.	In this error you will find the HTTP error code as well as the summary and details.
`PullError`	`301`	Some error occurred while retrieving events from CATO server. Error details: `{details}`	Some exceptions occurred while making the API request.	Reach out to the developer with the exact error message.

sase_routing (beta)

Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.

This service has the following components:

Component	Description

Component	Description
Setup	The setup module is in charge of authenticating the service and managing the token expiration when needed.
Puller	The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.

Setup output

A successful run has the following output messages for the setup module:

2024-06-20T12:03:47.296    INFO OutputProcess::MainThread -> Process started
2024-06-20T12:03:47.298    INFO MainProcess::MainThread -> Started all object from "MainProcess" process
2024-06-20T12:03:47.298    INFO InputProcess::MainThread -> Process Started
2024-06-20T12:03:47.270    INFO InputProcess::MainThread -> CatoSaseBasePuller(cato_sase,12345,sase_routing,predefined) Starting the execution of init_variables()
2024-06-20T12:03:47.271    INFO InputProcess::MainThread -> Validating service metadata
2024-06-20T12:03:47.272    INFO InputProcess::MainThread -> Validating defined module definition
2024-06-20T12:03:47.273    INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread
2024-06-20T12:03:47.273    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T12:03:47.273    INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread
2024-06-20T12:03:47.274    INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread
2024-06-20T12:03:47.274    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T12:03:47.274    INFO InputProcess::MainThread -> Validating common input config
2024-06-20T12:03:47.274    INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputStandardConsumer(standard_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T12:03:47.274    INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread
2024-06-20T12:03:47.274    INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(standard_senders,manager,devo_1) -> Nothing retrieved from the persistence.
2024-06-20T12:03:47.274    INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(lookup_senders,manager,devo_1) -> Nothing retrieved from the persistence.
2024-06-20T12:03:47.274    INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread
2024-06-20T12:03:47.274    INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputLookupConsumer(lookup_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T12:03:47.274    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T12:03:47.275    INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread
2024-06-20T12:03:47.275    INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(internal_senders,manager,devo_1) -> Nothing retrieved from the persistence.
2024-06-20T12:03:47.275    INFO InputProcess::MainThread -> Validating service input config
2024-06-20T12:03:47.275    INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputInternalConsumer(internal_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T12:03:47.275    INFO InputProcess::MainThread -> Running overriding rules
2024-06-20T12:03:47.275    INFO InputProcess::MainThread -> Validating the rate limiter config given by the user
2024-06-20T12:03:47.275    INFO InputProcess::MainThread -> <requests_limits> setting has not been defined. The generic settings will be used instead.
2024-06-20T12:03:47.275    INFO InputProcess::MainThread -> Adding raw config to the collector store
2024-06-20T12:03:47.275    INFO InputProcess::MainThread -> Running custom validation rules
2024-06-20T12:03:47.275    INFO InputProcess::MainThread -> CatoSaseBasePuller(cato_sase,12345,sase_routing,predefined) Finalizing the execution of init_variables()
2024-06-20T12:03:47.276    INFO InputProcess::MainThread -> InputThread(cato_sase,12345) - Starting thread (execution_period=60s)
2024-06-20T12:03:47.277    INFO InputProcess::MainThread -> ServiceThread(cato_sase,12345,sase_routing,predefined) - Starting thread (execution_period=60s)
2024-06-20T12:03:47.277    INFO InputProcess::MainThread -> CatoSaseBasePullerSetup(cato_sase_collector,cato_sase#12345,sase_routing#predefined) -> Starting thread
2024-06-20T12:03:47.277    INFO InputProcess::MainThread -> CatoSaseBasePuller(cato_sase,12345,sase_routing,predefined) - Starting thread
2024-06-20T12:03:47.277 WARNING InputProcess::CatoSaseBasePullerSetup(cato_sase_collector,cato_sase#12345,sase_routing#predefined) -> The token/header/authentication has not been created yet
2024-06-20T12:03:47.278 WARNING InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_routing,predefined) -> Waiting until setup will be executed
2024-06-20T12:03:47.338    INFO OutputProcess::MainThread -> [GC] global: 37.7% -> 37.8%, process: RSS(41.24MiB -> 42.62MiB), VMS(928.44MiB -> 928.44MiB)
2024-06-20T12:03:47.342    INFO InputProcess::MainThread -> [GC] global: 37.7% -> 37.8%, process: RSS(41.54MiB -> 41.54MiB), VMS(496.17MiB -> 496.17MiB)
2024-06-20T12:03:47.864    INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Created a sender: {"name": "DevoSender(internal_senders,devo_sender_0)", "url": "collector-eu.devo.io:443", "chain_path": "/home/md_tausif/gitlab/devo-collector-cato/certs/chain.crt", "cert_path": "/home/md_tausif/gitlab/devo-collector-cato/certs/int-if-integrations-india.crt", "key_path": "/home/md_tausif/gitlab/devo-collector-cato/certs/int-if-integrations-india.key", "transport_layer_type": "SSL", "last_usage_timestamp": null, "socket_status": null}, hostname: "2023-apac-0046", session_id: "137487836937952"
2024-06-20T12:03:49.700    INFO InputProcess::CatoSaseBasePullerSetup(cato_sase_collector,cato_sase#12345,sase_routing#predefined) -> Setup for module <CatoSaseBasePuller> has been successfully executed

Puller output

A successful initial run has the following output messages for the puller module:

Note that the PrePull action is executed only one time before the first run of the Pull action.

2024-06-20T12:03:49.338    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_routing,predefined) -> Pull Started
2024-06-20T12:03:55.758    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_routing,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1718865229332):Number of requests made: 1; Number of events received: 36; Number of duplicated events filtered out: 0; Number of events generated and sent: 0; Average of events per second: 0.000.
2024-06-20T12:03:55.759    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_routing,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1718865229332):Number of requests made: 1; Number of events received: 0; Number of duplicated events filtered out: 0; Number of events generated and sent: 0; Average of events per second: 0.000.

After a successful collector’s execution (that is, no error logs found), you will see the following log message:

2024-06-20T12:03:55.759    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_routing,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1718865229332):Number of requests made: 1; Number of events received: 0; Number of duplicated events filtered out: 0; Number of events generated and sent: 0; Average of events per second: 0.000.

The value @devo_pulling_id is injected in each event to group all events ingested by the same pull action. You can use it to get the exact events downloaded in that Pull action in Devo’s search window.

This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:

Edit the configuration file.
Change the value of the request_period_in_seconds parameter to a different one.
Save the changes.
Restart the collector.

The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.

Note that this action clears the persistence and cannot be recovered in any way. Resetting persistence could result in duplicate or lost events.

This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.

Error type	Error ID	Error message	Cause	Solution

Error type	Error ID	Error message	Cause	Solution
`SetupError`	`100`	HTTP Error occurred while retrieving events from CATO server: summary `{error_message} {details}`	Error occurred on the CATO server.	In this error you will find the HTTP error code as well as the summary and details.
	`101`	Some error occurred while retrieving events from the CATO server. Error details `{error}`	Some error while retrieving the events from CATO server.	Please provide the error details
	`102`	Credentials provided are not correct	`x-api-key` or `account_id` provided is not correct	Please provide the correct `x-api-key` and `account_id`.
`PullError`	`300`	HTTP Error occurred while retrieving events from CATO server: summary `{error_message} {details}`	This error happens when the collector tries to fetch the data from API.	In this error you will find the HTTP error code as well as the summary and details.
`PullError`	`301`	Some error occurred while retrieving events from CATO server. Error details: `{details}`	Some exceptions occurred while making the API request.	Reach out to the developer with the exact error message.

sase_sockets_management (beta)

Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.

This service has the following components:

Component	Description

Component	Description
Setup	The setup module is in charge of authenticating the service and managing the token expiration when needed.
Puller	The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.

Setup output

A successful run has the following output messages for the setup module:

2024-06-20T12:03:46.296    INFO OutputProcess::MainThread -> Process started
2024-06-20T12:03:46.298    INFO MainProcess::MainThread -> Started all object from "MainProcess" process
2024-06-20T12:03:46.298    INFO InputProcess::MainThread -> Process Started
2024-06-20T12:03:46.320    INFO InputProcess::MainThread -> CatoSaseBasePuller(cato_sase,12345,sase_system,predefined) Starting the execution of init_variables()
2024-06-20T12:03:46.321    INFO InputProcess::MainThread -> Validating service metadata
2024-06-20T12:03:46.322    INFO InputProcess::MainThread -> Validating defined module definition
2024-06-20T12:03:46.323    INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread
2024-06-20T12:03:46.323    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T12:03:46.323    INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T12:03:46.324    INFO InputProcess::MainThread -> Validating common input config
2024-06-20T12:03:46.324    INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputStandardConsumer(standard_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread
2024-06-20T12:03:46.324    INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(standard_senders,manager,devo_1) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.324    INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(lookup_senders,manager,devo_1) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread
2024-06-20T12:03:46.324    INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputLookupConsumer(lookup_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.324    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T12:03:46.325    INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread
2024-06-20T12:03:46.325    INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(internal_senders,manager,devo_1) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Validating service input config
2024-06-20T12:03:46.325    INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputInternalConsumer(internal_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Running overriding rules
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Validating the rate limiter config given by the user
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> <requests_limits> setting has not been defined. The generic settings will be used instead.
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Adding raw config to the collector store
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> Running custom validation rules
2024-06-20T12:03:46.325    INFO InputProcess::MainThread -> CatoSaseBasePuller(cato_sase,12345,sase_system,predefined) Finalizing the execution of init_variables()
2024-06-20T12:03:46.326    INFO InputProcess::MainThread -> InputThread(cato_sase,12345) - Starting thread (execution_period=60s)
2024-06-20T12:03:46.327    INFO InputProcess::MainThread -> ServiceThread(cato_sase,12345,sase_system,predefined) - Starting thread (execution_period=60s)
2024-06-20T12:03:46.327    INFO InputProcess::MainThread -> CatoSaseBasePullerSetup(cato_sase_collector,cato_sase#12345,sase_system#predefined) -> Starting thread
2024-06-20T12:03:46.327    INFO InputProcess::MainThread -> CatoSaseBasePuller(cato_sase,12345,sase_system,predefined) - Starting thread
2024-06-20T12:03:46.327 WARNING InputProcess::CatoSaseBasePullerSetup(cato_sase_collector,cato_sase#12345,sase_system#predefined) -> The token/header/authentication has not been created yet
2024-06-20T12:03:46.328 WARNING InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_system,predefined) -> Waiting until setup will be executed
2024-06-20T12:03:46.338    INFO OutputProcess::MainThread -> [GC] global: 37.7% -> 37.8%, process: RSS(41.24MiB -> 42.62MiB), VMS(928.44MiB -> 928.44MiB)
2024-06-20T12:03:46.342    INFO InputProcess::MainThread -> [GC] global: 37.7% -> 37.8%, process: RSS(41.54MiB -> 41.54MiB), VMS(496.17MiB -> 496.17MiB)
2024-06-20T12:03:46.864    INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Created a sender: {"name": "DevoSender(internal_senders,devo_sender_0)", "url": "collector-eu.devo.io:443", "chain_path": "/home/md_tausif/gitlab/devo-collector-cato/certs/chain.crt", "cert_path": "/home/md_tausif/gitlab/devo-collector-cato/certs/int-if-integrations-india.crt", "key_path": "/home/md_tausif/gitlab/devo-collector-cato/certs/int-if-integrations-india.key", "transport_layer_type": "SSL", "last_usage_timestamp": null, "socket_status": null}, hostname: "2023-apac-0046", session_id: "137487836937952"
2024-06-20T12:03:48.700    INFO InputProcess::CatoSaseBasePullerSetup(cato_sase_collector,cato_sase#12345,sase_system#predefined) -> Setup for module <CatoSaseBasePuller> has been successfully executed

Puller output

A successful initial run has the following output messages for the puller module:

Note that the PrePull action is executed only one time before the first run of the Pull action.

2024-06-20T12:03:49.338    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_sockets_management,predefined) -> Pull Started
2024-06-20T12:03:55.758    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_sockets_management,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1718865229332):Number of requests made: 1; Number of events received: 36; Number of duplicated events filtered out: 0; Number of events generated and sent: 0; Average of events per second: 0.000.
2024-06-20T12:03:55.759    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_sockets_management,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1718865229332):Number of requests made: 1; Number of events received: 36; Number of duplicated events filtered out: 0; Number of events generated and sent: 0; Average of events per second: 0.000.

After a successful collector’s execution (that is, no error logs found), you will see the following log message:

2024-06-20T12:03:55.759    INFO InputProcess::CatoSaseBasePuller(cato_sase,12345,sase_sockets_management,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1718865229332):Number of requests made: 1; Number of events received: 36; Number of duplicated events filtered out: 0; Number of events generated and sent: 0; Average of events per second: 0.000.

The value @devo_pulling_id is injected in each event to group all events ingested by the same pull action. You can use it to get the exact events downloaded in that Pull action in Devo’s search window.

This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:

Edit the configuration file.
Change the value of the request_period_in_seconds parameter to a different one.
Save the changes.
Restart the collector.

The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.

Note that this action clears the persistence and cannot be recovered in any way. Resetting persistence could result in duplicate or lost events.

This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.

Error type	Error ID	Error message	Cause	Solution

Error type	Error ID	Error message	Cause	Solution
`SetupError`	`100`	HTTP Error occurred while retrieving events from CATO server: summary `{error_message} {details}`	Error occurred on the CATO server.	In this error you will find the HTTP error code as well as the summary and details.
	`101`	Some error occurred while retrieving events from the CATO server. Error details `{error}`	Some error while retrieving the events from CATO server.	Please provide the error details
	`102`	Credentials provided are not correct	`x-api-key` or `account_id` provided is not correct	Please provide the correct `x-api-key` and `account_id`.
`PullError`	`300`	HTTP Error occurred while retrieving events from CATO server: summary `{error_message} {details}`	This error happens when the collector tries to fetch the data from API.	In this error you will find the HTTP error code as well as the summary and details.
`PullError`	`301`	Some error occurred while retrieving events from CATO server. Error details: `{details}`	Some exceptions occurred while making the API request.	Reach out to the developer with the exact error message.

Collector operations

This section is intended to explain how to proceed with specific operations of this collector.

Initialization

The initialization module is in charge of setup and running the input (pulling logic) and output (delivering logic) services and validating the given configuration.

A successful run has the following output messages for the initializer module:

2024-06-20T14:07:31.441    INFO MainProcess::MainThread -> Initialized all object from "MainProcess" process
2024-06-20T14:07:31.441    INFO MainProcess::MainThread -> OutputProcess - Starting thread (executing_period=120s)
2024-06-20T14:07:31.442    INFO MainProcess::MainThread -> InputProcess - Starting thread (executing_period=120s)
2024-06-20T14:07:31.442    INFO OutputProcess::MainThread -> Process started
2024-06-20T14:07:31.444    INFO MainProcess::MainThread -> Started all object from "MainProcess" process
2024-06-20T14:07:31.444    INFO InputProcess::MainThread -> Process Started
2024-06-20T14:07:31.468    INFO InputProcess::MainThread -> CatoSaseBasePuller(cato_sase,12345,sase_connectivity,predefined) Starting the execution of init_variables()
2024-06-20T14:07:31.468    INFO InputProcess::MainThread -> Validating service metadata
2024-06-20T14:07:31.470    INFO InputProcess::MainThread -> Validating defined module definition
2024-06-20T14:07:31.471    INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread
2024-06-20T14:07:31.471    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T14:07:31.472    INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread
2024-06-20T14:07:31.472    INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread
2024-06-20T14:07:31.472    INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(standard_senders,manager,devo_1) -> Nothing retrieved from the persistence.
2024-06-20T14:07:31.472    INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputStandardConsumer(standard_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T14:07:31.473    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T14:07:31.473    INFO InputProcess::MainThread -> Validating common input config
2024-06-20T14:07:31.473    INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread
2024-06-20T14:07:31.473    INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread
2024-06-20T14:07:31.473    INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)
2024-06-20T14:07:31.473    INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputLookupConsumer(lookup_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T14:07:31.474    INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread
2024-06-20T14:07:31.474    INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputInternalConsumer(internal_senders_consumer_0) -> Nothing retrieved from the persistence.
2024-06-20T14:07:31.474    INFO InputProcess::MainThread -> Validating service input config
2024-06-20T14:07:31.475    INFO InputProcess::MainThread -> Running overriding rules
2024-06-20T14:07:31.475    INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(lookup_senders,manager,devo_1) -> Nothing retrieved from the persistence.
2024-06-20T14:07:31.475    INFO InputProcess::MainThread -> Validating the rate limiter config given by the user
2024-06-20T14:07:31.475    INFO InputProcess::MainThread -> <requests_limits> setting has not been defined. The generic settings will be used instead.
2024-06-20T14:07:31.475    INFO InputProcess::MainThread -> Adding raw config to the collector store
2024-06-20T14:07:31.476    INFO InputProcess::MainThread -> Running custom validation rules
2024-06-20T14:07:31.476    INFO InputProcess::MainThread -> CatoSaseBasePuller(cato_sase,12345,sase_connectivity,predefined) Finalizing the execution of init_variables()Events delivery and Devo ingestion

Events delivery and Devo ingestion

The event delivery module is in charge of receiving the events from the internal queues where all events are injected by the pullers and delivering them using the selected compatible delivery method.

A successful run has the following output messages for the initializer module:

2024-06-24T11:03:22.218    INFO OutputProcess::DevoSenderManagerMonitor(standard_senders,devo_1) -> Number of available senders: 1, sender manager internal queue size: 0
2024-06-24T11:03:22.218    INFO OutputProcess::DevoSenderManagerMonitor(standard_senders,devo_1) -> enqueued_elapsed_times_in_seconds_stats: {}
2024-06-24T11:03:22.218    INFO OutputProcess::DevoSenderManagerMonitor(standard_senders,devo_1) -> Sender: DevoSender(standard_senders,devo_sender_0), status: {"internal_queue_size": 0, "is_connection_open": True}
2024-06-24T11:03:22.218    INFO OutputProcess::DevoSenderManagerMonitor(standard_senders,devo_1) -> Standard - Total number of messages: 74396 messages/bytes sent since/to "2024-06-24T05:28:22.213274+00:00/2024-06-24T05:33:22.218746+00:00": 74396/92400433, (elapsed 44.798 seconds)
2024-06-24T11:03:22.219    INFO OutputProcess::DevoSenderManagerMonitor(standard_senders,devo_1) -> Output metric sent
2024-06-24T11:03:22.219    INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_1) -> Number of available senders: 1, sender manager internal queue size: 0
2024-06-24T11:03:22.219    INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_1) -> enqueued_elapsed_times_in_seconds_stats: {}
2024-06-24T11:03:22.220    INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_1) -> Sender: DevoSender(lookup_senders,devo_sender_0), status: {"internal_queue_size": 0, "is_connection_open": False}
2024-06-24T11:03:22.220    INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_1) -> Lookup - Total number of messages sent: 0, messages sent since "2024-06-24 05:28:22.215167+00:00": 0 (elapsed 0.000 seconds)
2024-06-24T11:03:22.222    INFO OutputProcess::DevoSenderManagerMonitor(internal_senders,devo_1) -> Number of available senders: 1, sender manager internal queue size: 0
2024-06-24T11:03:22.222    INFO OutputProcess::DevoSenderManagerMonitor(internal_senders,devo_1) -> enqueued_elapsed_times_in_seconds_stats: {}
2024-06-24T11:03:22.222    INFO OutputProcess::DevoSenderManagerMonitor(internal_senders,devo_1) -> Sender: DevoSender(internal_senders,devo_sender_0), status: {"internal_queue_size": 0, "is_connection_open": True}
2024-06-24T11:03:22.223    INFO OutputProcess::DevoSenderManagerMonitor(internal_senders,devo_1) -> Internal - Total number of messages: 109 messages/bytes sent since/to "2024-06-24T05:28:22.216823+00:00/2024-06-24T05:33:22.223047+00:00": 109/52493, (elapsed 0.496 seconds)
2024-06-24T11:03:22.228    INFO InputProcess::InputStatsThread -> Input metrics sent: 3
2024-06-24T11:03:22.229    INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> Consumed messages: 21, total_bytes: 16920 (60.000761 seconds)
2024-06-24T11:03:22.230    INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Consumed messages: 21 messages (60.000429 seconds) => 0 msg/sec
2024-06-24T11:03:22.273    INFO InputProcess::MainThread -> [GC] global: 42.9% -> 42.9%, process: RSS(75.62MiB -> 75.62MiB), VMS(579.43MiB -> 579.43MiB)

By default, these information traces will be displayed every 10 minutes.

Sender services

The Integrations Factory Collector SDK has 3 different senders services depending on the event type to delivery (internal, standard, and lookup). This collector uses the following Sender Services:

Sender services	Description

Sender services	Description
`internal_senders`	In charge of delivering internal metrics to Devo such as logging traces or metrics.
`standard_senders`	In charge of delivering pulled events to Devo.

Sender statistics

Each service displays its own performance statistics that allow checking how many events have been delivered to Devo by type:

Logging trace	Description

Logging trace

Description

Number of available senders: 1

Displays the number of concurrent senders available for the given Sender Service.

sender manager internal queue size: 0

Displays the items available in the internal sender queue.

This value helps detect bottlenecks and needs to increase the performance of data delivery to Devo. This last can be made by increasing the concurrent senders.

2024-06-24T11:03:22.220 INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_1) -> Lookup - Total number of messages sent: 0, messages sent since "2024-06-24 05:28:22.215167+00:00": 0 (elapsed 0.000 seconds)

Displayes the number of events from the last time and following the given example, the following conclusions can be obtained:

44 events were sent to Devo since the collector started.
The last checkpoint timestamp was 2024-06-24 05:28:22.215167+00:00.
21 events where sent to Devo between the last UTC checkpoint and now.
Those 21 events required 0.000 seconds to be delivered.

By default these traces will be shown every 10 minutes.

To check the memory usage of this collector, look for the following log records in the collector which are displayed every 5 minutes by default, always after running the memory-free process.

The used memory is displayed by running processes and the sum of both values will give the total used memory for the collector.
The global pressure of the available memory is displayed in the global value.
All metrics (Global, RSS, VMS) include the value before freeing and after previous -> after freeing memory

2024-06-20T14:07:31.492    INFO OutputProcess::MainThread -> [GC] global: 39.5% -> 39.6%, process: RSS(40.77MiB -> 42.27MiB), VMS(928.47MiB -> 928.47MiB)
2024-06-20T14:07:31.497    INFO InputProcess::MainThread -> [GC] global: 39.5% -> 39.6%, process: RSS(41.54MiB -> 41.54MiB), VMS(496.20MiB -> 496.20MiB)

Differences between RSS and VMS memory usage:

RSS is the Resident Set Size, which is the actual physical memory the process is using
VMS is the Virtual Memory Size which is the virtual memory that process is using

Change log

Release	Released on	Release type	Details	Recommendations

Release	Released on	Release type	Details	Recommendations
`v1.0.0`	Jun 20, 2024	status:FIRST RELEASE	First version of the CATO collector.	`Initial version`

Devo latest

Cato SASE collector

Overview

Devo collector features

Data sources

Flattening preprocessing

Minimum configuration required for basic pulling

Accepted authentication methods

Run the collector

Collector services detail

sase_security

Setup output

Puller output

sase_system (beta)

Setup output

Puller output

sase_routing (beta)

Setup output

Puller output

sase_sockets_management (beta)

Setup output

Puller output

Collector operations

Initialization

Events delivery and Devo ingestion

Sender services

Sender statistics

Change log

Related content