/
Symantec collector
Symantec collector
Former user (Deleted)
Virginia Camuñas Núñez
Owned by Former user (Deleted), created
[ 1 Overview ] [ 2 Devo collector features ] [ 3 Data sources ] [ 4 Flattening preprocessing ] [ 5 Minimum configuration required for basic pulling ] [ 6 Run the collector ] [ 7 Collector services detail ] [ 8 Collector operations ] [ 9 Change log ]
Overview
Symantec Endpoint Protection, developed by Broadcom Inc., is a security software suite that consists of anti-malware, intrusion prevention and firewall features for server and desktop computers.
Devo collector features
Feature | Details |
|---|
Feature | Details |
|---|---|
Allow parallel downloading ( |
|
Running environments |
|
Populated Devo events |
|
Flattening preprocessing |
|
Data sources
Data source | Description | API endpoint | Collector service name | Devo table | Available from release |
All | Get all scanned email |
|
|
| v1.0.0 |
Threat isolation | Get all the Isolation feature |
|
|
| v1.0.0 |
Malware | Get all the Malware containing email |
|
|
| v1.0.0 |
clicktime | Get all the Click-time |
|
|
| v1.0.0 |
Anti-spam | Get all email as spam, and action taken |
|
|
| v1.0.0 |
Email Threat Analytics | Get all emails blocked by Anti-Malware service |
|
|
| v1.0.0 |
Email delivery data | Get all the describes both inbound and outbound email delivery |
|
|
| v1.0.0 |
For more information on how the events are parsed, visit our page.
Flattening preprocessing
Data source | Collector service | Optional | Flattening details |
All |
| yes | not required |
Threat isolation |
| yes | not required |
Malware |
| yes | not required |
clicktime |
| yes | not required |
Anti-spam |
| yes | not required |
Email Threat Analytics |
| yes | not required |
Email delivery data |
| yes | not required |
Minimum configuration required for basic pulling
Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.
This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.
Setting | Details |
| The username for Symantec Email Security Cloud API |
| The password for Symantec Email Security Cloud API |
| The Base Url for Symantec Email Security Cloud API . (Ex: |
| The Reset Url for Symantec Email Security Cloud API. (Ex: |
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).
Collector services detail
This section is intended to explain how to proceed with specific actions for services.
This collector can only make 30 requests per hour for each service.
Malware
Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.
This service has the following components:
Component | Description |
|---|
Component | Description |
|---|---|
Setup | The setup module is in charge of authenticating the service and managing the token expiration when needed. |
Puller | The setup module is in charge of pulling the data in a organized way and delivering the events via SDK. |
Setup output
A successful run has the following output messages for the setup module:
2024-07-19T15:30:22.555 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,malware,predefined) - Starting thread
2024-07-19T15:30:22.555 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/DevoSender;internal_senders;devo_sender_0.json.gz
2024-07-19T15:30:22.555 WARNING InputProcess::SymantecBasePuller(symantec,123123,malware,predefined) -> Waiting until setup will be executed
2024-07-19T15:30:22.556 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-19T15:30:22.556 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/4ff7b345dc444ac050cf75f93e5dcb3b"
2024-07-19T15:30:22.556 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/OutputInternalConsumer;internal_senders;0.json.gz
2024-07-19T15:30:22.557 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-19T15:30:22.557 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/10dd360c86621afd5a28a029a0dddcf6"
2024-07-19T15:30:22.557 INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread
2024-07-19T15:30:22.557 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-19T15:30:22.557 INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread
2024-07-19T15:30:22.557 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-19T15:30:22.558 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-19T15:30:22.558 INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread
2024-07-19T15:30:22.558 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-19T15:30:22.558 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-19T15:30:22.558 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-19T15:30:22.559 INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread
2024-07-19T15:30:22.559 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-19T15:30:22.559 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-19T15:30:22.559 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread
2024-07-19T15:30:22.559 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-19T15:30:22.559 INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread
2024-07-19T15:30:22.559 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-19T15:30:22.559 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-19T15:30:22.559 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-19T15:30:22.560 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-19T15:30:22.560 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-19T15:30:22.560 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-19T15:30:22.568 INFO InputProcess::MainThread -> [GC] global: 26.4% -> 26.5%, process: RSS(42.12MiB -> 42.12MiB), VMS(496.55MiB -> 496.55MiB)
2024-07-19T15:30:22.574 INFO OutputProcess::MainThread -> [GC] global: 26.5% -> 26.5%, process: RSS(42.97MiB -> 43.47MiB), VMS(929.05MiB -> 929.05MiB)
2024-07-19T15:30:23.075 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Created a sender: {"name": "DevoSender(internal_senders,devo_sender_0)", "url": "collector-eu.devo.io:443", "chain_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/chain.crt", "cert_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/int-if-integrations-india.crt", "key_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/int-if-integrations-india.key", "transport_layer_type": "SSL", "last_usage_timestamp": null, "socket_status": null}, hostname: "2023-apac-0046", session_id: "127870209828560"
2024-07-19T15:30:23.075 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-19T15:30:24.060 INFO InputProcess::SymantecBasePullerSetup(unknown,symantec#123123,malware,#predefined) -> Setup for module <SymantecBasePuller> has been successfully executedPuller output
A successful initial run has the following output messages for the puller module:
Note that the PrePull action is executed only one time before the first run of the Pull action.
2024-07-19T15:30:24.564 INFO InputProcess::SymantecBasePuller(symantec,123123,malware,,predefined) -> Pull Started
2024-07-19T15:30:24.565 INFO InputProcess::SymantecBasePuller(symantec,123123,malware,,predefined) -> Fetching data From : 2024-07-16T10:00:00Z to the current date
2024-07-19T15:30:27.075 INFO InputProcess::SymantecBasePuller(symantec,123123,malware,,predefined) -> Sent 87 malware events to Devo.
2024-07-19T15:30:27.075 INFO InputProcess::SymantecBasePuller(symantec,123123,malware,,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1721383224558):Number of requests made: 1; Number of events received: 87; Number of duplicated events filtered out: 0; Number of events generated and sent: 87; Average of events per second: 34.643.After a successful collector’s execution (that is, no error logs found), you will see the following log message:
2024-07-19T15:30:28.452 INFO InputProcess::SymantecBasePuller(symantec,123123,malware,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1721383224558):Number of requests made: 2; Number of events received: 87; Number of duplicated events filtered out: 0; Number of events generated and sent: 87; Average of events per second: 22.375.all_emails
Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.
This service has the following components:
Component | Description |
|---|
Component | Description |
|---|---|
Setup | The setup module is in charge of authenticating the service and managing the token expiration when needed. |
Puller | The setup module is in charge of pulling the data in a organized way and delivering the events via SDK. |
Setup output
A successful run has the following output messages for the setup module:
2024-07-22T10:46:00.050 INFO InputProcess::MainThread -> SymantecBasePullerSetup(unknown,symantec#123123,all_emails#predefined) -> Starting thread
2024-07-22T10:46:00.050 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,all_emails,predefined) - Starting thread
2024-07-22T10:46:00.051 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/DevoSender;internal_senders;devo_sender_0.json.gz
2024-07-22T10:46:00.052 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-22T10:46:00.052 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/4ff7b345dc444ac050cf75f93e5dcb3b"
2024-07-22T10:46:00.052 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/OutputInternalConsumer;internal_senders;0.json.gz
2024-07-22T10:46:00.052 WARNING InputProcess::SymantecBasePuller(symantec,123123,all_emails,predefined) -> Waiting until setup will be executed
2024-07-22T10:46:00.053 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-22T10:46:00.053 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/10dd360c86621afd5a28a029a0dddcf6"
2024-07-22T10:46:00.053 INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread
2024-07-22T10:46:00.053 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T10:46:00.053 INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread
2024-07-22T10:46:00.053 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T10:46:00.054 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T10:46:00.054 INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread
2024-07-22T10:46:00.054 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T10:46:00.054 INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread
2024-07-22T10:46:00.055 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T10:46:00.055 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T10:46:00.055 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread
2024-07-22T10:46:00.056 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T10:46:00.056 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T10:46:00.056 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T10:46:00.057 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T10:46:00.057 INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread
2024-07-22T10:46:00.057 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T10:46:00.057 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T10:46:00.057 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T10:46:00.058 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T10:46:00.061 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T10:46:00.065 INFO InputProcess::MainThread -> [GC] global: 17.2% -> 17.2%, process: RSS(41.87MiB -> 41.99MiB), VMS(496.53MiB -> 496.53MiB)
2024-07-22T10:46:00.075 INFO OutputProcess::MainThread -> [GC] global: 17.2% -> 17.2%, process: RSS(42.22MiB -> 42.84MiB), VMS(929.05MiB -> 929.05MiB)
2024-07-22T10:46:01.448 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Created a sender: {"name": "DevoSender(internal_senders,devo_sender_0)", "url": "collector-eu.devo.io:443", "chain_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/chain.crt", "cert_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/int-if-integrations-india.crt", "key_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/int-if-integrations-india.key", "transport_layer_type": "SSL", "last_usage_timestamp": null, "socket_status": null}, hostname: "2023-apac-0046", session_id: "127102554053168"
2024-07-22T10:46:01.448 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T10:46:06.653 INFO InputProcess::SymantecBasePullerSetup(unknown,symantec#123123,all_emails#predefined) -> Setup for module <SymantecBasePuller> has been successfully executedPuller output
A successful initial run has the following output messages for the puller module:
Note that the PrePull action is executed only one time before the first run of the Pull action.
2024-07-22T10:46:07.066 INFO InputProcess::SymantecBasePuller(symantec,123123,all_emails,predefined) -> Pull Started
2024-07-22T10:46:07.067 INFO InputProcess::SymantecBasePuller(symantec,123123,all_emails,predefined) -> Fetching data From : 2024-07-22T04:00:00Z to the current date
2024-07-22T10:46:11.069 INFO InputProcess::SymantecBasePuller(symantec,123123,all_emails,predefined) -> Sent 1000 all_emails events to Devo.
2024-07-22T10:46:11.069 INFO InputProcess::SymantecBasePuller(symantec,123123,all_emails,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1721625367060):Number of requests made: 2; Number of events received: 1000; Number of duplicated events filtered out: 0; Number of events generated and sent: 1000; Average of events per second: 249.803.After a successful collector’s execution (that is, no error logs found), you will see the following log message:
2024-07-22T10:46:11.069 INFO InputProcess::SymantecBasePuller(symantec,123123,all_emails,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1721625367060):Number of requests made: 4; Number of events received: 3000; Number of duplicated events filtered out: 0; Number of events generated and sent: 3000; Average of events per second: 249.803.anti_spam
Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.
This service has the following components:
Component | Description |
|---|
Component | Description |
|---|---|
Setup | The setup module is in charge of authenticating the service and managing the token expiration when needed. |
Puller | The setup module is in charge of pulling the data in a organized way and delivering the events via SDK. |
Setup output
A successful run has the following output messages for the setup module:
2024-07-22T11:38:42.319 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,anti_spam,predefined) - Starting thread
2024-07-22T11:38:42.319 WARNING InputProcess::SymantecBasePuller(symantec,123123,anti_spam,predefined) -> Waiting until setup will be executed
2024-07-22T11:38:42.320 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/DevoSender;internal_senders;devo_sender_0.json.gz
2024-07-22T11:38:42.320 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-22T11:38:42.320 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/4ff7b345dc444ac050cf75f93e5dcb3b"
2024-07-22T11:38:42.321 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/OutputInternalConsumer;internal_senders;0.json.gz
2024-07-22T11:38:42.321 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-22T11:38:42.321 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/10dd360c86621afd5a28a029a0dddcf6"
2024-07-22T11:38:42.322 INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread
2024-07-22T11:38:42.322 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:38:42.322 INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread
2024-07-22T11:38:42.322 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:38:42.322 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:38:42.322 INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread
2024-07-22T11:38:42.323 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:38:42.323 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:38:42.323 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:38:42.323 INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread
2024-07-22T11:38:42.323 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:38:42.323 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:38:42.323 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread
2024-07-22T11:38:42.324 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:38:42.324 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:38:42.324 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:38:42.324 INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread
2024-07-22T11:38:42.324 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:38:42.324 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:38:42.324 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:38:42.326 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:38:42.332 INFO InputProcess::MainThread -> [GC] global: 26.7% -> 26.8%, process: RSS(41.87MiB -> 41.99MiB), VMS(496.53MiB -> 496.53MiB)
2024-07-22T11:38:42.338 INFO OutputProcess::MainThread -> [GC] global: 26.8% -> 26.8%, process: RSS(43.22MiB -> 43.59MiB), VMS(929.05MiB -> 929.05MiB)
2024-07-22T11:38:42.776 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Created a sender: {"name": "DevoSender(internal_senders,devo_sender_0)", "url": "collector-eu.devo.io:443", "chain_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/chain.crt", "cert_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/int-if-integrations-india.crt", "key_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/int-if-integrations-india.key", "transport_layer_type": "SSL", "last_usage_timestamp": null, "socket_status": null}, hostname: "2023-apac-0046", session_id: "135970397056160"
2024-07-22T11:38:42.777 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:38:44.611 INFO InputProcess::SymantecBasePullerSetup(unknown,symantec#123123,anti_spam#predefined) -> Setup for module <SymantecBasePuller> has been successfully executedPuller output
A successful initial run has the following output messages for the puller module:
Note that the PrePull action is executed only one time before the first run of the Pull action.
2024-07-22T11:38:45.333 INFO InputProcess::SymantecBasePuller(symantec,123123,anti_spam,predefined) -> Pull Started
2024-07-22T11:38:45.334 INFO InputProcess::SymantecBasePuller(symantec,123123,anti_spam,predefined) -> Fetching data From : 2024-07-22T04:00:00Z to the current date
2024-07-22T11:39:19.437 INFO InputProcess::SymantecBasePuller(symantec,123123,anti_spam,predefined) -> Sent 1000 anti_spam events to Devo.
2024-07-22T11:39:19.437 INFO InputProcess::SymantecBasePuller(symantec,123123,anti_spam,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1721628525323):Number of requests made: 2; Number of events received: 1000; Number of duplicated events filtered out: 0; Number of events generated and sent: 1000; Average of events per second: 29.321.After a successful collector’s execution (that is, no error logs found), you will see the following log message:
2024-07-22T11:40:00.186 INFO InputProcess::SymantecBasePuller(symantec,123123,anti_spam,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1721628525323):Number of requests made: 9; Number of events received: 5267; Number of duplicated events filtered out: 0; Number of events generated and sent: 5267; Average of events per second: 70.365.email_threat
Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.
This service has the following components:
Component | Description |
|---|
Component | Description |
|---|---|
Setup | The setup module is in charge of authenticating the service and managing the token expiration when needed. |
Puller | The setup module is in charge of pulling the data in a organized way and delivering the events via SDK. |
Setup output
A successful run has the following output messages for the setup module:
2024-07-22T11:41:55.652 INFO InputProcess::MainThread -> SymantecBasePullerSetup(unknown,symantec#123123,email_threat#predefined) -> Starting thread
2024-07-22T11:41:55.653 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,email_threat,predefined) - Starting thread
2024-07-22T11:41:55.653 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/DevoSender;internal_senders;devo_sender_0.json.gz
2024-07-22T11:41:55.654 WARNING InputProcess::SymantecBasePuller(symantec,123123,email_threat,predefined) -> Waiting until setup will be executed
2024-07-22T11:41:55.654 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-22T11:41:55.654 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/4ff7b345dc444ac050cf75f93e5dcb3b"
2024-07-22T11:41:55.654 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/OutputInternalConsumer;internal_senders;0.json.gz
2024-07-22T11:41:55.655 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-22T11:41:55.655 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/10dd360c86621afd5a28a029a0dddcf6"
2024-07-22T11:41:55.655 INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread
2024-07-22T11:41:55.655 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:41:55.655 INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread
2024-07-22T11:41:55.656 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:41:55.656 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:41:55.656 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:41:55.656 INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread
2024-07-22T11:41:55.656 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:41:55.656 INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread
2024-07-22T11:41:55.656 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:41:55.657 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:41:55.657 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:41:55.657 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread
2024-07-22T11:41:55.657 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:41:55.657 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:41:55.657 INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread
2024-07-22T11:41:55.657 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:41:55.657 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:41:55.657 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:41:55.658 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:41:55.658 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:41:55.664 INFO InputProcess::MainThread -> [GC] global: 26.5% -> 26.6%, process: RSS(42.00MiB -> 42.12MiB), VMS(496.53MiB -> 496.53MiB)
2024-07-22T11:41:55.670 INFO OutputProcess::MainThread -> [GC] global: 26.5% -> 26.6%, process: RSS(42.22MiB -> 43.22MiB), VMS(929.05MiB -> 929.05MiB)
2024-07-22T11:41:56.219 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Created a sender: {"name": "DevoSender(internal_senders,devo_sender_0)", "url": "collector-eu.devo.io:443", "chain_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/chain.crt", "cert_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/int-if-integrations-india.crt", "key_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/int-if-integrations-india.key", "transport_layer_type": "SSL", "last_usage_timestamp": null, "socket_status": null}, hostname: "2023-apac-0046", session_id: "140077869205584"
2024-07-22T11:41:56.220 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:41:57.000 INFO InputProcess::SymantecBasePullerSetup(unknown,symantec#123123,email_threat#predefined) -> Setup for module <SymantecBasePuller> has been successfully executedPuller output
A successful initial run has the following output messages for the puller module:
Note that the PrePull action is executed only one time before the first run of the Pull action.
2024-07-22T11:41:57.662 INFO InputProcess::SymantecBasePuller(symantec,123123,email_threat,predefined) -> Pull Started
2024-07-22T11:41:57.663 INFO InputProcess::SymantecBasePuller(symantec,123123,email_threat,predefined) -> Fetching data From : 2024-07-22T04:00:00Z to the current date
2024-07-22T11:42:01.778 INFO InputProcess::SymantecBasePuller(symantec,123123,email_threat,predefined) -> Sent 247 email_threat events to Devo.
2024-07-22T11:42:01.778 INFO InputProcess::SymantecBasePuller(symantec,123123,email_threat,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1721628717656):Number of requests made: 2; Number of events received: 247; Number of duplicated events filtered out: 0; Number of events generated and sent: 247; Average of events per second: 60.011.After a successful collector’s execution (that is, no error logs found), you will see the following log message:
2024-07-22T11:42:03.174 INFO InputProcess::SymantecBasePuller(symantec,123123,email_threat,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1721628717656):Number of requests made: 3; Number of events received: 247; Number of duplicated events filtered out: 0; Number of events generated and sent: 247; Average of events per second: 44.817.email_delivery
Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.
This service has the following components:
Component | Description |
|---|
Component | Description |
|---|---|
Setup | The setup module is in charge of authenticating the service and managing the token expiration when needed. |
Puller | The setup module is in charge of pulling the data in a organized way and delivering the events via SDK. |
Setup output
A successful run has the following output messages for the setup module:
2024-07-22T11:44:06.320 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,email_delivery,predefined) - Starting thread
2024-07-22T11:44:06.321 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/OutputInternalConsumer;internal_senders;0.json.gz
2024-07-22T11:44:06.321 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-22T11:44:06.321 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/10dd360c86621afd5a28a029a0dddcf6"
2024-07-22T11:44:06.321 WARNING InputProcess::SymantecBasePuller(symantec,123123,email_delivery,predefined) -> Waiting until setup will be executed
2024-07-22T11:44:06.321 INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread
2024-07-22T11:44:06.322 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:44:06.322 INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread
2024-07-22T11:44:06.322 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:44:06.322 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:44:06.322 INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread
2024-07-22T11:44:06.322 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:44:06.322 INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread
2024-07-22T11:44:06.322 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:44:06.323 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:44:06.323 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:44:06.323 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:44:06.323 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread
2024-07-22T11:44:06.323 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:44:06.323 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:44:06.323 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:44:06.323 INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread
2024-07-22T11:44:06.324 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:44:06.324 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:44:06.324 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:44:06.326 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:44:06.334 INFO InputProcess::MainThread -> [GC] global: 26.5% -> 26.5%, process: RSS(41.87MiB -> 41.87MiB), VMS(496.53MiB -> 496.53MiB)
2024-07-22T11:44:06.339 INFO OutputProcess::MainThread -> [GC] global: 26.5% -> 26.5%, process: RSS(42.84MiB -> 43.34MiB), VMS(929.05MiB -> 929.05MiB)
2024-07-22T11:44:06.882 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Created a sender: {"name": "DevoSender(internal_senders,devo_sender_0)", "url": "collector-eu.devo.io:443", "chain_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/chain.crt", "cert_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/int-if-integrations-india.crt", "key_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/int-if-integrations-india.key", "transport_layer_type": "SSL", "last_usage_timestamp": null, "socket_status": null}, hostname: "2023-apac-0046", session_id: "135456966012064"
2024-07-22T11:44:06.882 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:44:07.758 INFO InputProcess::SymantecBasePullerSetup(unknown,symantec#123123,email_delivery#predefined) -> Setup for module <SymantecBasePuller> has been successfully executedPuller output
A successful initial run has the following output messages for the puller module:
Note that the PrePull action is executed only one time before the first run of the Pull action.
2024-07-22T11:44:08.332 INFO InputProcess::SymantecBasePuller(symantec,123123,email_delivery,predefined) -> Pull Started
2024-07-22T11:44:08.333 INFO InputProcess::SymantecBasePuller(symantec,123123,email_delivery,predefined) -> Fetching data From : 2024-07-22T04:00:00Z to the current date
2024-07-22T11:44:11.590 INFO InputProcess::SymantecBasePuller(symantec,123123,email_delivery,predefined) -> Sent 1000 email_delivery events to Devo.
2024-07-22T11:44:11.590 INFO InputProcess::SymantecBasePuller(symantec,123123,email_delivery,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1721628848323):Number of requests made: 2; Number of events received: 1000; Number of duplicated events filtered out: 0; Number of events generated and sent: 1000; Average of events per second: 306.937.After a successful collector’s execution (that is, no error logs found), you will see the following log message:
2024-07-22T11:45:34.457 INFO InputProcess::SymantecBasePuller(symantec,123123,email_delivery,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1721628848323):Number of requests made: 28; Number of events received: 27000; Number of duplicated events filtered out: 0; Number of events generated and sent: 27000; Average of events per second: 313.496.clicktime
Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.
This service has the following components:
Component | Description |
|---|
Component | Description |
|---|---|
Setup | The setup module is in charge of authenticating the service and managing the token expiration when needed. |
Puller | The setup module is in charge of pulling the data in a organized way and delivering the events via SDK. |
Setup output
A successful run has the following output messages for the setup module:
2024-07-22T11:46:56.063 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,clicktime,predefined) - Starting thread
2024-07-22T11:46:56.063 INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/e784c94a6fe28de5937e50674407d82e"
2024-07-22T11:46:56.064 WARNING InputProcess::SymantecBasePuller(symantec,123123,clicktime,predefined) -> Waiting until setup will be executed
2024-07-22T11:46:56.064 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/DevoSender;internal_senders;devo_sender_0.json.gz
2024-07-22T11:46:56.065 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-22T11:46:56.065 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/4ff7b345dc444ac050cf75f93e5dcb3b"
2024-07-22T11:46:56.065 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/OutputInternalConsumer;internal_senders;0.json.gz
2024-07-22T11:46:56.066 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-22T11:46:56.066 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/10dd360c86621afd5a28a029a0dddcf6"
2024-07-22T11:46:56.066 INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread
2024-07-22T11:46:56.066 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:46:56.066 INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread
2024-07-22T11:46:56.066 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:46:56.066 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:46:56.066 INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread
2024-07-22T11:46:56.067 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:46:56.067 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:46:56.067 INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread
2024-07-22T11:46:56.067 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:46:56.067 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:46:56.068 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread
2024-07-22T11:46:56.068 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:46:56.068 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:46:56.068 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:46:56.068 INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread
2024-07-22T11:46:56.068 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:46:56.068 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:46:56.069 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:46:56.069 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:46:56.071 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:46:56.078 INFO InputProcess::MainThread -> [GC] global: 27.0% -> 27.0%, process: RSS(41.62MiB -> 41.62MiB), VMS(496.55MiB -> 496.55MiB)
2024-07-22T11:46:56.083 INFO OutputProcess::MainThread -> [GC] global: 27.0% -> 27.0%, process: RSS(42.97MiB -> 43.47MiB), VMS(929.05MiB -> 929.05MiB)
2024-07-22T11:46:56.580 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Created a sender: {"name": "DevoSender(internal_senders,devo_sender_0)", "url": "collector-eu.devo.io:443", "chain_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/chain.crt", "cert_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/int-if-integrations-india.crt", "key_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/int-if-integrations-india.key", "transport_layer_type": "SSL", "last_usage_timestamp": null, "socket_status": null}, hostname: "2023-apac-0046", session_id: "129877148861632"
2024-07-22T11:46:56.580 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:46:57.664 INFO InputProcess::SymantecBasePullerSetup(unknown,symantec#123123,clicktime#predefined) -> Setup for module <SymantecBasePuller> has been successfully executedPuller output
A successful initial run has the following output messages for the puller module:
Note that the PrePull action is executed only one time before the first run of the Pull action.
2024-07-22T11:46:58.068 INFO InputProcess::SymantecBasePuller(symantec,123123,clicktime,predefined) -> Pull Started
2024-07-22T11:46:58.068 INFO InputProcess::SymantecBasePuller(symantec,123123,clicktime,predefined) -> Fetching data From : 2024-07-22T04:00:00Z to the current date
2024-07-22T11:47:02.724 INFO InputProcess::SymantecBasePuller(symantec,123123,clicktime,predefined) -> Sent 733 clicktime events to Devo.
2024-07-22T11:47:02.724 INFO InputProcess::SymantecBasePuller(symantec,123123,clicktime,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1721629018066):Number of requests made: 2; Number of events received: 733; Number of duplicated events filtered out: 0; Number of events generated and sent: 733; Average of events per second: 157.444.After a successful collector’s execution (that is, no error logs found), you will see the following log message:
2024-07-22T11:47:05.159 INFO InputProcess::SymantecBasePuller(symantec,123123,clicktime,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1721629018066):Number of requests made: 4; Number of events received: 734; Number of duplicated events filtered out: 0; Number of events generated and sent: 734; Average of events per second: 103.520.threat_isolation
Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.
This service has the following components:
Component | Description |
|---|
Component | Description |
|---|---|
Setup | The setup module is in charge of authenticating the service and managing the token expiration when needed. |
Puller | The setup module is in charge of pulling the data in a organized way and delivering the events via SDK. |
Setup output
A successful run has the following output messages for the setup module:
2024-07-22T11:49:21.823 INFO InputProcess::MainThread -> ServiceThread(symantec,123123,threat_isolation,predefined) - Starting thread (execution_period=60s)
2024-07-22T11:49:21.823 INFO InputProcess::MainThread -> SymantecBasePullerSetup(unknown,symantec#123123,threat_isolation#predefined) -> Starting thread
2024-07-22T11:49:21.823 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-22T11:49:21.823 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/4ff7b345dc444ac050cf75f93e5dcb3b"
2024-07-22T11:49:21.823 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,threat_isolation,predefined) - Starting thread
2024-07-22T11:49:21.823 WARNING InputProcess::SymantecBasePuller(symantec,123123,threat_isolation,predefined) -> Waiting until setup will be executed
2024-07-22T11:49:21.824 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/OutputInternalConsumer;internal_senders;0.json.gz
2024-07-22T11:49:21.824 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-22T11:49:21.824 INFO OutputProcess::MainThread -> OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/10dd360c86621afd5a28a029a0dddcf6"
2024-07-22T11:49:21.825 INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread
2024-07-22T11:49:21.825 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:49:21.825 INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread
2024-07-22T11:49:21.825 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:49:21.825 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:49:21.825 INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread
2024-07-22T11:49:21.825 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:49:21.826 INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread
2024-07-22T11:49:21.826 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:49:21.826 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:49:21.826 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:49:21.826 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:49:21.826 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread
2024-07-22T11:49:21.826 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:49:21.827 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)
2024-07-22T11:49:21.827 INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread
2024-07-22T11:49:21.827 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:49:21.827 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:49:21.827 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Recovering any available content from the persistence system
2024-07-22T11:49:21.827 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:49:21.829 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:49:21.837 INFO InputProcess::MainThread -> [GC] global: 26.6% -> 26.7%, process: RSS(42.00MiB -> 42.00MiB), VMS(496.55MiB -> 496.55MiB)
2024-07-22T11:49:21.842 INFO OutputProcess::MainThread -> [GC] global: 26.7% -> 26.7%, process: RSS(43.10MiB -> 43.47MiB), VMS(929.06MiB -> 929.06MiB)
2024-07-22T11:49:22.290 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Created a sender: {"name": "DevoSender(internal_senders,devo_sender_0)", "url": "collector-eu.devo.io:443", "chain_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/chain.crt", "cert_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/int-if-integrations-india.crt", "key_path": "/home/md_tausif/gitlab/devo-collector-symantec/certs/int-if-integrations-india.key", "transport_layer_type": "SSL", "last_usage_timestamp": null, "socket_status": null}, hostname: "2023-apac-0046", session_id: "140337000446320"
2024-07-22T11:49:22.290 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Nothing available in the persistence system
2024-07-22T11:49:23.198 INFO InputProcess::SymantecBasePullerSetup(unknown,symantec#123123,threat_isolation#predefined) -> Setup for module <SymantecBasePuller> has been successfully executedPuller output
A successful initial run has the following output messages for the puller module:
Note that the PrePull action is executed only one time before the first run of the Pull action.
2024-07-22T11:49:23.835 INFO InputProcess::SymantecBasePuller(symantec,123123,threat_isolation,predefined) -> Pull Started
2024-07-22T11:49:23.836 INFO InputProcess::SymantecBasePuller(symantec,123123,threat_isolation,predefined) -> Fetching data From : 2024-07-22T04:00:00Z to the current date
2024-07-22T11:49:30.201 INFO InputProcess::SymantecBasePuller(symantec,123123,threat_isolation,predefined) -> Sent 1000 threat_isolation events to Devo.
2024-07-22T11:49:30.201 INFO InputProcess::SymantecBasePuller(symantec,123123,threat_isolation,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1721629163826):Number of requests made: 2; Number of events received: 1000; Number of duplicated events filtered out: 0; Number of events generated and sent: 1000; Average of events per second: 157.095.After a successful collector’s execution (that is, no error logs found), you will see the following log message:
2024-07-22T11:49:38.664 INFO InputProcess::SymantecBasePuller(symantec,123123,threat_isolation,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1721629163826):Number of requests made: 4; Number of events received: 1516; Number of duplicated events filtered out: 0; Number of events generated and sent: 1516; Average of events per second: 102.231.Restart the persistance
This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:
Edit the configuration file.
Change the value of the
request_period_in_secondsparameter to a different one.Save the changes.
Restart the collector.
The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.
Note that this action clears the persistence and cannot be recovered in any way. Resetting persistence could result in duplicate or lost events.
Troubleshooting
This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.
Error type | Error ID | Error message | Cause | Solution |
|
| Error occurred while requesting from the Symantec server. Error message: {error message} | Credentials error {unauthorized} or mismatch b/w credentials or Symantec server error | Check the credentials or contact developer with required message |
|
| Some error occurred while retrieving events from symantec server. Error detail {e}. | Error on the symantec server. | Contact the developer with exact error message. |
|
| Error related to HTTP, occurred while retrieving events from symantec server{summery} , {details} | This error happens when the collector tries to fetch the data from API. | In this error you will find the HTTP error code as well as the summary and details. |
|
| Some error occurred while retrieving events from symantec server. Error details: {details} | Some exceptions occurred while making the API request. | Contact the developer with exact error message. |
Collector operations
This section is intended to explain how to proceed with specific operations of this collector.
Initialization
The initialization module is in charge of setup and running the input (pulling logic) and output (delivering logic) services and validating the given configuration.
A successful run has the following output messages for the initializer module:
2024-07-19T09:35:08.565 INFO OutputProcess::MainThread -> Process started (pid=10692, ppid=10689)
2024-07-19T09:35:08.567 INFO MainProcess::MainThread -> Started all objects from "MainProcess" process (multiprocessing.start_method="fork")
2024-07-19T09:35:08.567 INFO InputProcess::MainThread -> Process started (pid=10694, ppid=10689)
2024-07-19T09:35:08.584 INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/DevoSenderManager;standard_senders;devo_1.json.gz
2024-07-19T09:35:08.585 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,,malware,,predefined) -> [PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/symantec;123123;malware;predefined;SymantecBasePuller.json
2024-07-19T09:35:08.585 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,,malware,,predefined) -> [PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-19T09:35:08.586 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,,malware,,predefined) -> [PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 2), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/f9ab91a10d8d4015795972ee144a22dc"
2024-07-19T09:35:08.586 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,,malware,,predefined) -> [PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/fdea0ae3fa54ae9b9b08a64e3c9337a2"
2024-07-19T09:35:08.586 INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-19T09:35:08.586 INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/5bdbabbd30e1988d6e2b0b74b6ec3289"
2024-07-19T09:35:08.586 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,,malware,,predefined) -> [PERSISTENCE_SYSTEM] Checking if old persisted data must be removed
2024-07-19T09:35:08.586 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,,malware,,predefined) -> [PERSISTENCE_SYSTEM] No previous persistence file exists (Version 2), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/f9ab91a10d8d4015795972ee144a22dc"
2024-07-19T09:35:08.586 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,,malware,,predefined) -> [PERSISTENCE_SYSTEM] No previous persistence file exists (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/fdea0ae3fa54ae9b9b08a64e3c9337a2"
2024-07-19T09:35:08.587 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,,malware,,predefined) Starting the execution of init_variables()
2024-07-19T09:35:08.587 INFO InputProcess::MainThread -> Validating service metadata
2024-07-19T09:35:08.588 INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/DevoSender;standard_senders;devo_sender_0.json.gz
2024-07-19T09:35:08.588 INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-19T09:35:08.588 INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/b1ee30ea2c4b3be1eb50c8b2ca80d8d8"
2024-07-19T09:35:08.589 INFO InputProcess::MainThread -> Validating defined module definition
2024-07-19T09:35:08.589 INFO OutputProcess::MainThread -> OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/OutputStandardConsumer;standard_senders;0.json.gz
2024-07-19T09:35:08.590 INFO OutputProcess::MainThread -> OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-19T09:35:08.590 INFO OutputProcess::MainThread -> OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/de28663278a264d05d531fbc1db51a93"
2024-07-19T09:35:08.591 INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/DevoSenderManager;lookup_senders;devo_1.json.gz
2024-07-19T09:35:08.591 INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] There is no data persisted with the latest format, any previous persisted data will be migrated
2024-07-19T09:35:08.591 INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY_PERSISTENCE_SYSTEM] No previous persistence file exists to migrate (Version 1), filename_path: "/home/md_tausif/gitlab/devo-collector-symantec/state/a28c135f3fc69ece87d8fc2fdb029e8c"
2024-07-19T09:35:08.592 INFO InputProcess::MainThread -> Validating common input config
2024-07-19T09:35:08.593 INFO InputProcess::MainThread -> Validating service input config
2024-07-19T09:35:08.593 INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> [EMERGENCY_PERSISTENCE_SYSTEM] Created persistence instance, filename_path: /home/md_tausif/gitlab/devo-collector-symantec/state/not_used/DevoSender;lookup_senders;devo_sender_0.json.gz
2024-07-19T09:35:08.593 INFO InputProcess::MainThread -> Running overriding rules
2024-07-19T09:35:08.593 INFO InputProcess::MainThread -> Validating the rate limiter config given by the user
2024-07-19T09:35:08.594 INFO InputProcess::MainThread -> <requests_limits> setting has not been defined. The generic settings will be used instead.
2024-07-19T09:35:08.594 INFO InputProcess::MainThread -> Adding raw config to the collector store
2024-07-19T09:35:08.594 INFO InputProcess::MainThread -> Running custom validation rules
2024-07-19T09:35:08.594 INFO InputProcess::MainThread -> SymantecBasePuller(symantec,123123,,malware,,predefined) Finalizing the execution of init_variables()Events delivery and Devo ingestion
The event delivery module is in charge of receiving the events from the internal queues where all events are injected by the pullers and delivering them using the selected compatible delivery method.
A successful run has the following output messages for the initializer module:
2024-07-19T09:40:08.602 INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_1) -> Number of available senders: 1, sender manager internal queue size: 0
2024-07-19T09:40:08.603 INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_1) -> enqueued_elapsed_times_in_seconds_stats: {}
2024-07-19T09:40:08.603 INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_1) -> Sender: DevoSender(lookup_senders,devo_sender_0), status: {"internal_queue_size": 0, "is_connection_open": False}
2024-07-19T09:40:08.603 INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_1) -> Lookup - Total number of messages sent: 0, messages sent since "2024-07-19 04:05:08.593399+00:00": 0 (elapsed 0.000 seconds)
2024-07-19T09:40:08.603 INFO OutputProcess::DevoSenderManagerMonitor(internal_senders,devo_1) -> Number of available senders: 1, sender manager internal queue size: 0
2024-07-19T09:40:08.603 INFO OutputProcess::DevoSenderManagerMonitor(internal_senders,devo_1) -> enqueued_elapsed_times_in_seconds_stats: {}
2024-07-19T09:40:08.603 INFO OutputProcess::DevoSenderManagerMonitor(internal_senders,devo_1) -> Sender: DevoSender(internal_senders,devo_sender_0), status: {"internal_queue_size": 0, "is_connection_open": True}
2024-07-19T09:40:08.603 INFO OutputProcess::DevoSenderManagerMonitor(internal_senders,devo_1) -> Internal - Total number of messages: 74 messages/bytes sent since/to "2024-07-19T04:05:08.598004+00:00/2024-07-19T04:10:08.603954+00:00": 74/31723, (elapsed 0.568 seconds)By default, these information traces will be displayed every 10 minutes.
Sender services
The Integrations Factory Collector SDK has 3 different senders services depending on the event type to delivery (internal, standard, and lookup). This collector uses the following Sender Services:
Sender services | Description |
|---|
Sender services | Description |
|---|---|
| In charge of delivering internal metrics to Devo such as logging traces or metrics. |
| In charge of delivering pulled events to Devo. |
Sender statistics
Each service displays its own performance statistics that allow checking how many events have been delivered to Devo by type:
Logging trace | Description |
|---|
Logging trace | Description |
|---|---|
| Displays the number of concurrent senders available for the given Sender Service. |
| Displays the items available in the internal sender queue. This value helps detect bottlenecks and needs to increase the performance of data delivery to Devo. This last can be made by increasing the concurrent senders. |
| Displayes the number of events from the last time and following the given example, the following conclusions can be obtained:
By default these traces will be shown every 10 minutes. |
To check the memory usage of this collector, look for the following log records in the collector which are displayed every 5 minutes by default, always after running the memory-free process.
The used memory is displayed by running processes and the sum of both values will give the total used memory for the collector.
The global pressure of the available memory is displayed in the
globalvalue.All metrics (Global, RSS, VMS) include the value before freeing and after
previous -> after freeing memory
2024-07-19T09:35:08.608 INFO InputProcess::MainThread -> [GC] global: 19.1% -> 19.1%, process: RSS(41.86MiB -> 41.99MiB), VMS(496.55MiB -> 496.55MiB)
2024-07-19T09:35:08.616 INFO OutputProcess::MainThread -> [GC] global: 19.1% -> 19.1%, process: RSS(43.21MiB -> 43.71MiB), VMS(929.06MiB -> 929.06MiB)Differences between RSS and VMS memory usage:
RSSis the Resident Set Size, which is the actual physical memory the process is usingVMSis the Virtual Memory Size which is the virtual memory that process is using
Change log
Release | Released on | Release type | Details | Recommendations |
|---|
Release | Released on | Release type | Details | Recommendations |
|---|---|---|---|---|
| Jul 25, 2024 | status:NEW FEATURE | - | - |
, multiple selections available,
Related content
edr.symantec
edr.symantec
More like this
mail.symantec
mail.symantec
More like this
Microsoft Defender ATP for Endpoint collector
Microsoft Defender ATP for Endpoint collector
More like this
Proofpoint Isolation collector
Proofpoint Isolation collector
More like this
Trend Micro Email Security collector
Trend Micro Email Security collector
More like this
Tenable.io collector
Tenable.io collector
Read with this