- Created by Juan Tomás Alonso Nieto on Jun 19, 2023
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
Version 1 Next »
Overview
This document provides information about CyberArk’s Endpoint Privilege Management (EPM) APIs that will be used to develop the CyberArk EPM collector.
CyberArk is an Identity Security Platform that enables secure access for any identity — human or machine — to any resource or environment from anywhere, using any device.
To retrieve the EPM policy alerts and events, CyberArk provides new API commands.
Devo collector features
Feature | Details |
|---|---|
Allow parallel downloading ( |
|
Running environments |
|
Populated Devo events |
|
Flattening preprocessing |
|
Allowed source events obfuscation |
|
Data sources
Data source | Description | API endpoint | Collector service name | Devo table | Available from release |
Admin audit data | Admin audit indicates the full list of actions carried out by admin in your environment |
|
|
|
|
Raw events | This enables to retrieve the events in the system, such as user login failure events, etc. |
|
|
|
|
Policy audit events | Retrieves policy audit events in the system, such as admin privileges. |
|
|
|
|
Aggregated events | Retrieves aggregated events in the system, such as number of attack attempts, etc. |
|
|
|
|
Aggregated policy audit events | This enables to retrieve of the aggregated policy events in the system, such as the number of times the application is launched, the number of times blocked |
|
|
|
|
For more information on how the events are parsed, visit our page.
Vendor setup
We need email, password, and app ID to start.
Minimum configuration required for basic pulling
Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.
This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.
Setting | Details |
| The email your CyberArk account is associated with. |
| Password for the said account. |
| Source application ID that distinguishes between REST API calls from EPM and REST API calls from another application. We recommend that you specify the customer's name. |
| Based on your region you will be receiving that from CyberArk in your email box. For instance, for United States is http://login.epm.cyberark.com For UK http://uk.epm.cyberark.com For Canada http://ca.epm.cyberark.com |
Accepted authentication methods
Authentication method | Token |
Token | Required |
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).
Collector services detail
This section is intended to explain how to proceed with specific actions for services.
Events service
Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.
This service has the following components:
Component | Description |
|---|---|
Setup | The setup module is in charge of authenticating the service and managing the token expiration when needed. |
Puller | The setup module is in charge of pulling the data in a organized way and delivering the events via SDK. |
Setup output
A successful run has the following output messages for the setup module:
2023-03-18T13:34:21.791 INFO InputProcess::CyberArkEpmPullerSetup(cyberark_epm,cyberark#a14d,<service_name>#predefined) -> Starting the execution of setup() 2023-03-18T13:34:21.792 DEBUG InputProcess::ServiceThread(cyberark,a14d,<service_name>,predefined) -> Entering in wait status 2023-03-18T13:34:21.793 DEBUG OutputProcess::MainThread -> OutputSenderManagerListLookup -> ConsoleSenderManager(lookup_senders,manager,console_1)(console_1) - Instance created 2023-03-18T13:34:21.793 DEBUG InputProcess::InputThread(cyberark,a14d) -> Entering in wait status . . . . . 2023-03-18T13:34:23.742 DEBUG InputProcess::CyberArkEpmPullerSetup(cyberark_epm,cyberark#a14d,<service_name>#predefined) -> Finalizing the execution of setup()
Puller output
A successful initial run has the following output messages for the puller module:
Note that the PrePull action is executed only one time before the first run of the Pull action.
2023-03-18T13:34:23.795 DEBUG InputProcess::CyberArkEpmEventsPuller(cyberark,a14d,<service>,predefined) -> Starting pull(), 2023-03-18 08:04:23.793878+00:00
2023-03-18T13:34:23.795 INFO InputProcess::CyberArkEpmEventsPuller(cyberark,a14d,<service>,predefined) -> Pull Started
2023-03-18T13:34:23.796 INFO OutputProcess::ConsoleSender(internal_senders,console_sender_0) -> {"timestamp": "2023-03-18 08:04:23.795", "tag": "devo.collectors.out.local.info", "content": "{\"msg\": \"Persistence object used in this pull cycle : {'last_date_from': '2022-01-01T00:00:00Z', 'date_from_config': '2022-01-01T00:00:00Z', 'hashes': []}\", \"time\": \"2023-03-18T08:04:23.795201Z\", \"level\": \"info\", \"collector_name\": \"cyberark_epm\", \"collector_version\": \"5.1.3\", \"collector_image\": null, \"input_name\": \"cyberark\", \"service_name\": \"<service>\", \"module_name\": \"CyberArkEpmEventsPuller\"}"}
2023-03-18T13:34:24.490 INFO InputProcess::CyberArkEpmEventsPuller(cyberark,a14d,<service>,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=<pulling_id>):Number of requests made: 1; Number of events received: 36; Number of duplicated events filtered out: 0; Number of events generated and sent: 36; Average of events per second: 51.717.
2023-03-18T13:34:24.490 DEBUG InputProcess::CyberArkEpmEventsPuller(cyberark,a14d,<service>,predefined) -> 1679126663.793878
2023-03-18T13:34:24.490 INFO InputProcess::CyberArkEpmEventsPuller(cyberark,a14d,<service>,predefined) -> Statistics for this pull cycle (@devo_pulling_id=<pulling_id>):Number of requests made: 1; Number of events received: 36; Number of duplicated events filtered out: 0; Number of events generated and sent: 36; Average of events per second: 51.687.
2023-03-18T13:34:24.492 INFO InputProcess::CyberArkEpmEventsPuller(cyberark,a14d,<service>,predefined) -> Statistics for this pull cycle (@devo_pulling_id=<pulling_id>):Number of requests made: 1; Number of events received: 36; Number of duplicated events filtered out: 0; Number of events generated and sent: 36; Average of events per second: 51.542.
2023-03-18T13:34:24.492 DEBUG InputProcess::CyberArkEpmEventsPuller(cyberark,a14d,<service>,predefined) -> Finalizing pull()
After a successful collector’s execution (that is, no error logs found), you will see the following log message:
2023-03-18T13:34:24.492 INFO InputProcess::CyberArkEpmEventsPuller(cyberark,a14d,<service>,predefined) -> Statistics for this pull cycle (@devo_pulling_id=<pulling_id>):Number of requests made: 1; Number of events received: 36; Number of duplicated events filtered out: 0; Number of events generated and sent: 36; Average of events per second: 51.542.
The value @devo_pulling_id is injected in each event to group all events ingested by the same pull action. You can use it to get the exact events downloaded in that Pull action in Devo’s search window.
If, in user config, the date_from param is detected to be different from the one used in the last pull cycle the persistence will be restarted.
This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.
Error type | Error ID | Error message | Cause | Solution |
|---|---|---|---|---|
InitVariablesError | 1 | "module_globals_key_path" property is missing in collectors_definitions.yaml file. | module_globals_key_path property not found in collector_definitions.yaml. | Ensure module_globals_key_path property is present in collectors_definitions.yaml file. |
InitVariablesError | 2 | "module_globals_key_path" property is not of "dict" type. | module_globals_key_path property is not a dictionary. | Ensure module_globals_key_path property is a dictionary in collectors_definitions.yaml file. |
InitVariablesError | 3 | "module_globals_key_path.refresh_period_for_latest_version_value_in_seconds" property is missing in collectors_definitions.yaml file. | refresh_period_for_latest_version_value_in_seconds property not found in module_globals_key_path section in collector_definitions.yaml. | Ensure module_globals_key_path.refresh_period_for_latest_version_value_in_seconds property is present in collectors_definitions.yaml file. |
InitVariablesError | 4 | "module_globals_key_path.refresh_period_for_latest_version_value_in_seconds" property is not of "int" type. | refresh_period_for_latest_version_value_in_seconds property is not an integer. | Ensure module_globals_key_path.refresh_period_for_latest_version_value_in_seconds property is an integer in collectors_definitions.yaml file. |
InitVariablesError | 5 | "module_globals_key_path.refresh_period_for_access_data_value_in_seconds" property is missing in collectors_definitions.yaml file. | refresh_period_for_access_data_value_in_seconds property not found in module_globals_key_path section in collector_definitions.yaml. | Ensure module_globals_key_path.refresh_period_for_access_data_value_in_seconds property is present in collectors_definitions.yaml file. |
InitVariablesError | 6 | "module_globals_key_path.refresh_period_for_access_data_value_in_seconds" property is not of "int" type. | refresh_period_for_access_data_value_in_seconds property is not an integer. | Ensure module_globals_key_path.refresh_period_for_access_data_value_in_seconds property is an integer in collectors_definitions.yaml file. |
InitVariablesError | 7 | "module_globals_key_path.refresh_period_for_sets_in_seconds" property is missing in collectors_definitions.yaml file. | refresh_period_for_sets_in_seconds property not found in module_globals_key_path section in collector_definitions.yaml. | Ensure module_globals_key_path.refresh_period_for_sets_in_seconds property is present in collectors_definitions.yaml file. |
InitVariablesError | 8 | "module_globals_key_path.refresh_period_for_sets_in_seconds" property is not of "int" type. | refresh_period_for_sets_in_seconds property is not an integer. | Ensure module_globals_key_path.refresh_period_for_sets_in_seconds property is an integer in collectors_definitions.yaml file. |
InitVariablesError | 9 | "module_globals_key_path.auth_url_pattern" property is missing in collectors_definitions.yaml file. | auth_url_pattern property not found in module_globals_key_path section in collector_definitions.yaml. | Ensure module_globals_key_path.auth_url_pattern property is present in collectors_definitions.yaml file. |
InitVariablesError | 10 | "module_globals_key_path.auth_url_pattern" property is not of "str" type. | auth_url_pattern property is not a string. | Ensure module_globals_key_path.auth_url_pattern property is a string in collectors_definitions.yaml file. |
InitVariablesError | 11 | The "module_globals_key_path.api" property is missing in collectors_definitions.yaml file | api property not found in module_globals_key_path section in collector_definitions.yaml. | Ensure module_globals_key_path.api property is present in collectors_definitions.yaml file. |
InitVariablesError | 12 | The "input_key_path.api.initial_version" property is missing in collectors_definitions.yaml file. | initial_version property not found in api section in collector_definitions.yaml. | Ensure input_key_path.api.initial_version property is present in collectors_definitions.yaml file. |
InitVariablesError | 13 | The "input_key_path.api.initial_version" property is not of "str" type. | initial_version property is not a string. | Ensure input_key_path.api.initial_version property is a string in collectors_definitions.yaml file. |
InitVariablesError | 14 | The "input_key_path.api.app_context" property is missing in collectors_definitions.yaml file. | app_context property not found in api section in collector_definitions.yaml. | Ensure input_key_path.api.app_context property is present in collectors_definitions.yaml file. |
InitVariablesError | 15 | The "input_key_path.api.app_context" property is not of "str" type. | app_context property is not a string. | Ensure input_key_path.api.app_context property is a string in collectors_definitions.yaml file. |
InitVariablesError | 16 | The "input_key_path.api.auth_endpoint" property is missing in collectors_definitions.yaml file. | auth_endpoint property not found in api section in collector_definitions.yaml. | Ensure input_key_path.api.auth_endpoint property is present in collectors_definitions.yaml file. |
InitVariablesError | 17 | The "input_key_path.api.auth_endpoint" property is not of "str" type. | auth_endpoint property is not a string. | Ensure input_key_path.api.auth_endpoint property is a string in collectors_definitions.yaml file. |
InitVariablesError | 18 | The "input_key_path.api.version_endpoint" property is missing in collectors_definitions.yaml file. | version_endpoint property not found in api section in collector_definitions.yaml. | Ensure input_key_path.api.version_endpoint property is present in collectors_definitions.yaml file. |
InitVariablesError | 19 | The "input_key_path.api.version_endpoint" property is not of "str" type. | version_endpoint property is not a string. | Ensure input_key_path.api.version_endpoint property is a string in collectors_definitions.yaml file. |
InitVariablesError | 20 | The "input_key_path.api.set_endpoint" property is missing in collectors_definitions.yaml file. | set_endpoint property not found in api section in collector_definitions.yaml. | Ensure input_key_path.api.set_endpoint property is present in collectors_definitions.yaml file. |
InitVariablesError | 21 | The "input_key_path.api.set_endpoint" property is not of "str" type. | set_endpoint property is not a string. | Ensure input_key_path.api.set_endpoint property is a string in collectors_definitions.yaml file. |
InitVariablesError | 22 | The "module_properties_key_path" property is missing in collectors_definitions.yaml. | module_properties property is not found in collector_definitions.yaml. | Ensure module_properties property is present in collectors_definitions.yaml file. |
InitVariablesError | 23 | The "module_properties_key_path" property is not of "dict" type. | module_properties property is not of dict type. | Ensure module_properties property is of dict type in collectors_definitions.yaml file. |
InitVariablesError | 24 | .modules.class_name.module_properties.query_path is empty/invalid type of query path. | query_path property is empty or not of string type. | Ensure query_path property is not empty and is a string type in collectors_definitions.yaml file. |
InitVariablesError | 25 | .modules.class_name.module_properties.query_path is not of 'str' type. | query_path property is not of string type. | Ensure query_path property is a string type in collectors_definitions.yaml file. |
InitVariablesError | 26 | ".modules.class_name.module_properties.start_time_pattern" property in service definition must exists | start_time_pattern property not found in module_properties section in collector_definitions.yaml. | Make sure start_time_pattern property is present in module_properties section in collectors_definitions.yaml file. |
InitVariablesError | 27 | ".modules.class_name.module_properties.start_time_pattern" property is not of "str" type | start_time_pattern property is not a string. | Ensure start_time_pattern property is a string in collectors_definitions.yaml file. |
InitVariablesError | 28 | ".modules.class_name.module_properties.tag_pattern" property in service definition must exists. | tag_pattern property not found in module_properties section in collector_definitions.yaml. | Make sure tag_pattern property is present in module_properties section in collectors_definitions.yaml file. |
InitVariablesError | 29 | ".modules.class_name.module_properties.tag_pattern" property is not of "str" type. | tag_pattern property is not a string. | Ensure tag_pattern property is a string in collectors_definitions.yaml file. |
InitVariablesError | 30 | ".modules.class_name.module_properties.tag" property in service definition must exists. | tag property not found in module_properties section in collector_definitions.yaml. | Make sure tag property is present in module_properties section in collectors_definitions.yaml file. |
InitVariablesError | 31 | ".modules.class_name.module_properties.tag" property is not of "str" type. | tag property is not a string. | Ensure tag property is a string in collectors_definitions.yaml file. |
InitVariablesError | 32 | tag param does not match required pattern. Make sure you are using the format: 'level1.level2.level3.level4' | tag parameter does not match the required pattern. | Make sure tag parameter is in the format 'level1.level2.level3.level4' in collectors_definitions.yaml file. |
InitVariablesError | 33 | ".modules.{self.class.name}.module_properties.limit_min" property in service definition must exists | limit_min property is missing in service definition. | Ensure limit_min property is present in service definition in collectors_definitions.yaml file. |
InitVariablesError | 34 | ".modules.{self.class.name}.module_properties.limit_min" property in service definition must be an integer | limit_min property is not an integer in service definition. | Ensure limit_min property is an integer in collectors_definitions.yaml file. |
InitVariablesError | 35 | ".modules.{self.class.name}.module_properties.limit_min" property in service definition must be greater than 0 | limit_min property value is less than or equal to 0. | Ensure limit_min property has a value greater than 0 in collectors_definitions.yaml file. |
InitVariablesError | 36 | ".modules.{self.class.name}.module_properties.limit_max" property in service definition must exists | limit_max property is missing in service definition. | Ensure limit_max property is present in service definition in collectors_definitions.yaml file. |
InitVariablesError | 37 | ".modules.{self.class.name}.module_properties.limit_max" property in service definition must be an integer | limit_max property is not an integer in service definition. | Ensure limit_max property is an integer in collectors_definitions.yaml file. |
InitVariablesError | 38 | ".modules.{self.class.name}.module_properties.limit_max" property in service definition must be greater than 0 and also greater or equal than "limit_min" property | limit_max property value is less than or equal to 0 or less than limit_min value. | Ensure limit_max property has a value greater than 0 and greater than or equal to limit_min value in collectors_definitions.yaml file. |
InitVariablesError | 39 | ".modules.{self.class.name}.module_properties.limit" property in service definition must exists | limit property is missing in service definition. | Ensure limit property is present in service definition in collectors_definitions.yaml file. |
InitVariablesError | 40 | ".modules.{self.class.name}.module_properties.limit" property in service definition must be an integer | limit property is not an integer in service definition. | Ensure limit property is an integer in collectors_definitions.yaml file. |
InitVariablesError | 41 | ".modules.{self.class.name}.module_properties.limit" property in service definition must have a value between "limit_min" and "limit_max" properties | limit property value is less than limit_min or greater than limit_max. | Ensure limit property has a value between limit_min and limit_max in collectors_definitions.yaml file. |
InitVariablesError | 42 | "input_config" mandatory property is missing or empty | The input_config variable is either None or an empty dictionary. | Ensure that the input_config variable is not None and contains the required values. |
InitVariablesError | 43 | "input_config" property must be a dictionary | The input_config variable is not a dictionary. | Ensure that the input_config variable is a dictionary. |
InitVariablesError | 44 | "input_config.credentials" mandatory property in configuration is missing or empty | The credentials section is either missing or an empty dictionary. | Ensure that the credentials section exists and contains the required values. |
InitVariablesError | 45 | "input_config.credentials" property in configuration must be a dictionary | The credentials section is not a dictionary. | Ensure that the credentials section is a dictionary. |
InitVariablesError | 46 | "input_config.credentials.username" mandatory property in configuration is missing or empty | The username property in the credentials section is either missing or None. | Ensure that the username property exists and contains a string value. |
InitVariablesError | 47 | "input_config.credentials.username" property in configuration must be a string | The username property in the credentials section is not a string. | Ensure that the username property is a string. |
InitVariablesError | 48 | "input_config.credentials.password" mandatory property in configuration is missing or empty | The password property in the credentials section is either missing or None. | Ensure that the password property exists and contains a string value. |
InitVariablesError | 49 | "input_config.credentials.password" property in configuration must be a string | The password property in the credentials section is not a string. | Ensure that the password property is a string. |
InitVariablesError | 50 | "input_config.credentials.application_id" mandatory property in configuration is missing or empty | The application_id property in the credentials section is either missing or None. | Ensure that the application_id property exists and contains a string value. |
InitVariablesError | 51 | "input_config.credentials.application_id" property in configuration must be a string | The application_id property in the credentials section is not a string. | Ensure that the application_id property is a string. |
InitVariablesError | 52 | "input_config.credentials.auth_url" mandatory property in configuration is missing or empty | The auth_url property in the credentials section is either missing or None. | Ensure that the auth_url property exists and contains a string value. |
InitVariablesError | 53 | "input_config.credentials.auth_url" property in configuration must be a string | The auth_url property in the credentials section is not a string. | Ensure that the auth_url property is a string. |
InitVariablesError | 54 | The "input_config.credentials.auth_url" property must follow the following pattern : "https://<region>.epm.cyberark.com". | The auth_url property in the credentials section does not follow the specified pattern "https://.epm.cyberark.com". | Ensure that the auth_url property in the credentials section follows the pattern "https://<region>.epm.cyberark.com". |
InitVariablesError | 55 | "service_config" mandatory property is missing or empty | The service_config variable is either None or an empty dictionary. | Ensure that the service_config variable is not None and contains the required values. |
InitVariablesError | 56 | "service_config" property must be a dictionary | The service_config variable is not a dictionary. | Ensure that the service_config variable is a dictionary. |
InitVariablesError | 57 | "service_config.date_from" property in configuration is missing. | The date_from property is missing from the service_config dictionary. | Ensure that the date_from property exists in the service_config dictionary. |
InitVariablesError | 58 | "service_config.date_from" property in configuration must be a string. | The date_from property in the service_config dictionary is not a string. | Ensure that the date_from property in the service_config dictionary is a string. |
InitVariablesError | 59 | Date param does not match required pattern. Make sure you are using the format: "yyyy-mm-ddThh-mm-ssZ" | The date_from property in the service_config dictionary does not match the required pattern. | Ensure that the date_from property in the service_config dictionary matches the pattern "yyyy-mm-ddThh-mm-ssZ". |
InitVariablesError | 60 | "service_config.tag" property in configuration must be a string. | The tag property in the service_config dictionary is not a string. | Ensure that the tag property in the service_config dictionary is a string. |
InitVariablesError | 61 | tag param does not match required pattern. Make sure you are using the format: "level1.level2.level3.level4" | The tag property in the service_config dictionary does not match the required pattern. | Ensure that the tag property in the service_config dictionary matches the pattern "level1.level2.level3.level4". |
SetupError | 107 | Response does not contain the required keys. For more details check: | The response from the server does not contain the required keys. | Check the response from the server and ensure that it contains the required keys. |
SetupError | 109 | Response does not contain the required keys. For more details check: {error} | The response from the server does not contain the required keys. | Check the response from the server and ensure that it contains the required keys. |
SetupError | 170 | Manager Path is None or, is not of 'str' type. | The manager_path variable is either None or not a string. | Ensure that the manager_path variable is not None and is a string. |
SetupError | 171 | Version is None or, is not of 'str' type. | The version variable is either None or not a string. | Ensure that the version variable is not None and is a string. |
SetupError | 172 | Version Endpoint is None or, is not of 'str' type. | The version_endpoint variable is either None or not a string. | Ensure that the version_endpoint variable is not None and is a string. |
SetupError | 173 | Manager Path(app_context) is Incorrect in collector_definition.yaml | The manager_path variable is incorrect in the collector_definition.yaml file. | Ensure that the manager_path variable is correctly defined in the collector_definition.yaml file. |
SetupError | 174 | Sets url is missing | The url variable is missing. | Ensure that the url variable is not empty. |
SetupError | 175 | Response does not contain the required keys. For more details check: | The response from the server does not contain the required keys. | Check the response from the server and ensure that it contains the required keys. |
SetupError | 176 | <error trace> | An unknown error occurred. | Check the logs for more information on the error. |
PullError | 300 | API version is None or, is not of 'str' type. | The api_version variable is either None or not a string. | Ensure that the api_version variable is not None and is a string. |
PullError | 301 | Set list is empty or, is not of 'list' type. | The set_list variable is either None or not a list. | Ensure that the set_list variable is not None and is a list. |
PullError | 302 | set_id is empty or, is not of 'str' type. | The set_id variable is either None or not a string. | Ensure that the set_id variable is not None and is a string. |
PullError | 303 | Manager Url is empty in variable or, is not of 'str' type. | The manager_url variable is either None or not a string. | Ensure that the manager_url variable is not None and is a string. |
PullError | 304 | AccessToken Is empty in variable or, is not of 'str' type. | The access_token variable is either None or not a string. | Ensure that the access_token variable is not None and is a string. |
PullError | 306 | The receiving set id is empty or, is not of 'str' type. | The set_id variable is either None or not a string. | Ensure that the set_id variable is not None and is a string. |
PullError | 307 | The receiving api_version is empty or, is not of 'str' type. | The api_version variable is either None or not a string. | Ensure that the api_version variable is not None and is a string. |
PullError | 308 | Manager url is empty or, is not of 'str' type. | The manager_url variable is either None or not a string. | Ensure that the manager_url variable is not None and is a string. |
PullError | 309 | AccessToken is empty or, is not of 'str' type. | The access_token variable is either None or not a string. | Ensure that the access_token variable is not None and is a string. |
PullError | 310 | Admin audit data url is missing or, is not of 'str' type. | The url variable is either empty or not a string. | Ensure that the url variable is not empty and is a string. |
PullError | 311 | <error trace> | Endpoint retuned 403 error. | Check the error message for more details. |
PullError | 312 | <error trace> | Endpoint retuned 404 error. | Check the error message for more details. |
PullError | 313 | <error trace> | Endpoint retuned 500 error. | Check the error message for more details. |
PullError | 314 | <error trace> | Endpoint retuned a non-recorder error code. | Check the error message for more details. |
PullError | 315 | <error trace> | An error occured while trying to pull the data. | Check the error message for more details. |
PullError | 316 | Cannot sort list. --> {reason} | The list could not be sorted. | Check the error message for more details. |
Collector operations
This section is intended to explain how to proceed with specific operations of this collector.
Initialization
The initialization module is in charge of setup and running the input (pulling logic) and output (delivering logic) services and validating the given configuration.
A successful run has the following output messages for the initializer module:
2023-02-20T17:12:06.027 INFO InputProcess::CyberArkEpmPullerSetup(cyberark_epm,cyberark#a14d,admin_audit#predefined) -> Starting the execution of setup() 2023-02-20T17:12:06.029 DEBUG InputProcess::ServiceThread(cyberark,a14d,admin_audit,predefined) -> Entering in wait status 2023-02-20T17:12:06.031 DEBUG InputProcess::InputThread(cyberark,a14d) -> Entering in wait status 2023-02-20T17:12:06.036 DEBUG OutputProcess::MainThread -> OutputSenderManagerListLookup -> DevoSenderManager(lookup_senders,manager,devo_1)(devo_1) - Instance created 2023-02-20T17:12:06.036 DEBUG InputProcess::CyberArkEpmPullerSetup(cyberark_epm,cyberark#a14d,admin_audit#predefined) -> Starting new HTTPS connection (1): in.epm.cyberark.com:443 2023-02-20T17:12:06.043 DEBUG OutputProcess::MainThread -> OutputSenderManagerListLookup -> ConsoleSenderManager(lookup_senders,manager,console_1)(console_1) - Instance created
Events delivery and Devo ingestion
The event delivery module is in charge of receiving the events from the internal queues where all events are injected by the pullers and delivering them using the selected compatible delivery method.
A successful run has the following output messages for the initializer module:
2023-02-20T17:17:09.928 INFO InputProcess::CyberArkEpmAdminAuditPuller(cyberark,a14d,admin_audit,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1676893628033):Number of requests made: 1; Number of events received: 1; Number of events generated and sent: 0; Average of events per second: 0.000. 2023-02-20T17:17:09.929 DEBUG InputProcess::CyberArkEpmAdminAuditPuller(cyberark,a14d,admin_audit,predefined) -> Fetching data for service admin_audit completed. 2023-02-20T17:17:09.929 DEBUG InputProcess::CyberArkEpmAdminAuditPuller(cyberark,a14d,admin_audit,predefined) -> Total Messages Sent to Devo 1 to the table my.app.cyberark.adminaudit for method admin_audit
Sender services
The Integrations Factory Collector SDK has 3 different senders services depending on the event type to delivery (internal, standard, and lookup). This collector uses the following Sender Services:
Sender services | Description |
|---|---|
| In charge of delivering internal metrics to Devo such as logging traces or metrics. |
| In charge of delivering pulled events to Devo. |
Sender statistics
Each service displays its own performance statistics that allow checking how many events have been delivered to Devo by type:
Logging trace | Description |
|---|---|
| Displays the number of concurrent senders available for the given Sender Service. |
| Displays the items available in the internal sender queue. This value helps detect bottlenecks and needs to increase the performance of data delivery to Devo. This last can be made by increasing the concurrent senders. |
| Displays the number of events from the last time and following the given example, the following conclusions can be obtained:
|
To check the memory usage of this collector, look for the following log records in the collector which are displayed every 5 minutes by default, always after running the memory-free process.
The used memory is displayed by running processes and the sum of both values will give the total used memory for the collector.
The global pressure of the available memory is displayed in the
globalvalue.All metrics (Global, RSS, VMS) include the value before freeing and after
previous -> after freeing memory
2023-02-07T19:30:25.031 INFO InputProcess::MainThread -> [GC] global: 73.2% -> 73.2%, process: RSS(41.23MiB -> 41.23MiB), VMS(32.68GiB -> 32.68GiB) 2023-02-07T19:30:25.012 INFO OutputProcess::MainThread -> [GC] global: 73.2% -> 73.2%, process: RSS(41.11MiB -> 41.12MiB), VMS(32.79GiB -> 32.79GiB)
- No labels