Monitoring
There are several options to monitor nevisDetect:
- With log messages
- With the Status Service (REST API)
Monitoring with log messages
It is possible to monitor nevisDetect, its components and plug-ins based on log messages. This chapter describes the relevant log messages per nevisDetect component.
These log messages also appear in the nevisDetect web application, in the Application monitoring view of the Status section. The Application monitoring view provides detailed information on all nevisDetect components and all available plug-ins. For more information, see Status section. Currently only messages of the INFO severity category are described.
Core component
The next table lists the possible monitoring log messages for the Core component.
Severity | Message example / Description | ID |
---|---|---|
INFO | NevisProxyPolicy: name='demo-2' action-plugin='NevisProxyActionPlugin' risk-score='BehavioSecTransaction' ranges: range: min='0.295' max=1' action='AUTHENTICATE' | CC-I |
This message describes configured and activated nevisProxy policies (technical name: NevisProxyPolicy). | ||
INFO | NevisAuthPolicy: name='Behaviosec-Login' action-plugin='NevisAuthActionPlugin' risk-score='BehavioSecTransaction' ranges: range: min='0.3' max=1' action='ADDITIONAL_AUTHENTICATION' | CC-I |
This message describes configured and activated nevisAuth policies (technical name: NevisAuthPolicy). | ||
INFO | ThreadPool: active-count=0 pool-size=5 max-pool-size=200 | CC-I |
This message shows thread pool data. The message elements have the following meaning: active-count : Number of threads currently in use.pool-size : Current thread pool size. max-pool-size : Maximum number of threads. | ||
INFO | Messages: minProcessingTime=72 maxProcessingTime=678 averageProcessingTime=301.0 currentProcessingTime=72 (milli seconds) | CC-I |
This message gives information on the processing times. | ||
INFO | Messages: request/second=0.004366812227074236 (3/687.0) | CC-I |
This message shows the messages rate, that is, the number of JMS messages per total processing time. | ||
INFO | Persistency Batch: enabled='true' current-batch-size='0' max-batch-size='1000' max-batch-age='5000' [msec] (thread-pool-size='5') | CC-I |
This message gives information on the persistency batch. The message elements have the following meaning: current-batch-size : Number of requests currently in the batch. max-batch-size : Maximum batch size. max-batch-age : Maximum batch ageIf the maximum batch size or age is exceeded, the batched data will be sent to the Persistency service. |
Feature Correlator component
The next table lists the possible monitoring log messages for the Feature Correlator component.
Severity | Message example / Description | ID |
---|---|---|
INFO | Rule: rule-id='VKvGmMTl-RqDpDq59pdrVdQKUL_UO2a9m1HPiUPcyoQx' rule-action='BLOCK' user='LDAP/Thomas Bayes' active='true' | FC-I |
This message describes rules. The message elements have the following meaning: rule-id : ID of the rule. rule-action : The action that is related to the rule. user : Realm or login ID of the user addressed by the rule. | ||
INFO | Request filter: name='BehavioSec missing' enabled='true' processing='false' position='0' communication-mode='null' condition-source='BODY' condition-qualifier='NOT_CONTAINS_FIELD' condition-attribute-name='bdata' condition-expression='null' | FC-I |
This message describes request filters. The message elements have the following meaning: enabled : Flag showing if the request filter is enabled. position : Order position. communication mode : Indicates the communication mode.For more detailed information, see the configuration of the relevant request filter. | ||
INFO | Requests: minProcessingTime=0 maxProcessingTime=288 averageProcessingTime=22.0 currentProcessingTime=0 (milli seconds) | FC-I |
This message gives information on the processing times. | ||
INFO | Requests: request/second=0.01093983092988563 (22/2011.0) | FC-I |
This message shows the requests rate, that is, the number of HTTP requests per total processing time. | ||
INFO | Request Batch: current-batch-size='0' max-batch-size='2000' max-batch-age='10000' [msec] (thread-pool-size='4') | FC-I |
This message gives information on the request batch. The message elements have the following meaning: current-batch-size : Number of requests currently in the batch. max-batch-size : Maximum batch size. max-batch-age : Maximum batch ageIf the maximum batch size or age is exceeded, the batched data will be sent as JMS message to Core component. | ||
INFO | Sending request-modification (propagated risk-scores) | FC-I |
This message gives information on propagated risk scores. |
Persistency component
The next table lists the possible monitoring log messages for the Persistency component.
Severity | Message example / Description | ID |
---|---|---|
INFO | Messages: minProcessingTime=31 maxProcessingTime=602 averageProcessingTime=343.0 currentProcessingTime=31 (milli seconds) | PC-I |
This message gives information on the processing times. | ||
INFO | Messages: request/second=0.003740648379052369 (3/802.0) | PC-I |
This message shows the requests rate, that is, the number of REST calls per total processing time. |
Risk plug-ins
The next tables lists the possible monitoring log messages for the Risk plug-ins. There are three categories of messages: generic messages, BehavioSec-specific messages and nevisAdapt-specific messages.
Generic messages
The next table lists generic log messages for all Risk plug-ins.
Severity | Message example / Description | ID |
---|---|---|
INFO | RiskScores: name='NevisAdaptDeviceRecognition' storage-condition='OPTIONAL' storage-confidence-threshold='0' | PL-I |
This message gives information on the plug-in risk scores and their storage condition. | ||
INFO | BehavioSec: minProcessingTime=29 maxProcessingTime=78 averageProcessingTime=52.0 currentProcessingTime=29 (milli seconds) | BHS-1 |
This message gives information on processing times. | ||
INFO | BehavioSec: request/second=0.004366812227074236 (3/687.0) | BHS-1 |
This message shows the requests rate, that is, the number of requests per total processing time. |
BehavioSec-specific messages
The next table lists BehavioSec-specific monitoring log messages.
Severity | Message example / Description | ID |
---|---|---|
INFO | Called: GetReport=2 FinalizeSession=1 ResetProfile=0 | BHS-1 |
This message gives information on service calls. | ||
INFO | Version: BehavioSense[MT] - 4.3.2.1, Behavio Environment Detection - 1.0, Behavio Bot Detection - 2.0.1, Behavio IP Detection - 1.0.2, Behavio Device Detection - 2.0.0, Behavio Data Integrity - 1.3.0, Behavio Soft Input - 1.2.4, Behavio User Integrity - 1.2, Behavio RAT Detection - 1.1.1, Behavio Meta Engine - 1.0.2, BehavioFuzzy 7.43 | BHS-1 |
This message shows BehavioSec version information. |
nevisAdapt-specific messages
The next table lists nevisAdapt-specific monitoring log messages.
Severity | Message example / Description | ID |
---|---|---|
INFO | Cache size: 1 | NAD-3 |
This message gives information about the cache size, that is, the number of cached plug-in risk scores. | ||
NFO | Version: NevisAdapt/1.0.0.0 | NAD-4 |
This message shows nevisAdapt version information. |
Monitoring with Status Service (REST API)
Besides monitoring nevisDetect with log messages, you can also monitor nevisDetect with the REST Status Service. In this case, the nevisDetect Admin component exposes a REST endpoint to collect the status lists from the other components: Core, Feature Correlator, and Persistency.