User Behavior Analytics Troubleshooting
You can check the status of the components in the nevisDetect web application, for more information see the Operator section in the nevisDetect User guide.
The detailed description of the monitoring messages can be found under the Monitoring chapter in the nevisDetect Reference guide.
Logfiles
You can find the log files on the path below. You can also override the log files in the configuration. /var/opt/nevisdetect/<component>/logs/nevisdetect-<component>.log.
| Component | Log file |
|---|---|
| Persistency | /var/opt/nevisdetect/persistency/logs/nevisdetect-persistency.log |
| Admin | /var/opt/nevisdetect/admin/logs/nevisdetect-admin.log |
| Core | /var/opt/nevisdetect/core/logs/nevisdetect-core.log |
| Entrypoint | /var/opt/nevisdetect/entrypoint/logs/nevisdetect-entrypoint.log |
For troubleshooting, use the log entries created by the OpTracer. This helps you to find the service calls in the log. For example:
2018-01-16_22:13:23.158 [https-jsse-nio-10.0.205.195-8181-exec-4] DEBUG c.n.nevisDetect.util.logging.OpTracer - ==>'GET https://nevisdetect-dev.nevis-security.com:8181/nevisdetect/persistency/runtimeconfiguration/getRuntimeConfiguration?waitTime=30000' remoteAddr='10.0.205.195' user='DETECT_CORE'
2018-01-16_22:13:53.183 [https-jsse-nio-10.0.205.195-8181-exec-4] INFO c.n.nevisDetect.util.logging.OpTracer - <== 'GET https://nevisdetect-dev.nevis-security.com:8181/nevisdetect/persistency/runtimeconfiguration/getRuntimeConfiguration?waitTime=30000' remoteAddr='10.0.205.195' user='DETECT_CORE' in 30025 [msec]