User Guide Functional Overview Requirements Architecture System Installation NetEye Additional Components Installation Setup The neteye Command Director NetEye Self Monitoring Tornado Business Service Monitoring IT Operation Analytics - Telemetry Geo Maps NagVis Audit Log Shutdown Manager Reporting ntopng Visual Monitoring with Alyvix Elastic Stack IT Operations (Command Orchestrator) Asset Management Service Level Management Cyber Threat Intelligence - SATAYO NetEye Update & Upgrade How To NetEye Extension Packs Troubleshooting Security Policy Glossary
module icon Elastic Stack
Overview Architecture Authorization Elasticsearch Overview Enabling El Proxy Sending custom logs to El Proxy Configuration files Commands Elasticsearch Templates and Retentions El Proxy DLQ Blockchain Verification Handling Blockchain Corruptions El Proxy Metrics El Proxy Security El Proxy REST Endpoints Agents Logstash Elastic APM Elastic RUM Log Manager - Deprecated
ntopng Visual Monitoring with Alyvix Elastic Stack IT Operations (Command Orchestrator) Asset Management Service Level Management Cyber Threat Intelligence - SATAYO Introduction to NetEye Monitoring Business Service Monitoring IT Operation Analytics Visualization Network Visibility Log Management & Security Orchestrated Datacenter Shutdown Application Performance Monitoring User Experience Service Management Service Level Management & Reporting Requirements for a Node Cluster Requirements and Best Practices NetEye Satellite Requirements TCP and UDP Ports Requirements Additional Software Installation Introduction Single Node Cluster NetEye Master Master-Satellite Architecture Underlying Operating System Acquiring NetEye ISO Image Installing ISO Image Single Nodes and Satellites Cluster Nodes Configuration of Tenants Satellite Nodes Only Nodes behind a Proxy Additional NetEye Components Single Node Cluster Node Satellites Nodes only Verify if a module is running correctly Accessing the New Module Cluster Satellite Security Identity and Access Management External Identity Providers Configure federated LDAP/AD Emergency Reset of Keycloak Configuration Advanced Configuration Authorization Resources Tuning Advanced Topics Basic Concepts & Usage Advanced Topics Monitoring Environment Templates Monitored Objects Import Monitored Objects Data Fields Deployment Icinga 2 Agents Configuration Baskets Dashboard Monitoring Status VMD Permissions Notifications Jobs API Configuring Icinga Monitoring Retention Policy NetEye Self Monitoring 3b Concepts Collecting Events Add a Filter Node WHERE Conditions Iterating over Event fields Retrieving Payload of an Event Extract Variables Create a Rule Tornado Actions Test your Configuration Export and Import Configuration Example Under the hood Development Retry Strategy Configuration Thread Pool Configuration API Reference Configure a new Business Process Create your first Business Process Node Importing Processes Operators The ITOA Module Configuring User Permissions Telegraf Metrics in NetEye Telegraf Configuration Telegraf on Monitored Hosts Visualizing Dashboards Customizing Performance Graph The NetEye Geo Map Visualizer Map Viewer Configuring Geo Maps NagVis 3b Audit Log 3b Overview Shutdown Manager user Shutdown Manager GUI Shutdown Commands Advanced Topics Overview User Role Management Cube Use Cases ntopng and NetEye Integration Permissions Retention Advanced Topics Overview User Roles Nodes Test Cases Dashboard Use Cases Overview Architecture Authorization Elasticsearch Overview Enabling El Proxy Sending custom logs to El Proxy Configuration files Commands Elasticsearch Templates and Retentions El Proxy DLQ Blockchain Verification Handling Blockchain Corruptions El Proxy Metrics El Proxy Security El Proxy REST Endpoints Agents Logstash Elastic APM Elastic RUM Log Manager - Deprecated Overview Authorization in the Command Orchestrator Module Configuring CLI Commands Executing Commands Overview Permissions Installation Single Tenancy Multitenancy Communication through a Satellite Asset collection methods Display asset information in monitoring host page Overview Customers Availability Event Adjustment Outages Resource Advanced Topics Introduction Getting Started SATAYO Items Settings Managed Service Mitre Attack Coverage Changelog Before you start Update Procedure Single Node Upgrade from 4.42 to 4.43 Cluster Upgrade from 4.42 to 4.43 Satellite Upgrade from 4.42 to 4.43 DPO machine Upgrade from 4.42 to 4.43 Create a mirror of the RPM repository Sprint Releases Feature Troubleshooting Tornado Networking Service Management - Incident Response IT Operation Analytics - Telemetry Identity Provider (IdP) Configuration Introduction to NEP Getting Started with NEPs Online Resources Obtaining NEP Insights Available Packages Advanced Topics Upgrade to NetEye 4.31 Setup Configure swappiness Restarting Stopped Services Enable stack traces in web UI How to access standard logs Director does not deploy when services assigned to a host have the same name How to enable/disable debug logging Activate Debug Logging for Tornado Modules/Services do not start Sync Rule fails when trying to recreate Icinga object How to disable InfluxDB query logging Managing an Elasticsearch Cluster with a Full Disk Some logs are not indexed in Elasticsearch Elasticsearch is not functioning properly Reporting: Error when opening a report Debugging Logstash file input filter Bugfix Policy Reporting Vulnerabilities Glossary 3b

El Proxy REST EndpointsΒΆ

The following REST endpoints are used to receive data and expose the details of El Proxy status and metrics:

  • log endpoint:

    • description: Receives and processes a single log message in JSON format

    • path : /api/log

    • method: POST

    • request type: JSON

    • request example:

      {
   "entry": "A log message"
}

    • response: The HTTP Status code 200 is used to signal a successful processing. Other HTTP status codes indicate a failure.

  • log_batch endpoint:

    • description: Receives and processes an array of log messages in JSON format

    • path : /api/log_batch

    • method: POST

    • request type: JSON

    • request example:

      [
     {
         "entry": "A log message",
        "other": "Additional values...",
        "EBP_METADATA": {
           "agent": {
              "type": "auditbeat",
              "version": "7.10.1"
           },
           "customer": "neteye",
           "retention": "6_months",
           "blockchain_tag": "0",
           "event": {
              "module": "elproxysigned"
           },
           "pipeline": "my_es_ingest_pipeline"
        }
     },
     {
         "entry1": "Another log message",
        "entry2": "Another log message",
        "EBP_METADATA": {
           "agent": {
              "type": "auditbeat",
              "version": "7.10.1"
           },
           "customer": "neteye",
           "retention": "6_months",
           "blockchain_tag": "0",
           "event": {
              "module": "elproxysigned"
           },
           "pipeline": "my_es_ingest_pipeline"
        }
     },
     {
        "entry": "Again, another message",
       "EBP_METADATA": {
          "agent": {
             "type": "auditbeat",
             "version": "7.10.1"
          },
          "customer": "neteye",
          "retention": "6_months",
          "blockchain_tag": "0",
          "event": {
             "module": "elproxysigned"
          }
       }
     }
]

    • response: The HTTP Status code 200 is used to signal a successful processing. Other HTTP status codes indicate a failure.

  • DeadLetterQueue status endpoint:

    • description: Returns the status of the Dead Letter Queue. The status contains information on whether the DLQ is empty or not.

    • path : /api/v1/status/dlq

    • method: GET

    • response: The status of the DLQ in JSON format.

    • response example:

      {
  "empty": true
}

  • KeysBackup status endpoint:

    • description: Returns the status of the keys backup. The status contains information on whether any key backup is present in the {data_backup_dir} folder.

    • path : /api/v1/status/keys_backup

    • method: GET

    • response: The status of the Keys Backup in JSON format.

    • response example:

      {
  "empty": true
}

  • Metrics endpoint:

    • description: Returns the metrics collected by El Proxy since the last restart.

    • path : /api/v1/metrics/prometheus

    • method: GET

    • response: The metrics collected by El Proxy since the last service restart

    • response example:

      # HELP el_proxy_response_time Response time of El Proxy for signing requests
# TYPE el_proxy_response_time histogram
el_proxy_response_time_bucket{service_name="elproxy",le="0.05"} 8
el_proxy_response_time_bucket{service_name="elproxy",le="0.1"} 8
el_proxy_response_time_bucket{service_name="elproxy",le="0.2"} 9
el_proxy_response_time_bucket{service_name="elproxy",le="0.5"} 10
el_proxy_response_time_bucket{service_name="elproxy",le="1"} 10
el_proxy_response_time_bucket{service_name="elproxy",le="2"} 11
el_proxy_response_time_bucket{service_name="elproxy",le="5"} 11
el_proxy_response_time_bucket{service_name="elproxy",le="+Inf"} 11
el_proxy_response_time_sum{service_name="elproxy"} 1.51250216
el_proxy_response_time_count{service_name="elproxy"} 11
# HELP processed_logs Number of processed logs
# TYPE processed_logs counter
processed_logs{result="dlq",service_name="elproxy"} 2
processed_logs{result="failure",service_name="elproxy"} 2
processed_logs{result="indexed",service_name="elproxy"} 18
# HELP processed_requests Number of processed requests
# TYPE processed_requests counter
processed_requests{result="failure",service_name="elproxy"} 1
processed_requests{result="success",service_name="elproxy"} 10
# HELP received_logs Number of received logs
# TYPE received_logs counter
received_logs{retention="6_months",service_name="elproxy",tag="0",tenant="mycustomer"} 22
# HELP received_requests Number of received requests
# TYPE received_requests counter
received_requests{service_name="elproxy"} 11
# HELP write_logs_elasticsearch_response_time Elasticsearch response time for requests writing logs
# TYPE write_logs_elasticsearch_response_time histogram
write_logs_elasticsearch_response_time_bucket{service_name="elproxy",le="0.05"} 14
write_logs_elasticsearch_response_time_bucket{service_name="elproxy",le="0.1"} 14
write_logs_elasticsearch_response_time_bucket{service_name="elproxy",le="0.2"} 15
write_logs_elasticsearch_response_time_bucket{service_name="elproxy",le="0.5"} 16
write_logs_elasticsearch_response_time_bucket{service_name="elproxy",le="1"} 16
write_logs_elasticsearch_response_time_bucket{service_name="elproxy",le="2"} 16
write_logs_elasticsearch_response_time_bucket{service_name="elproxy",le="5"} 16
write_logs_elasticsearch_response_time_bucket{service_name="elproxy",le="+Inf"} 16
write_logs_elasticsearch_response_time_sum{service_name="elproxy"} 0.450198966
write_logs_elasticsearch_response_time_count{service_name="elproxy"} 16

The following metrics are available:

  • received_requests: number of received requests made to /api/log and /api/log_batch

  • processed_requests: number of processed requests. The following attributes are used:

    • result: the result of the processing of one request

      • success: in case the request response was OK, meaning that El Proxy returned 200 to Logstash. Note that a request is also considered to be successful if some of the logs failed to be indexed on Elasticsearch but were successfully written in the DLQ.

      • failure: in case the request response was other than OK.

    • failure_type: the failure type of the processing of one request

      • none: the request was processed successfully. In this case, result is always success

      • elasticsearch_error: the request to El Proxy failed due to an error during a request to Elasticsearch (e.g. the Elasticsearch request went in timeout or Elasticsearch returned a 500 Internal Server Error)

      • file_system_error: the request failed because of a file system error. This failure is often related to misconfigured permissions on the NetEye machine

      • dlq_error: the request triggered the writing of the logs in DLQ, and the writing operation failed

      • full_queue_error: the request failed because the internal communication channel of El Proxy between the requests-producer and the requests-consumer is either closed or saturated

      • internal_error: the request failed because of a general internal error

      • unexpected_error: the request failed because of an unexpected error

  • received_logs: number of received logs. The following attributes are used to group the number of received logs by their target blockchain

    • tenant: the tenant of the target blockchain for a given log

    • retention: the retention of the target blockchain for a given log

    • tag: the tag of the target blockchain for a given log

  • processed_logs: number of processed logs. The following attribute is used:

    • result: the result of the processing of one log

      • indexed: the log was successfully indexed on Elasticsearch

      • dlq: the log was successfully written in DLQ

      • failure: the log was neither indexed in Elasticsearch, neither written in DLQ, due to some errors

  • el_proxy_response_time: the time taken by El Proxy to receive and process a request

  • elasticsearch_requests: the number of indexing requests made to Elasticsearch. The following attributes are used:

    • result: the result of the request. It can be one of the following

      • success: the request was successful. Every log of the request was indexed in Elasticsearch

      • partial_failure: the request was not completely successful. One or more logs of the request failed to be indexed in Elasticsearch

      • failure: the request failed. Zero logs were indexed in Elasticsearch

    • retry_reason: the reason for which a previous non-completely-successful request was retried. It can be one of the following

      • none: the request was not a retry request caused by a previous non-completely-successful request

      • global: the request is the retry of a previous failed request. This request is the same as the previously failed one. Such retry requests could happen for example if the Elasticsearch is having some problems, or is not reachable

      • pipeline: the request is the retry of a previously partially-failed request. In this request, the Elasticsearch pipeline (if present) has been removed from the logs to bypass possible pipeline errors

      • malformed_logs: the request is the retry of a previously non-completely-successful request. In this request, each log has been reduced to its bare minimum removing all the fields which are not signed by El Proxy to bypass possible errors due to the malformed content of the log

  • write_logs_elasticsearch_response_time: the time taken by Elasticsearch to process a request

Blog Online Demo Training
Contact Us
© 2025, Wuerth Phoenix S.r.l.
VAT ID 01054690217
Privacy Cookies