Deployment
- 14 Feb 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
This documentation version is deprecated, please click here for the latest version.
Deployment
- Updated on 14 Feb 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Events around the global status of the deployment, observable in D&R rules via the deployment target.
CLOUD_ADAPTER_DISABLED
This event is emitted when a Cloud Adapter gets disabled because it has been erroring for a long period of time.
Sample Event:
{
"event":{
"error": "invalid api key"
},
"routing": {
"event_time": 1644444297696,
"event_type": "cloud_adapter_disabled",
"oid": "8cbe27f4-aaaa-cccc-bbbb-138cd51389cd"
}
}
DELETED_SENSOR
Deleted Sensor deployment events are produced when a sensor that was previously deleted from an Org attempts to connect to the LimaCharlie cloud.
Sample Event:
{
"routing": {
"oid": "d9ae5c17-d519-4ef5-a4ac-c454a95d31ca",
"iid": "ca812425-5a36-4c73-a0a0-935a8ace6451",
"sid": "a75cc927-bf28-4178-a42d-25ecc8a6be81",
"plat": 536870912,
"arch": 2,
"ext_ip": "104.196.34.101",
"int_ip": "172.17.0.2",
"hostname": "linux-server-1",
"event_type": "deleted_sensor",
"event_time": 1561741553230
},
"event": {
"denied_for": "720h0m0s"
}
}
ENROLLMENT
Enrollment deployment events are produced when a sensor enrolls into the organization for the first time.
Sample Event:
{
"routing": {
"oid": "d9ae5c17-d519-4ef5-a4ac-c454a95d31ca",
"iid": "ca812425-5a36-4c73-a0a0-935a8ace6451",
"sid": "a75cc927-bf28-4178-a42d-25ecc8a6be81",
"plat": 536870912,
"arch": 2,
"event_type": "enrollment",
"event_time": 1561741553230
},
"event": {
"public_ip": "104.196.34.101",
"internal_ip": "172.17.0.2",
"host_name": "linux-server-1"
}
}
QUOTA_CHANGED
Quota changed events are emitted when the quota for an Organization changes.
Sample Event:
{
"event":{
"new_quota": 30,
"old_quota": 25
},
"routing": {
"event_time": 1644444297696,
"event_type": "quota_changed",
"oid": "8cbe27f4-aaaa-cccc-bbbb-138cd51389cd"
}
}
SENSOR_CLONE
Sensor clone events are generated when the LimaCharlie Cloud detects that a specific Sensor ID may have been cloned. Cloning means the same SID is associated with two different hosts at the same time. This is most often due to a machine image being created with a LC sensor installed on it, and then being deployed multiple times.
Sample Event:
{
"routing": {
"oid": "d9ae5c17-d519-4ef5-a4ac-c454a95d31ca",
"iid": "ca812425-5a36-4c73-a0a0-935a8ace6451",
"sid": "a75cc927-bf28-4178-a42d-25ecc8a6be81",
"plat": 536870912,
"arch": 2,
"event_type": "sensor_clone",
"event_time": 1561741553230
},
"event": {
"previous_hostname" : "server-1",
"new_hostname" : "server-2"
}
}
SENSOR_CRASH
This event is generated when a sensor has crashed. It will include some telemetry useful to help LimaCharlie troubleshoot the crash.
Sample Event:
{
"routing": {
"arch": 2,
"event_time": 1670861698000,
"event_type": "sensor_crash",
"hostname": "linux-server-1",
"ext_ip": "104.196.34.101",
"int_ip": "172.17.0.2",
"oid": "8cbe27f4-aaaa-cccc-bbbb-138cd51389cd",
"plat": 268435456,
"iid": "ca812425-5a36-4c73-a0a0-935a8ace6451",
"sid": "a75cc927-bf28-4178-a42d-25ecc8a6be81"
},
"event": {
"crash_context": {
"FILE_ID": 63,
"LINE_NUMBER": 1216,
"THREAD_ID": 7808
}
}
}
SENSOR_OVER_QUOTA
Over quota deployment events are produced when a sensor tries to connect but the organization quota is already reached.
Sample Event:
{
"routing": {
"oid": "d9ae5c17-d519-4ef5-a4ac-c454a95d31ca",
"iid": "ca812425-5a36-4c73-a0a0-935a8ace6451",
"sid": "a75cc927-bf28-4178-a42d-25ecc8a6be81",
"plat": 536870912,
"arch": 2,
"event_type": "sensor_over_quota",
"event_time": 1561741553230
},
"event": {
"public_ip": "104.196.34.101",
"internal_ip": "172.17.0.2",
"host_name": "linux-server-1"
}
}
Was this article helpful?