Initialize the Salesforce Beat
Prerequisites
Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.
Set OpenCollector buffer size to 50000.
You have the required Salesforce credentials: Client ID and Client Password. To collect log data from Salesforce, the LogRhythm Agent requires the Salesforce user to be have the following permissions:
The user must have View Event Log Files and API Enabled user permissions. Users with View All Data permissions can view event log files.
READ access permissions must be enabled for the following Salesforce objects:
Event Log File
Report, Dashboard
User
Opportunity
Account
LoginHistory
To connect over the REST API, the Salesforce user needs to have a security token associated with it. If you do not have a security token, follow the instructions at the following link: Reset Security Token.
The following port is open:
Direction | Port | Protocol | Source |
|---|---|---|---|
Outbound | 443 | HTTPS | salesforcebeat |
Initialize the Beat
Confirm the Open Collector is running:
CODE./lrctl statusYou should see the open_collector and metrics version:
If Open Collector is not running correctly, see Troubleshoot the Open Collector in the Open Collector Installation and User Guide.
Run the following command to start the beat:
CODE./lrctl salesforcebeat startUsing the arrow keys, select New salesforcebeat instance from the list, and then press Enter.
Enter a unique identifier for this Salesforce beat instance, and then press Enter.
Enter the Salesforce beat domain name, and then press Enter.
Enter the Client ID for the Salesforce Beat configuration, and then press Enter.
Enter the Client Password for the Salesforce Beat configuration, and then press Enter.
Enter the hostname or IP Address of the Open Collector, and then press Enter.
Enter the port number on which open collector listens the request, and then press Enter.
The Salesforce Beat starts successfully.
To check the status of the service, run the following command:
CODE./lrctl salesforcebeat status
Salesforce Beat Notes
Since Salesforce is used to process extremely large logs, it is highly recommended to set the OpenCollector buffer size to 50000.
The Salesforce Beat will collect logs only once per day at 5 AM UST.
If the beat is started after/before 5 AM UST, it will collect logs that are available up to that time. The beat will run again at its scheduled time of 5 AM UST and collect all the logs once again. This may cause duplicate logs in the system.
If you wish to fetch logs from a particular date, you can provide the date in the salesforcebeat.yml file in the customPullDate field, using the YYYY-MM-DD format, and then restart the beat, whch will collect logs from that date. You will then have a one hour window to reset this field to blank to avoid repeated logs from that date. After resetting this field to blank, you will need to restart the beat for its regular functionality. This restart will collect logs of that day up to that time. This activity may also cause duplicate logs in the system.
Default Config Values for the Salesforce Beat
S.No | Field Name | Default Values |
|---|---|---|
1 | heartbeatinterval | 60s |
2 | heartbeatdisabled | false |
3 | period | 1000s |
4 | throttlingIntervalSecs | 60 This field value should always be greater than 0. |
5 | customPullDate | ““ This date is in the YYYY-MM-DD format. The Salesforce Beat will pull the data for the mentioned date only, if one has been entered. It will keep pulling the data for this date only after the Period time elapsed. It is suggested to revert the date to blank after the logs have been pulled for the desired date. |
6 | limit | 1000 The supported limit range is 1-1000. |
7 | ingestToday | false This field can be changed to “true” when the log of today’s date is required. |
8 | numbackdaysData | 0 Edit this field to determine the number of back days for which to collect logs. |
