Sending information to Acquia Insight

Using Acquia Insight

The Acquia Insight service needs information from the environments it monitors to create their overall ratings and to report alert conditions. Environments send their information to Acquia Insight using the Acquia Connector. This information includes:

  • General application information, including node counts, user counts, and non-sensitive basic information
  • Drupal information, including versions of core and enabled modules
  • Security information, testing some common insecure practices
  • PHP, web server, and database versions, configuration information, and statistics

For more detailed information, see What the Acquia Connector sends.

Configuring what the Acquia Connector sends

Once you have installed and enabled the Acquia Connector, you can configure it to limit the scope of information you want collected and sent to Acquia Insight.

To configure the Connector settings:

  1. Go to the Configuration > Acquia settings page:
    • Drupal 8.x: Go to http://[site_URL]/admin/config/system/acquia-connector
    • Drupal 7.x: Go to http://[site_URL]/admin/config/system/acquia-agent
  2. Choose the items you want to collect and monitor.

    Connector configuration

    • Admin privileges
      • Security information for the application, including privileges for anonymous and logged-in users and file security
      • Number of admin users
      • Whether or not the User ID 1 account has an insecure username, such as admin or root
    • Nodes and users
      • Titles and types of the last 15 nodes
      • Titles of the last 15 comments
      • User names and email addresses of the last 15 created users
    • Watchdog logs
      • Last failed log-in attempts
      • List of page-not-found references
      • Critical, alert, and emergency watchdog messages
    • Source code

      If you enable this option, Acquia Insight checks whether the contents of core or contributed Drupal code files (not custom files) have been modified.

  3. Allow Insight to update the list of approved variables.
  4. Clear the Send via Drupal cron check box. For best performance, it is best not to use Drupal's cron process to send your website's information to Acquia Insight. Instead, set up a server cron process to send the information, as described in Using server cron to send information.

Using server cron to send information

For best performance, set up a server cron process to send your environment's information to Acquia Insight. Follow this procedure to add a command for each of your environments on the Acquia Cloud interface's Applications > {Environment > Scheduled Jobs page.

  1. On the Configuration > Acquia settings page of your Drupal website, clear the Send via Drupal cron check box. With that check box cleared, the page displays the Acquia SPI URL, which is in the form http://[site URL]/system/acquia-spi-send?key=a1b2c3e4f5.
  2. Sign in to the Acquia Cloud interface and open the Scheduled Jobs page for your application and environment.
  3. Click Add job.
  4. In the Job name field, enter a name for the job to identify it in the Acquia Cloud interface.
  5. Under Command, enter a command like the following, using the Acquia SPI URL from step 1. Do not include a cron time string. For example:

    /usr/bin/wget -O - -q -t 1 http://[Acquia SPI URL]
  6. Under Command frequency, set the cron schedule. Note that the time zone for the schedule is UTC. We recommend that you set the cron schedule to run not more frequently than once per hour and not less frequently than once a day.
  7. Click Add.

For more information, see Using scheduled jobs to maintain your application.

Configure a cron task on Acquia Cloud

What the Acquia Connector sends

With its default settings, the Acquia Connector sends the following information to Acquia Insight:

  • General application information, including node counts, user counts, and non-sensitive basic information
  • System variables that enable Acquia Insight to check whether your application is responding to requests or in maintenance mode, as well as your application's performance and implementation of best practices
  • Drupal information, including versions and enabled modules
  • A list of all Drupal code files, including the last change date, the user and group of the file owner, and the hash value
  • PHP, web server, and database information, including:
    • PHP version, extensions, memory limit, maximum post and upload size, and cookie lifetime
    • OS version, Apache version, configuration variables, and running statistics
    • MySQL version, configuration variables, database cache statistics and other running statistics
  • Security information, including information needed to check whether:
    • Drupal installation files and directories are writable by the server, except as required.
    • Users with untrusted roles are allowed to input dangerous HTML tags or use the PHP input format.
    • Dangerous tags were found in any submitted content (fields).
    • Error reporting is set to a log only, rather than to the screen.
    • The private files directory is outside the web server root.

Information never sent by the Acquia Connector

The Acquia Connector does not expose the following information to Acquia Insight:

  • Passwords or password hashes
  • System-level user account names (excluding system accounts that own Drupal code files)
  • Contents of custom files or modules

How the Acquia Connector connects to Acquia

The Acquia Connector, for Drupal 8, is comprised of two modules: Acquia Insight and Search. In the 7.x versions, the Acquia Insight module is divided into separate Acquia Agent and Acquia Site Profile Information modules. These modules are responsible for retrieving, parsing, and communicating data between the client (a Drupal website with modules installed), and the server (Acquia Insight).

All communications between the Drupal application and Acquia Insight happen with XML-RPC over HTTPS, with the exception of one case (SPI makes simple HTTPS GET requests to Acquia Insight for read-only data). Message authenticity and integrity is maintained by including message authentication code (HMAC) components in the request and response. This is helpful for secure communications in cases where the client application does not support SSL. The client and the server share a private key that's used to sign and validate messages. Messages are outgoing from the client to the server, except for one feature of the Insight service that allows for comparing Drupal core and contributed module code that is invoked by the server.

The SPI module sends configuration and system information for use in the Insight service. The Search module sends application content to be indexed by Apache Solr as part of Acquia Search. Information is sent by default as part of the Drupal cron system, though the Acquia Connector can be configured to send data separately. See the Agent test module for a list of server-side XML-RPC methods (though full validation is not replicated) .

When the Acquia Connector connects to Acquia

The Acquia Connector module sends information to Acquia Insight when your environment runs cron, and Insight updates your environment's scores and alerts every 30 minutes, so you can expect changes you make to your environment to be reflected in your Insight scores after 30 minutes plus your environment's cron interval. Module information is updated not more than every 22 hours, regardless of the cron interval. Some other information is updated not more than every six hours. You can cause Insight to update more quickly by sending information to Insight manually. To do this, on your Drupal application's Admin > Reports > Status report page, under Acquia SPI, by clicking manually send SPI data.

Add new comment

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
By submitting this form, you accept the Mollom privacy policy.

Contact supportStill need assistance? Contact Acquia Support