Sending information to Acquia

The Acquia Insight service needs information from the sites it monitors to create their overall ratings and to report alert conditions. Sites send their information to Acquia Insight using the Acquia Connector.

  • General site information, including node counts, user counts, and non-sensitive basic information
  • Drupal information, including versions of core and enabled modules
  • Security information, testing some common insecure practices
  • PHP, web server, and database versions, configuration information, and statistics

For more detailed information, see What the Acquia Connector sends.

Configuring what the Acquia Connector sends

Once you have installed and enabled the Acquia Connector, you can configure it to limit the scope of information you want collected and sent to Acquia Insight.

To configure the Connector settings:

  1. Go to the Configuration > Acquia settings page:
    • Drupal 8.x: Go to http://[site_URL]/admin/config/system/acquia-connector
    • Drupal 7.x: Go to http://[site_URL]/admin/config/system/acquia-agent
    • Drupal 6.x: Go to http://[site_URL]/admin/settings/acquia-agent
  2. Choose the items you want to collect and monitor.

    Connector configuration

    • Admin privileges
      • Security information for the site, including privileges for anonymous and logged-in users and file security
      • Number of admin users
      • Whether or not the User ID 1 account has an insecure username, such as admin or root
    • Nodes and users
      • Titles and types of the last 15 nodes
      • Titles of the last 15 comments
      • User names and email addresses of the last 15 created users
    • Watchdog logs
      • Last failed log-in attempts
      • List of page-not-found references
      • Critical, alert, and emergency watchdog messages
    • Source code

      If you enable this option, Acquia Insight checks whether the contents of core or contributed Drupal code files (not custom files) have been modified. Any modifications are highlighted in diff files you can view and download in Insight.

  3. Allow Insight to update the list of approved variables. If you enable this option, the Insight Fix It Now feature has access to a wider and more up-to-date range of variables on your site.
  4. Clear the Send via Drupal cron check box. For best performance, it's best not to use Drupal's cron process to send your website's information to Acquia Insight. Instead, set up a server cron process to send your website's information, as described in Using server cron to send information.

Using server cron to send information

For best performance, set up a server cron process to send your website's information to Acquia Insight. How you do this depends on whether your website is hosted by Acquia Cloud or not.

If your website is hosted on Acquia Cloud

If your website is hosted on Acquia Cloud, follow this procedure to add a command for each of your environments on the Cloud > Cron page.

  1. On the Configuration > Acquia settings page, clear the Send via Drupal cron check box. With that check box cleared, the page displays the Acquia SPI URL, which is in the form http://[site URL]/system/acquia-spi-send?key=a1b2c3e4f5.
  2. Sign in to Acquia and open the Cloud > Cron page.
  3. Click Add cron task.
  4. Under Cron command, enter a command like the following, using the Acquia SPI URL from step 1. Do not include a cron time string. For example:

    /usr/bin/wget -O - -q -t 1 http://[Acquia SPI URL]

  5. Under Command frequency, set the cron schedule. Note that the time zone for the schedule is UTC. We recommend that you set the cron schedule to run not more frequently than once per hour and not less frequently than once a day.
  6. Click Add.

For more information, see Using cron to schedule tasks.

Configure a cron task on Acquia Cloud

If your website is not hosted by Acquia Cloud

In your server's crontab file, add a command to send information to Acquia Insight:

  1. On the Configuration > Acquia settings page, clear the Send via Drupal cron check box. With that check box cleared, the page displays the Acquia SPI URL, which is in the form http://[site URL]/system/acquia-spi-send?key=a1b2c3e4f5.
  2. Find the location of wget on your server with the command whereis (for example, whereis wget).
  3. Edit crontab with the command crontab -e.
  4. Add a command like this to crontab, using the cron time string you choose, the Acquia SPI URL from step 1, and the location of wget on your server:

    15 1 * * * /usr/bin/wget -O - -q -t 1 http://[Acquia SPI URL]

    We recommend that you set the cron schedule to run not more frequently than once per hour and not less frequently than once a day.

Instead of wget, you could use curl or lynx. For more information about cron, see Cron. For information about the Cron time string, including how to format the string to create time intervals, see Cron time string format.

Configuring non-Acquia Cloud websites behind a firewall

In order for Acquia Insight to provide complete functionality, it needs to be able to communicate directly with your website. If your website is hosted on Acquia Cloud, you don't need to do anything beyond configuring the Acquia Connector to enable this. If your website is not hosted on Acquia Cloud and is behind a firewall (this is not common), configure it to allow connections from these IP addresses:

  • 107.20.170.10
  • 107.20.173.133
  • 107.21.119.223
  • 107.22.194.21
  • 107.22.194.89
  • 107.22.194.90
  • 107.22.194.119
  • 107.22.194.181

What the Acquia Connector sends

With its default settings, the Acquia Connector sends the following information to Acquia Insight:

  • General site information, including node counts, user counts, and non-sensitive basic information
  • System variables that enable Acquia Insight to check whether your site is responding to requests or in maintenance mode, as well as your site's performance and implementation of best practices
  • Drupal information, including versions and enabled modules
  • A list of all Drupal code files, including the last change date, the user and group of the file owner, and the hash value
  • PHP, web server, and database information, including:
    • PHP version, extensions, memory limit, maximum post and upload size, and cookie lifetime
    • OS version, Apache version, configuration variables, and running statistics
    • MySQL version, configuration variables, database cache statistics and other running statistics
  • Security information, including information needed to check whether:
    • Drupal installation files and directories are writable by the server, except as required.
    • Users with untrusted roles are allowed to input dangerous HTML tags or use the PHP input format.
    • Dangerous tags were found in any submitted content (fields).
    • Error reporting is set to a log only, rather than to the screen.
    • The private files directory is outside the web server root.

Information never sent by the Acquia Connector

The Acquia Connector does not expose the following information to Acquia Insight:

  • Passwords or password hashes
  • System-level user account names (excluding system accounts that own Drupal code files)
  • Contents of custom files or modules

How the Acquia Connector connects to Acquia

The Acquia Connector, for Drupal 7, is comprised of three modules: Agent, Search, and SPI. For Drupal 6, the Acquia Connector contains only the Agent and SPI modules. These modules are responsible for retrieving, parsing, and communicating data between the client, a Drupal site with modules installed, and the server, Acquia Insight.

All communications between the Drupal site and Acquia Insight happen with XML-RPC over HTTPS, with the exception of one case (SPI makes simple HTTPS GET requests to Acquia Insight for read-only data). Message authenticity and integrity is maintained by including message authentication code (HMAC) components in the request and response. This is helpful for secure communications in cases where the client site does not support SSL. The client and the server share a private key that's used to sign and validate messages. Messages are outgoing from the client to the server, except for one feature of the Insight service that allows for comparing Drupal core and contributed module code that is invoked by the server.

The SPI module sends configuration and system information for use in the Insight service. The Search module sends site content to be indexed by Apache Solr as part of Acquia Search. Information is sent by default as part of the Drupal cron system, though the Connector can be configured to send data separately. See the Agent test module for a list of server-side XML-RPC methods (though full validation is not replicated) .