Starting and managing the kuma-kont service
To start the utility service, run the following command:
sudo systemctl start kuma-kont
The collection of events from the MSSQL database begins and the events are sent to the KUMA collector.
The utility service can be controlled using the following commands:
- Start the kuma-kont service:
sudo systemctl start kuma-kont
- Stop the kuma-kont service:
sudo systemctl stop kuma-kont
- Restart the kuma-kont service:
sudo systemctl restart kuma-kont
You can also send events using the kuma-kont utility running as an application. To start sending events to the KUMA collector, you need to run the following command while in the directory with the executable file:
./kuma-kont --config <
path to the kuma-kont-config.yaml file
>
Behavior when connection is lost
Connection to the MSSQL database.
If the connection to the MSSQL database is lost, the utility tries to reconnect to it every n seconds (where n is equal to the value of the poll_interval setting in the configuration file) until the connection is restored.
Connection to the KUMA collector
If the TCP protocol is used to send events, when the connection to the KUMA collector is lost, the utility also attempts to restore it. The interval between connection attempts increases until it reaches one hour, and subsequent reconnection attempts are made once per hour.
Known limitations
The event from the AlertLog
table with AL_CATEGORY=5 is not fully decoded.