This guide documents the classic version of the AWS Wickr administration console, released before March 13, 2025. For documentation on the new AWS Wickr administration console, see [ Administration Guide](https://docs.aws.amazon.com/wickr/latest/adminguide/what-is-wickr.html). # Data retention for AWS Wickr Data retention AWS Wickr Data retention can retain all conversations in network. This includes direct message conversations and conversations in Groups or Rooms between in-network (internal) members and those with other teams (external) with whom your network is federated. Data retention is only available to AWS Wickr Premium plan users and enterprise customers who opt in for data retention. For more information on the Premium plan, see [Wickr Pricing](https://aws.amazon.com/wickr/pricing/) When a network administrator configures and activates data retention for their network, all messages and files shared in their network are retained in accordance with the organization's compliance policies. These .txt file outputs are accessible by the network administrator in an external location (eg: local storage, Amazon S3 bucket, or any other storage as per user's choice), from where they can be analyzed, erased, or transferred. **Note** Wickr never accesses your messages and files. Therefore, it is your responsibility to configure a data retention system. **Topics** + [ # View data retention details in AWS Wickr ](view-data-retention-details.md) + [ # Configure data retention for AWS Wickr ](configure-data-retention.md) + [ # Get the data retention logs for your Wickr network ](getting-data-retention-logs.md) + [ # Data retention metrics and events for your Wickr network ](metrics-events.md) # View data retention details in AWS Wickr View data retention Complete the following procedure to view the data retention details for your Wickr network. You can also enable or disable data retention for your Wickr network. 1. Open the AWS Management Console for Wickr at [https://console.aws.amazon.com/wickr/](https://console.aws.amazon.com/wickr/). 1. Choose **Manage network**. 1. In the navigation pane of the Wickr Admin Console, choose **Network Settings**, and then choose **Data Retention**. The **Data Retention** page displays steps for setting up data retention, and the option to activate or deactivate the data retention feature. For more information about configuring data retention, see [Configure data retention for AWS Wickr](configure-data-retention.md). **Note** When data retention is activated, a **Data Retention Turned On** message will be visible for all users in your network informing them of the retention-enabled network. # Configure data retention for AWS Wickr Configure data retention To configure data retention for your AWS Wickr network, you must deploy the data retention bot Docker image to a container on a host, such as a local computer or an instance in Amazon Elastic Compute Cloud (Amazon EC2). After the bot is deployed, you can configure it to store data locally or in an Amazon Simple Storage Service (Amazon S3) bucket. You can also configure the data retention bot to use other AWS services like AWS Secrets Manager (Secrets Manager), Amazon CloudWatch (CloudWatch), Amazon Simple Notification Service (Amazon SNS), and AWS Key Management Service (AWS KMS). The following topics describe how to configure and run the data retention bot for your Wickr network. **Topics** + [ ## Prerequisites to configure data retention for AWS Wickr ](#data-retention-prerequisites) + [ # Password for data retention bot in AWS Wickr ](data-retention-password.md) + [ # Storage options for AWS Wickr network ](data-retention-storage-options.md) + [ # Environment variables to configure data retention bot in AWS Wickr ](data-retention-bot-env-variables.md) + [ # Secrets Manager values for AWS Wickr ](data-retention-aws-secret-values.md) + [ # IAM policy to use data retention with AWS services ](data-retention-aws-services.md) + [ # Start the data retention bot for your Wickr network ](starting-data-retention-bot.md) + [ # Stop the data retention bot for your Wickr network ](stopping-data-retention-bot.md) ## Prerequisites to configure data retention for AWS Wickr Prerequisites Before you get started, you must get the data retention bot name (labeled as **Username**) and initial password from the AWS Management Console for Wickr. You must specify both of these values the first time you start the data retention bot. You must also enable data retention in the console. For more information, see [View data retention details in AWS Wickr](view-data-retention-details.md). # Password for data retention bot in AWS Wickr Password The first time you start the data retention bot, you specify the initial password using one of the following options: + The `WICKRIO_BOT_PASSWORD` environment variable. The data retention bot environment variables are outlined in the [Environment variables to configure data retention bot in AWS Wickr](data-retention-bot-env-variables.md) section later in this guide. + The **password** value in Secrets Manager identified by the `AWS_SECRET_NAME` environment variable. The Secrets Manager values for the data retention bot are outlined in the [Secrets Manager values for AWS Wickr](data-retention-aws-secret-values.md) section later in this guide. + Enter the password when prompted by the data retention bot. You will need to run the data retention bot with interactive TTY access using the `-ti` option. A new password will be generated when you configure the data retention bot for the first time. If you need to re-install the data retention bot, you use the generated password. The initial password is not valid after the initial installation of the data retention bot. The new generated password will be displayed as shown in the following example. **Important** Save the password in a safe place. If you lose the password you will not be able to re-install the data retention bot. Don't share this password. It provides the ability to start data retention for your Wickr network. ``` ******************************************************************** **** GENERATED PASSWORD **** DO NOT LOSE THIS PASSWORD, YOU WILL NEED TO ENTER IT EVERY TIME **** TO START THE BOT "HuEXAMPLERAW4lGgEXAMPLEn" ******************************************************************** ``` # Storage options for AWS Wickr network Storage options After data retention is enabled and the data retention bot is configured for your Wickr network, it will capture all messages and files sent within your network. Messages are saved in files which are limited to a specific size or time limit that can be configured using an environment variable. For more information, see [Environment variables to configure data retention bot in AWS Wickr](data-retention-bot-env-variables.md). You can configure one of the following options for storing this data: + Store all captured messages and files locally. This is the default option. It's your responsibility to move local files to another system for long-term storage, and to make sure the host disk does not run out of memory or space. + Store all captured messages and files in an Amazon S3 bucket. The data retention bot will save all decrypted messages and files to the Amazon S3 bucket you specify. The captured messages and files are removed from the host machine after they are successfully saved to the bucket. + Store all captured messages and files encrypted in an Amazon S3 bucket. The data retention bot will re-encrypt all captured messages and files using a key that you supply and save them to the Amazon S3 bucket you specify. The captured messages and files are removed from the host machine after they are successfully re-encrypted and saved to the bucket. You will need software to decrypt the messages and files. For more information about creating an Amazon S3 bucket to use with your data retention bot, see [Creating a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html) in the *Amazon S3 User Guide* # Environment variables to configure data retention bot in AWS Wickr Environment variables You can use the following environment variables to configure the data retention bot. You set these environment variables using the `-e` option when you run the data retention bot Docker image. For more information, see [Start the data retention bot for your Wickr network](starting-data-retention-bot.md). **Note** These environment variables are optional unless otherwise specified. Use the following environment variables to specify the data retention bot credentials: + `WICKRIO_BOT_NAME` — The name of the data retention bot. This variable is *required* when you run the data retention bot Docker image. + `WICKRIO_BOT_PASSWORD` — The initial password for the data retention bot. For more information, see [Prerequisites to configure data retention for AWS Wickr](configure-data-retention.md#data-retention-prerequisites). This variable is *required* if you don't plan to start the data retention bot with a password prompt or you don't plan to use Secrets Manager to store the data retention bot credentials. Use the following environment variables to configure the default data retention streaming capabilities: + `WICKRIO_COMP_MESGDEST` – The path name to the directory where messages will be streamed. The default value is `/tmp//compliance/messages`. + `WICKRIO_COMP_FILEDEST` – The path name to the directory where files will be streamed. The default value is `/tmp//compliance/attachments`. + `WICKRIO_COMP_BASENAME` – The base name for the received messages files. The default value is `receivedMessages`. + `WICKRIO_COMP_FILESIZE` – The maximum file size for a received messages file in kibibyte (KiB). A new file is started when the max size is reached. The default value is `1000000000`, as in 1024 GiB. + `WICKRIO_COMP_TIMEROTATE` – The amount of time, in minutes, for which the data retention bot will put received messages into a received messages file. A new file is started when the time limit is reached. You can only use the file size or time to limit the size of the received messages file. The default value is `0`, as in no limit. Use the following environment variable to define the default AWS Region to use. + `AWS_DEFAULT_REGION` – The default AWS Region to use for AWS services like Secrets Manager (not used for Amazon S3 or AWS KMS). The `us-east-1` Region is used by default if this environment variable is not defined. Use the following environment variables to specify the Secrets Manager secret to use when you opt to use Secrets Manager to store the data retention bot credentials and AWS service information. For more information about the values you can store in Secrets Manager see [Secrets Manager values for AWS Wickr](data-retention-aws-secret-values.md). + `AWS_SECRET_NAME` – The name of the Secrets Manager secret that contains the credentials and AWS service information needed by the data retention bot. + `AWS_SECRET_REGION` – The AWS Region that the AWS secret is located in. If you are using AWS secrets and this value is not defined the `AWS_DEFAULT_REGION` value will be used. **Note** You can store all of the following environment variables as values in Secrets Manager. If you opt to use Secrets Manager, and you store these values there, then you don't need to specify them as environment variables when you run the data retention bot Docker image. You only need to specify the `AWS_SECRET_NAME` environment variable described earlier in this guide. For more information, see [Secrets Manager values for AWS Wickr](data-retention-aws-secret-values.md). Use the following environment variables to specify the Amazon S3 bucket when you opt to store messages and files to a bucket. + `WICKRIO_S3_BUCKET_NAME` – The name of the Amazon S3 bucket where messages and files will be stored. + `WICKRIO_S3_REGION` – The AWS Region of the Amazon S3 bucket where messages and files will be stored. + `WICKRIO_S3_FOLDER_NAME` – The optional folder name in the Amazon S3 bucket where messages and files will be stored. This folder name will be preceded with the key for messages and files saved to the Amazon S3 bucket. Use the following environment variables to specify the AWS KMS details when you opt to use client side encryption to re-encrypt files when saving them to an Amazon S3 bucket. + `WICKRIO_KMS_MSTRKEY_ARN` – The Amazon Resource Name (ARN) of the AWS KMS master key used to re-encrypt the message files and files on the data retention bot before they are saved to the Amazon S3 bucket. + `WICKRIO_KMS_REGION` – The AWS Region where the AWS KMS master key is located. Use the following environment variable to specify the Amazon SNS details when you opt to send data retention events to an Amazon SNS topic. The events sent include startup, shutdown, as well as error conditions. + `WICKRIO_SNS_TOPIC_ARN` – The ARN of the Amazon SNS topic that you want data retention events sent to. Use the following environment variable to send data retention metrics to CloudWatch. If specified, the metrics will be generated every 60 seconds. + `WICKRIO_METRICS_TYPE` – Set the value of this environment variable to `cloudwatch` to send metrics to CloudWatch. # Secrets Manager values for AWS Wickr Secrets Manager values You can use Secrets Manager to store the data retention bot credentials and AWS service information. For more information about creating a Secrets Manager secret, see [Create an AWS Secrets Manager secret ](https://docs.aws.amazon.com/secretsmanager/latest/userguide/create_secret.html) in the *Secrets Manager User Guide*. The Secrets Manager secret can have the following values: + `password` – The data retention bot password. + `s3_bucket_name` – The name of the Amazon S3 bucket where messages and files will be stored. If not set, the default file streaming will be used. + `s3_region` – The AWS Region of the Amazon S3 bucket where messages and files will be stored. + `s3_folder_name` – The optional folder name in the Amazon S3 bucket where messages and files will be stored. This folder name will be preceded with the key for messages and files saved to the Amazon S3 bucket. + `kms_master_key_arn` – The ARN of the AWS KMS master key used to re-encrypt the message files and files on the data retention bot before they are saved to the Amazon S3 bucket. + `kms_region` – The AWS Region where the AWS KMS master key is located. + `sns_topic_arn` – The ARN of the Amazon SNS topic that you want data retention events sent to. # IAM policy to use data retention with AWS services IAM policy If you plan to use other AWS services with the Wickr data retention bot, you must ensure the host has the appropriate AWS Identity and Access Management (IAM) role and policy to access them. You can configure the data retention bot to use Secrets Manager, Amazon S3, CloudWatch, Amazon SNS, and AWS KMS. The following IAM policy allows access to specific actions for these services. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:PutObject", "secretsmanager:GetSecretValue", "sns:Publish", "cloudwatch:PutMetricData", "kms:GenerateDataKey" ], "Resource": "*" } ] } ``` ------ You can create an IAM policy that is more strict by identifying the specific objects for each service that you want to allow the containers on your host to access. Remove the actions for the AWS services that you do not intend to use. For example, if you intent to use only an Amazon S3 bucket, then use the following policy, which removes the `secretsmanager:GetSecretValue`, `sns:Publish`, `kms:GenerateDataKey`, and `cloudwatch:PutMetricData` actions. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "s3:PutObject", "Resource": "*" } ] } ``` ------ If you are using an Amazon Elastic Compute Cloud (Amazon EC2) instance to host your data retention bot, create an IAM role using the Amazon EC2 common case and assign a policy using the policy definition from above. # Start the data retention bot for your Wickr network Start the bot Before you run the data retention bot, you should determine how you want to configure it. If you plan to run the bot on a host that: + Will not have access to AWS services, then your options are limited. In that case you will use the default message streaming options. You should decide whether you want to limit the size of the captured message files to a specific size or time interval. For more information, see [Environment variables to configure data retention bot in AWS Wickr](data-retention-bot-env-variables.md). + Will have access to AWS services, then you should create a Secrets Manager secret to store the bot credentials, and AWS service configuration details. After the AWS services are configured, you can proceed to start the data retention bot Docker image. For more information about the details you can store in a Secrets Manager secret, see [Secrets Manager values for AWS Wickr](data-retention-aws-secret-values.md) The following sections show example commands to run the data retention bot Docker image. In each of the example commands, replace the following example values with your own: + `compliance_1234567890_bot` with the name of your data retention bot. + `password` with the password for your data retention bot. + `wickr/data/retention/bot` with the name of your Secrets Manager secret to use with your data retention bot. + `bucket-name` with the name of the Amazon S3 bucket where messages and files will be stored. + `folder-name` with the folder name in the Amazon S3 bucket where messages and files will be stored. + `us-east-1` with the AWS Region of the resource you're specifying. For example, the Region of the AWS KMS master key or the Region of the Amazon S3 bucket. + `arn:aws:kms:us-east-1:111122223333:key/12345678-1234-abcde-a617-abababababab` with the Amazon Resource Name (ARN) of your AWS KMS master key to use to re-encrypt message files and files. # Start the bot with password environment variable (no AWS service) Start bot with password environment variable The following Docker command starts the data retention bot. The password is specified using the `WICKRIO_BOT_PASSWORD` environment variable. The bot starts using the default file streaming, and using the default values defined in the [Environment variables to configure data retention bot in AWS Wickr](data-retention-bot-env-variables.md) section of this guide. ``` docker run -v /opt/compliance_1234567890_bot:/tmp/compliance_1234567890_bot \ -d --restart on-failure:5 --name="compliance_1234567890_bot" -ti \ -e WICKRIO_BOT_NAME='compliance_1234567890_bot' \ -e WICKRIO_BOT_PASSWORD='password' \ wickr/bot-compliance-cloud:latest ``` # Start the bot with password prompt (no AWS service) Start bot with password prompt The following Docker command starts the data retention bot. Password is entered when prompted by the data retention bot. It will start using the default file streaming using the default values defined in the [Environment variables to configure data retention bot in AWS Wickr](data-retention-bot-env-variables.md) section of this guide. ``` docker run -v /opt/compliance_1234567890_bot:/tmp/compliance_1234567890_bot \ -d --restart on-failure:5 --name="compliance_1234567890_bot" -ti \ -e WICKRIO_BOT_NAME='compliance_1234567890_bot' \ wickr/bot-compliance-cloud:latest docker attach compliance_1234567890_bot . . . Enter the password:************ Re-enter the password:************ ``` Run the bot using the `-ti` option to receive the password prompt. You should also run the `docker attach ` command immediately after starting the docker image so that you get the password prompt. You should run both of these commands in a script. If you attach to the docker image and don’t see the prompt, press **Enter** and you will see the prompt. # Start the bot with 15 minute message file rotation (no AWS service) Start bot with 15 minute message file rotation The following Docker command starts the data retention bot using environment variables. It also configures it to rotate the received messages files to 15 minutes. ``` docker run -v /opt/compliance_1234567890_bot:/tmp/compliance_1234567890_bot --network=host \ -d --restart on-failure:5 --name="compliance_1234567890_bot" -ti \ -e WICKRIO_BOT_NAME='compliance_1234567890_bot' \ -e WICKRIO_BOT_PASSWORD='password' \ -e WICKRIO_COMP_TIMEROTATE=15 \ wickr/bot-compliance-cloud:latest ``` # Start the bot and specify the initial password with Secrets Manager Start bot and specify initial password with Secrets Manager You can use the Secrets Manager to identify the data retention bot’s password. When you start the data retention bot, you will need to set an environment variable that specifies the Secrets Manager where this information is stored. ``` docker run -v /opt/compliance_1234567890_bot:/tmp/compliance_1234567890_bot --network=host \ -d --restart on-failure:5 --name="compliance_1234567890_bot" -ti \ -e WICKRIO_BOT_NAME='compliance_1234567890_bot' \ -e AWS_SECRET_NAME='wickrpro/alpha/new-3-bot' \ wickr/bot-compliance-cloud:latest ``` The `wickrpro/compliance/compliance_1234567890_bot` secret has the following secret value in it, shown as plaintext. ``` { "password":"password" } ``` # Start the bot and configure Amazon S3 with Secrets Manager Start bot and configure Amazon S3 with Secrets Manager You can use the Secrets Manager to host the credentials, and the Amazon S3 bucket information. When you start the data retention bot, you will need to set an environment variable that specifies the Secrets Manager where this information is stored. ``` docker run -v /opt/compliance_1234567890_bot:/tmp/compliance_1234567890_bot --network=host \ -d --restart on-failure:5 --name="compliance_1234567890_bot" -ti \ -e WICKRIO_BOT_NAME='compliance_1234567890_bot' \ -e AWS_SECRET_NAME='wickrpro/alpha/compliance_1234567890_bot' \ wickr/bot-compliance-cloud:latest ``` The `wickrpro/compliance/compliance_1234567890_bot` secret has the following secret value in it, shown as plaintext. ``` { "password":"password", "s3_bucket_name":"bucket-name", "s3_region":"us-east-1", "s3_folder_name":"folder-name" } ``` Messages and files received by the bot will be put in the `bot-compliance` bucket in the folder named `network1234567890`. # Start the bot and configure Amazon S3 and AWS KMS with Secrets Manager Start bot and configure Amazon S3 and AWS KMS with Secrets Manager You can use the Secrets Manager to host the credentials, the Amazon S3 bucket, and AWS KMS master key information. When you start the data retention bot, you will need to set an environment variable that specifies the Secrets Manager where this information is stored. ``` docker run -v /opt/compliance_1234567890_bot:/tmp/compliance_1234567890_bot --network=host \ -d --restart on-failure:5 --name="compliance_1234567890_bot" -ti \ -e WICKRIO_BOT_NAME='compliance_1234567890_bot' \ -e AWS_SECRET_NAME='wickrpro/alpha/compliance_1234567890_bot' \ wickr/bot-compliance-cloud:latest ``` The `wickrpro/compliance/compliance_1234567890_bot` secret has the following secret value in it, shown as plaintext. ``` { "password":"password", "s3_bucket_name":"bucket-name", "s3_region":"us-east-1", "s3_folder_name":"folder-name", "kms_master_key_arn":"arn:aws:kms:us-east-1:111122223333:key/12345678-1234-abcde-a617-abababababab", "kms_region":"us-east-1" } ``` Messages and files received by the bot will be encrypted using the KMS key identified by the ARN value, then put in the “bot-compliance'” bucket in the folder named “network1234567890”. Make sure you have the appropriate IAM policy setup. # Start the bot and configure Amazon S3 using environment variables Start bot and configure Amazon S3 using environment variables If you don't want to use Secrets Manager to host the data retention bot credentials, you can start the data retention bot Docker image with the following environment variables. You must identify the name of the data retention bot using the `WICKRIO_BOT_NAME` environment variable. ``` docker run -v /opt/compliance_1234567890_bot:/tmp/compliance_1234567890_bot --network=host \ -d --restart on-failure:5 --name="compliance_1234567890_bot" -ti \ -e WICKRIO_BOT_NAME='compliance_1234567890_bot' \ -e WICKRIO_BOT_PASSWORD='password' \ -e WICKRIO_S3_BUCKET_NAME='bot-compliance' \ -e WICKRIO_S3_FOLDER_NAME='network1234567890' \ -e WICKRIO_S3_REGION='us-east-1' \ wickr/bot-compliance-cloud:latest ``` You can use environment values to identify the data retention bot’s credentials, information about Amazon S3 buckets, and configuration information for the default file streaming. # Stop the data retention bot for your Wickr network Stop the bot The software running on the data retention bot will capture `SIGTERM` signals and gracefully shutdown. Use the `docker stop ` command, as shown in the following example, to issue the `SIGTERM` command to the data retention bot Docker image. ``` docker stop compliance_1234567890_bot ``` # Get the data retention logs for your Wickr network Get logs The software running on the data retention bot Docker image will output to log files in the `/tmp//logs` directory. They will rotate to a maximum of 5 files. You can get the logs by running the following command. ``` docker logs ``` Example: ``` docker logs compliance_1234567890_bot ``` # Data retention metrics and events for your Wickr network Data retention metrics and events Following are the Amazon CloudWatch (CloudWatch) metrics and Amazon Simple Notification Service (Amazon SNS) events that are currently supported by the 5.116 version of the AWS Wickr data retention bot. **Topics** + [ # CloudWatch metrics for your Wickr network ](cloudwatch-metrics.md) + [ # Amazon SNS events for your Wickr network ](sns-events.md) # CloudWatch metrics for your Wickr network Metrics are generated by the bot in 1 minute intervals and transmitted to the CloudWatch service associated with the account the data retention bot Docker image is running on. Following are the existing metrics supported by the data retention bot. | Metric | Description | | --- | --- | | Messages\$1Rx | Messages received. | | Messages\$1Rx\$1Failed | Failures to process received messages. | | Messages\$1Saved | Messages saved to the received messages file. | | Messages\$1Saved\$1Failed | Failures to save messages to the received messages file. | | Files\$1Saved | Files received. | | Files\$1Saved\$1Bytes | Number of bytes for files received. | | Files\$1Saved\$1Failed | Failures to save files. | | Logins | Logins (normally this will be 1 for each interval). | | Login\$1Failures | Failures to login (normally this will be 1 for each interval). | | S3\$1Post\$1Errors | Errors posting message files and files to Amazon S3 bucket. | | Watchdog\$1Failures | Watchdog failures. | | Watchdog\$1Warnings | Watchdog warnings. | Metrics are generated to be consumed by CloudWatch. The namespace used for bots is `WickrIO`. Each metric has an array of dimensions. Following is the list of dimensions that are posted with the above metrics. | Dimension | Value | | --- | --- | | Id | The bot's username. | | Device | Description of specific bot device or instance. Useful if you are running multiple bot devices or instances. | | Product | The product for the bot. Can be `WickrPro_` or `WickrEnterprise_` with `Alpha`, `Beta`, or `Production` appended. | | BotType | The bot type. Labeled as **Compliance** for the compliance bots. | | Network | The ID of the associated network. | # Amazon SNS events for your Wickr network The following events are posted to the Amazon SNS topic defined by the Amazon Resource Name (ARN) value identified using the `WICKRIO_SNS_TOPIC_ARN` environment variable or the `sns_topic_arn` Secrets Manager secret value. For more information, see [Environment variables to configure data retention bot in AWS Wickr](data-retention-bot-env-variables.md) and [Secrets Manager values for AWS Wickr](data-retention-aws-secret-values.md). Events generated by the data retention bot are sent as JSON strings. The following values are included in the events as of the 5.116 version of the data retention bot. | Name | Value | | --- | --- | | complianceBot | The username of the data retention bot. | | dataTime | The date and time when the event occurred. | | device | A description of the specific bot device or instance. Useful if you are running multiple bot instances. | | dockerImage | The Docker image associated with the bot. | | dockerTag | The tag or version of the Docker image. | | message | The event message. For more information see [Critical events](#sns-critical-events) and [Normal events](#sns-normal-events). | | notificationType | This value will be `Bot Event`. | | severity | The severity of the event. Can be `normal` or `critical`. | You must subscribe to the Amazon SNS topic so that you can receive the events. If you subscribe using an email address, an email will be sent to you containing information similar to the following example. ``` { "complianceBot": "compliance_1234567890_bot", "dateTime": "2022-10-12T13:05:39", "device": "Desktop 1234567890ab", "dockerImage": "wickr/bot-compliance-cloud", "dockerTag": "5.116.13.01", "message": "Logged in", "notificationType": "Bot Event", "severity": "normal" } ``` ## Critical events These events will cause the bot to stop or restart. The number of restarts is limited to avoid causing other issues. **Login failures** Following are the possible events that can be generated when the bot fails to login. Each message will indicate the reason for the login failure. | Event type | Event message | | --- | --- | | failedlogin | Bad credentials. Check the password. | | failedlogin | User not found. | | failedlogin | Account or device is suspended. | | provisioning | User exited the command. | | provisioning | Bad password for the `config.wickr` file. | | provisioning | Cannot read the `config.wickr` file. | | failedlogin | Logins all failed. | | failedlogin | New user but database already exists. | **More critical events** | Event type | Event messages | | --- | --- | | Suspended Account | WickrIOClientMain::slotAdminUserSuspend: code(%1): reason: %2“ | | BotDevice Suspended | Device is suspended\$1 | | WatchDog | The SwitchBoard system is down for more than <*N*> minutes | | S3 Failures | Failed to put file <*file-name*≫ on S3 bucket. Error: <*AWS-error*> | | Fallback Key | SERVER SUBMIITED FALLBACK KEY: Is not a recognized client active fallback key. Please submit logs to desktop engineering. | ## Normal events Following are the events that warn you about normal operating occurrences. Too many occurrences of these types of events within a specific time period may be cause for concern. **Device added to account** This event is generated when a new device is added to the data retention bot account. Under some circumstances, this can be an important indication that someone has created an instance of the data retention bot. Following is the message for this event. ``` A device has been added to this account! ``` **Bot logged in** This event is generated when the bot has successfully logged in. Following is the message for this event. ``` Logged in ``` **Shutting down** This event is generated when the bot is shutting down. If the user did not explicitly initiate this, it could be an indication of a problem. Following is the message for this event. ``` Shutting down ``` **Updates available** This event is generated when the data retention bot is started and it identifies that there is a newer version of the associated Docker image available. This event is generated when the bot starts, and on a daily basis. This event includes the `versions` array field which identifies the new versions that are available. Following is an example of what this event looks like. ``` { "complianceBot": "compliance_1234567890_bot", "dateTime": "2022-10-12T13:05:55", "device": "Desktop 1234567890ab", "dockerImage": "wickr/bot-compliance-cloud", "dockerTag": "5.116.13.01", "message": "There are updates available", "notificationType": "Bot Event", "severity": "normal", "versions": [ "5.116.10.01" ] } ```