Events

To check the integrity of the events, you can run an event integrity report:

1. Log in to the Stream Administration Interface.

2. Go to System > Events Integrity Reports.

3. Click ;

4. Click Run

The integrity of the event chain is checked and can take some time depending on the number of events in the database. Once finished, the report may have different status:

Follow the Backup guide to save your database. Once done, you might want to delete the events in databse.

Deletion of events can only be made from the oldest to the newest since events are chained. For example, you might want to delete every event before a date:

After the deletion of events, the Head is still chained to a deleted event. In order to fix that, you will need to run the Set the first event as head in /opt/stream/sbin/stream-config:

In the main menu, select 'Stream':

In the Stream menu, select 'STREAM_EVENT_SET_HEAD':

If an event or event integrity report has been compromised, it means that someone had database access to Stream or one of its backups and manually edited the events to hide specific actions.

You should close all network access to the server and, if necessary, turn off stream. Once confined, you should follow these steps:

1. Follow the Backup guide to back up your database. It may be used to investigate the problem.

2. Analyze the logs (you may use an older verified backup to assess modifications).

3. Based on your assessments, take the appropriate actions. This could mean changing the mongodb password, changing the server password, revoking stream access certificates or other actions.

4. To resume a normal state, remove every corrupted event following the steps in the event purge guide.