Every event the Drupal module captures.

Raw, typed signals captured through Drupal event subscribers. Buffered locally, dispatched on cron — network I/O never blocks the request.

Request a demo See features
All Integrations | Drupal: Overview Features Signals Pricing Guides Screenshots | WordPress Vault

What the module captures

18 signal types across 7 categories: HTTP, authentication, users, modules, configuration, content moderation, and API / caching / database (advanced signals opt-in per site).

Standard signals

Enabled by default

Core signals for authentication, users, HTTP requests, modules, and configuration changes.

HTTP & Requests

http.request

Every HTTP request at kernel terminate. Cached anonymous pages bypass PHP and do not emit — by design.

Authentication

auth.login

Successful login. UID is HMAC-hashed, roles included.

auth.login_failed

Failed login attempt — wrong credentials or blocked account.

auth.logout

When a user logs out.

User Management

user.created

New user account created, with assigned roles and actor UID.

user.role_changed

Roles modified — before/after, added/removed, actor UID.

user.blocked

User account blocked (status changed from active to blocked).

user.deleted

User account deleted.

Modules

module.install

Drupal module installed. Distinguishes manual install from config sync.

module.uninstall

Drupal module uninstalled.

Configuration

config.save

Any config object created or updated, with semantic category (system, field, views, user, etc.). Config values are never transmitted — only object names.

config.delete

Config object deleted.

config.import

Configuration import/sync executed.

Advanced signals

Disabled by default — opt in per site

Higher-volume signals. Enable in /admin/config/system/logystera when you need them.

Content Moderation

content.moderation

Entity moderation state changes (draft → review → published). Requires Content Moderation module.

Views

views.change

Views configuration saved — create, update, or delete.

API Access

api.access

Every /jsonapi/ or /api/ request, captured at kernel terminate.

Caching

cache.flush

When Drupal’s cache is rebuilt (via drush cr, admin UI, or programmatic flush).

Database

db.slow_query

Queries exceeding 1000ms. Requires database logging (Devel or custom). Query truncated to 500 chars.

All signals are bounded: 200 events per request hard cap, per-type rate limits, 50 MB total buffer. When buffer fills, the newest signals are dropped (old signals are preserved — they have higher forensic value). User IDs are HMAC-hashed. See the full signals reference on docs.logystera.com for payload schemas and privacy guarantees.

From signals to insight

You send events. We send you answers.

Signals are raw — a single config save, a single failed login, a single module install. The Logystera processor aggregates and correlates them into pre-built metrics and alerts. You do not write queries; you read alerts.

Metric

drupal_auth_failed_total

From auth.login_failed, labeled by IP.

Metric

drupal_config_changes_rate

From config.save, grouped by category.

Alert

Privilege escalation

From user.role_changed granting admin role.

Alert

Brute-force attack

From clustered auth.login_failed by IP.

Alert

Config tampering

From config.save outside change windows.

Alert

Unexpected module install

From module.install on production.

Logystera Logystera
Monitoring for WordPress and Drupal sites. Install a plugin or module to catch silent failures — cron stalls, failed emails, login attacks, PHP errors — before users report them.
Product
Overview How it works Features Integrations Compare Pricing Changelog Status
Guides
WordPress Cron Not Running WordPress Emails Not Sending Log-Based Monitoring Blog Documentation
Solutions
For Agencies For SMEs For Government For Education For Enterprise Services What Logystera Is FAQ
Legal
Privacy Terms Security Cookies
Company
Contact About
Follow us
Twitter LinkedIn
Copyright © 2026 Logystera. All rights reserved.