##########################################################################

# Required configuration

#   At a minimum, the items in this section will need to be adjusted to

#   fit your environment.  The remaining options are optional.

##########################################################################

# Points to the root of the installation. All relative

# paths will be resolved with the help of this path.

CollectorRoot       "/var/log/mlogc"

# ModSecurity Console receiving URI. You can change the host

# and the port parts but leave everything else as is.

ConsoleURI          "https://CONSOLE_IP_ADDRESS:8888/rpc/auditLogReceiver"

# Sensor credentials

SensorUsername      "SENSOR_USERNAME"

SensorPassword      "SENSOR_PASSWORD"

# Base directory where the audit logs are stored.  This can be specified

# as a path relative to the CollectorRoot, or a full path.

LogStorageDir       "data"

# Transaction log will contain the information on all log collector

# activities that happen between checkpoints. The transaction log

# is used to recover data in case of a crash (or if Apache kills

# the process).

TransactionLog      "mlogc-transaction.log"

# The file where the pending audit log entry data is kept. This file

# is updated on every checkpoint.

QueuePath           "mlogc-queue.log"

# The location of the error log.

ErrorLog            "mlogc-error.log"

# The location of the lock file.

LockFile            "mlogc.lck"

# Keep audit log entries after sending? (0=false 1=true)

# NOTE: This is required to be set in SecAuditLog mlogc config if you

# are going to use a secondary console via SecAuditLog2.

KeepEntries         0

##########################################################################

# Optional configuration

##########################################################################

# The error log level controls how much detail there

# will be in the error log. The levels are as follows:

#   0 - NONE

#   1 - ERROR

#   2 - WARNING

#   3 - NOTICE

#   4 - DEBUG

#   5 - DEBUG2

#

ErrorLogLevel       3

# How many concurrent connections to the server

# are we allowed to open at the same time? Log collector uses

# multiple connections in order to speed up audit log transfer.

# This is especially needed when the communication takes place

# over a slow link (e.g. not over a LAN).

MaxConnections      10

# How many requests a worker will process before recycling itself.

# This is to help prevent problems due to any memory leaks that may

# exists.  If this is set to 0, then no maximum is imposed. The default

# is 1000 requests per worker (the number of workers is controlled by the

# MaxConnections limit).

MaxWorkerRequests   1000

# The time each connection will sit idle before being reused,

# in milliseconds. Increase if you don't want ModSecurity Console

# to be hit with too many log collector requests.

TransactionDelay    50

# The time to wait before initialization on startup in milliseconds.

# Increase if mlogc is starting faster then termination when the

# sensor is reloaded.

StartupDelay        5000

# How often is the pending audit log entry data going to be written

# to a file. The default is 15 seconds.

CheckpointInterval  15

# If the server fails all threads will back down until the

# problem is sorted. The management thread will periodically

# launch a thread to test the server. The default is to test

# once in 60 seconds.

ServerErrorTimeout  60

# The following two parameters are not used yet, but

# reserved for future expansion.

# KeepAlive         150

# KeepAliveTimeout  300

# When set to '0', mlogc will validate the certificate and the whole

# chain, the root certificate most be trusted. If this check fail the

# connection will be dropped. To ignore the SSL checks, set InsecureNoCheckCert

# to '1'

InsecureNoCheckCert 1