|
Packit |
284210 |
##########################################################################
|
|
Packit |
284210 |
# Required configuration
|
|
Packit |
284210 |
# At a minimum, the items in this section will need to be adjusted to
|
|
Packit |
284210 |
# fit your environment. The remaining options are optional.
|
|
Packit |
284210 |
##########################################################################
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# Points to the root of the installation. All relative
|
|
Packit |
284210 |
# paths will be resolved with the help of this path.
|
|
Packit |
284210 |
CollectorRoot "/var/log/mlogc"
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# ModSecurity Console receiving URI. You can change the host
|
|
Packit |
284210 |
# and the port parts but leave everything else as is.
|
|
Packit |
284210 |
ConsoleURI "https://CONSOLE_IP_ADDRESS:8888/rpc/auditLogReceiver"
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# Sensor credentials
|
|
Packit |
284210 |
SensorUsername "SENSOR_USERNAME"
|
|
Packit |
284210 |
SensorPassword "SENSOR_PASSWORD"
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# Base directory where the audit logs are stored. This can be specified
|
|
Packit |
284210 |
# as a path relative to the CollectorRoot, or a full path.
|
|
Packit |
284210 |
LogStorageDir "data"
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# Transaction log will contain the information on all log collector
|
|
Packit |
284210 |
# activities that happen between checkpoints. The transaction log
|
|
Packit |
284210 |
# is used to recover data in case of a crash (or if Apache kills
|
|
Packit |
284210 |
# the process).
|
|
Packit |
284210 |
TransactionLog "mlogc-transaction.log"
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# The file where the pending audit log entry data is kept. This file
|
|
Packit |
284210 |
# is updated on every checkpoint.
|
|
Packit |
284210 |
QueuePath "mlogc-queue.log"
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# The location of the error log.
|
|
Packit |
284210 |
ErrorLog "mlogc-error.log"
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# The location of the lock file.
|
|
Packit |
284210 |
LockFile "mlogc.lck"
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# Keep audit log entries after sending? (0=false 1=true)
|
|
Packit |
284210 |
# NOTE: This is required to be set in SecAuditLog mlogc config if you
|
|
Packit |
284210 |
# are going to use a secondary console via SecAuditLog2.
|
|
Packit |
284210 |
KeepEntries 0
|
|
Packit |
284210 |
|
|
Packit |
284210 |
|
|
Packit |
284210 |
##########################################################################
|
|
Packit |
284210 |
# Optional configuration
|
|
Packit |
284210 |
##########################################################################
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# The error log level controls how much detail there
|
|
Packit |
284210 |
# will be in the error log. The levels are as follows:
|
|
Packit |
284210 |
# 0 - NONE
|
|
Packit |
284210 |
# 1 - ERROR
|
|
Packit |
284210 |
# 2 - WARNING
|
|
Packit |
284210 |
# 3 - NOTICE
|
|
Packit |
284210 |
# 4 - DEBUG
|
|
Packit |
284210 |
# 5 - DEBUG2
|
|
Packit |
284210 |
#
|
|
Packit |
284210 |
ErrorLogLevel 3
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# How many concurrent connections to the server
|
|
Packit |
284210 |
# are we allowed to open at the same time? Log collector uses
|
|
Packit |
284210 |
# multiple connections in order to speed up audit log transfer.
|
|
Packit |
284210 |
# This is especially needed when the communication takes place
|
|
Packit |
284210 |
# over a slow link (e.g. not over a LAN).
|
|
Packit |
284210 |
MaxConnections 10
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# How many requests a worker will process before recycling itself.
|
|
Packit |
284210 |
# This is to help prevent problems due to any memory leaks that may
|
|
Packit |
284210 |
# exists. If this is set to 0, then no maximum is imposed. The default
|
|
Packit |
284210 |
# is 1000 requests per worker (the number of workers is controlled by the
|
|
Packit |
284210 |
# MaxConnections limit).
|
|
Packit |
284210 |
MaxWorkerRequests 1000
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# The time each connection will sit idle before being reused,
|
|
Packit |
284210 |
# in milliseconds. Increase if you don't want ModSecurity Console
|
|
Packit |
284210 |
# to be hit with too many log collector requests.
|
|
Packit |
284210 |
TransactionDelay 50
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# The time to wait before initialization on startup in milliseconds.
|
|
Packit |
284210 |
# Increase if mlogc is starting faster then termination when the
|
|
Packit |
284210 |
# sensor is reloaded.
|
|
Packit |
284210 |
StartupDelay 5000
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# How often is the pending audit log entry data going to be written
|
|
Packit |
284210 |
# to a file. The default is 15 seconds.
|
|
Packit |
284210 |
CheckpointInterval 15
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# If the server fails all threads will back down until the
|
|
Packit |
284210 |
# problem is sorted. The management thread will periodically
|
|
Packit |
284210 |
# launch a thread to test the server. The default is to test
|
|
Packit |
284210 |
# once in 60 seconds.
|
|
Packit |
284210 |
ServerErrorTimeout 60
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# The following two parameters are not used yet, but
|
|
Packit |
284210 |
# reserved for future expansion.
|
|
Packit |
284210 |
# KeepAlive 150
|
|
Packit |
284210 |
# KeepAliveTimeout 300
|
|
Packit |
284210 |
|
|
Packit |
284210 |
|
|
Packit |
284210 |
# When set to '0', mlogc will validate the certificate and the whole
|
|
Packit |
284210 |
# chain, the root certificate most be trusted. If this check fail the
|
|
Packit |
284210 |
# connection will be dropped. To ignore the SSL checks, set InsecureNoCheckCert
|
|
Packit |
284210 |
# to '1'
|
|
Packit |
284210 |
InsecureNoCheckCert 1
|
|
Packit |
284210 |
|