-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmlog2waffle4.conf
74 lines (56 loc) · 2.81 KB
/
mlog2waffle4.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# Configuration file for mlog2waffle
# modsecurity need to be configured to log in concurrent mode, example,
# in Modsecurity config use some thing like this:
#
# SecAuditLogParts ABIJDEFGHZ
# SecAuditLogType Concurrent
# SecAuditLog "/var/log/mlogc/mlogc-index"
# SecAuditLogStorageDir /var/log/mlogc/data
#
# In this way you can set mlog2waffle to tail mode (see below) and
# check file continuously, sending events in real time to WAF-FLE, or
# run a scheduled "batch" mode.
#
# Requirements: File::Tail perl module, use your own or the provided
# with WAF-FLE package (you may need to ajust the path in mlogc-waffle).
# Define the complete URI of WAF-FLE controller, http or https
$CONSOLE_URI = "http://10.10.0.3/controller/";
# Define username used to put events on WAF-FLE for this sensor
$CONSOLE_USERNAME = "modsecurity4";
# Define password used to put events on WAF-FLE for this sensor
$CONSOLE_PASSWORD = "waffle";
# $MODSEC_DIRECTORY is where the concurrent audit logs are stored.
# In modsecurity configuration is defined by SecAuditLogStorageDir directive
$MODSEC_DIRECTORY = "/var/log/mlog2waffle/data/";
# $INDEX_FILE is defined by SecAuditLog modsecurity directive, it is a index
# file of events generated by concurrent log type
$INDEX_FILE = "/var/log/mlog2waffle/modsec_audit.log";
# $ERROR_LOG is a mlogc-waffle error log, write permission is needed.
$ERROR_LOG = "/var/log/mlog2waffle/mlogc-error.log";
# Define the execution mode:
# - "tail": for run continuously, waiting for new entries on log file;
# - "batch": for run and exit at end, but recording (offset file) the
# position in the last run, speeding up next execution. You can schedule
# the mlogc-waffle in crontab to run periocally (for example, each 5min).
$MODE = "batch";
# Set $FULL_TAIL = "TRUE" to make tail mode read full file at start, set to
# "FALSE" to start to read at end of file.
$FULL_TAIL = "FALSE";
# $PIDFILE set the file used to store process id when running in tail mode, forked as a daemon
$PIDFILE = "/var/run/mlog2waffle.pid";
# Define offset file, used as a checkpoint for batch mode, it need permission
# to write in this file.
$OFFSET_FILE = "/var/log/mlog2waffle/offset";
# Set the max number of threads used to send parallel events do WAF-FLE,
# if you need more performance to push events to WAF-FLE, try to increase
# to a higher value. Remember, higher number of threads, higher CPU usage.
$THREADMAX = 2;
# Set $CHECK_CONNECTIVITY to "TRUE" to check connectivity with WAF-FLE before
# send any event to it. Set to "FALSE" to avoid the check, or for use with
# another console.
$CHECK_CONNECTIVITY = "TRUE";
# If $DEBUG is set to "TRUE" it will write in $DEBUG_FILE the request and response
# between mlogc-waffle and WAF-FLE
$DEBUG = "FALSE";
# $DEBUG_FILE
$DEBUG_FILE = "/var/log/mlog2waffle/mlog2waffle.debug";