forked from cea-sec/openwec
-
Notifications
You must be signed in to change notification settings - Fork 1
/
subscription.sample.toml
158 lines (125 loc) · 5 KB
/
subscription.sample.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# autogenerated by openwec 0.2.1
# Tue, 16 Jul 2024 17:47:27 +0200
# Unique identifier of the subscription
uuid = "153da0ed-ed28-404e-91ec-0c3594c9d033"
# Unique name of the subscription
name = "subscription-153da0ed-ed28-404e-91ec-0c3594c9d033"
# Subscription query
query = """
<QueryList>
<!-- Put your queries here -->
</QueryList>
"""
# Subscription options (optional)
# [options]
#
# Enable/disable the subscription
# enabled = true
# If the uri parameter is undefined (default), the subscription will
# always be sent to clients. Otherwise, only clients sending enumerate
# requests to the URI will be able to get it.
# uri =
# The maximum allowable time, in seconds, before the client will send
# an heartbeat message if it has no new events to send.
# heartbeat_interval = 3600
# Number of times the client will attempt to connect if the subscriber
# is unreachable.
# connection_retry_count = 5
# Interval observed between each connection attempt if the subscriber
# is unreachable.
# connection_retry_interval = 60
# The maximum time, in seconds, that the client should aggregate new
# events before sending them.
# max_time = 30
# The maximum number of events that the client should aggregate before
# sending a batch.
# Defaults to unset, meaning that only max_time and max_envelope_size will
# limit the aggregation.
# max_elements =
# The maximum number of bytes in the SOAP envelope used to deliver
# the events.
# max_envelope_size = 512000
# If `true`, the event source should replay all possible events that
# match the filter and any events that subsequently occur for that
# event source.
# read_existing_events = false
# This option determines whether rendering information are to be passed
# with events or not. `Raw` means that only event data will be passed
# without any rendering information, whereas `RenderedText` adds
# rendering information.
# content_format = "Raw"
# This option determines if various filtering options resulting in errors
# are to result in termination of the processing by clients.
# ignore_channel_error = true
# This option determines the language in which openwec wants the
# rendering info data to be translated.
# Example: en-US
# Defaults to unset, meaning OpenWEC lets the client choose.
# locale =
# This option determines the language in which openwec wants the
# numerical data to be formatted.
# Example: en-US
# Defaults to unset, meaning OpenWEC lets the client choose.
# data_locale =
# Subscription filter (optional)
#
# Filters enables you to choose which clients can read the subscription
# There are two operations available :
# - "Only": only the listed principals will be able to read the subscription
# - "Except": everyone but the listed principals will be able to read the subscription
#
# By default, everyone can read the subscription.
# Wildcard (*, ?) patterns are allowed.
#
# Example to only authorize "courgette@REALM" and "radis*@REALM" to read the subscription.
# [filter]
# operation = "Only"
# princs = ["courgette@REALM", "radis*@REALM"]
#
# Outputs
#
# For each output, you must configure a driver and a format.
# The format can be one of: "Raw", "RawJson", "Json", "Nxlog"
# The driver can be one of: "Files", "Kafka", "Tcp", "Redis", "UnixDatagram"
# Configure a Files output
# [[outputs]]
# driver = "Files"
# format = "Raw"
# Files driver has the following parameters:
# - path (required): the path in which files will be written. It can be parameterized
# with variables using the syntax {variable} (see available variables in documentation)
# config = { path = "/var/log/openwec/{ip:2}/{ip:3}/{ip}/{principal}/messages" }
# Configure a Kafka output
# [[outputs]]
# driver = "Kafka"
# format = "Raw"
# Kafka driver has the following parameters:
# - topic (required): the Kafka topic to send events to
# - options (optional, defaults to undefined): additional kafka settings, directly
# sent to librdkafka (https://docs.confluent.io/platform/current/clients/librdkafka/html/md_CONFIGURATION.html)
# You should probably configure this in OpenWEC settings `outputs.kafka.options` if all your
# outputs using the Kafka driver connect to the same Kafka cluster.
# config = { topic = "openwec", options = { "bootstrap.servers" = "localhost:9092" } }
# Configure a Tcp output
# [[outputs]]
# driver = "Tcp"
# format = "Raw"
# Tcp driver has the following paramters:
# - addr (required): Hostname or IP Address to send events to
# - port (required): Tcp port to send events to
# config = { addr = "localhost", port = 5000 }
# Configure a Redis output
# [[outputs]]
# driver = "Redis"
# format = "Raw"
# Redis driver has the following parameters:
# - addr (required): Hostname or IP Address of the Redis server
# - list (required): Name of the Redis list to push events to
# config = { addr = "localhost", list = "openwec" }
# Configure a UnixDatagram output
# [[outputs]]
# driver = "UnixDatagram"
# format = "Raw"
# UnixDatagram driver has the following parameters:
# - path (required): Path of the Unix socket to send events to
# config = { path = "/tmp/openwec.socket" }