615 lines
26 KiB
YAML
615 lines
26 KiB
YAML
version: '3'
|
|
services:
|
|
es_master1:
|
|
image: docker.elastic.co/elasticsearch/elasticsearch:8.10.4
|
|
restart: unless-stopped
|
|
hostname: es_master1
|
|
ulimits:
|
|
memlock:
|
|
soft: -1
|
|
hard: -1
|
|
nofile:
|
|
soft: 131072
|
|
hard: 131072
|
|
nproc: 8192
|
|
fsize: -1
|
|
network_mode: host
|
|
volumes:
|
|
- /var/lib/elasticsearch:/usr/share/elasticsearch/data
|
|
environment:
|
|
ES_JAVA_OPTS: '-Xms8g -Xmx8g'
|
|
cluster.name: elastiflow
|
|
node.name: es_master1
|
|
bootstrap.memory_lock: 'true'
|
|
network.bind_host: 0.0.0.0
|
|
http.port: 9200
|
|
http.publish_port: 9200
|
|
transport.port: 9300
|
|
transport.publish_port: 9300
|
|
cluster.initial_master_nodes: 'es_master1'
|
|
indices.query.bool.max_clause_count: 8192
|
|
search.max_buckets: 250000
|
|
action.destructive_requires_name: 'true'
|
|
xpack.security.enabled: 'false'
|
|
|
|
kibana:
|
|
image: docker.elastic.co/kibana/kibana:8.10.4
|
|
restart: unless-stopped
|
|
hostname: NODE_NAME
|
|
network_mode: host
|
|
ports:
|
|
- 5601:5601/tcp
|
|
environment:
|
|
TELEMETRY_OPTIN: 'false'
|
|
TELEMETRY_ENABLED: 'false'
|
|
SERVER_NAME: 'NODE_NAME'
|
|
SERVER_HOST: '0.0.0.0'
|
|
SERVER_PORT: 5601
|
|
SERVER_MAXPAYLOADBYTES: 8388608
|
|
ELASTICSEARCH_HOSTS: 'http://localhost:9200'
|
|
ELASTICSEARCH_REQUESTTIMEOUT: 132000
|
|
ELASTICSEARCH_SHARDTIMEOUT: 120000
|
|
ELASTICSEARCH_SSL_VERIFICATIONMODE: 'none'
|
|
KIBANA_AUTOCOMPLETETIMEOUT: 3000
|
|
KIBANA_AUTOCOMPLETETERMINATEAFTER: 2500000
|
|
VIS_TYPE_VEGA_ENABLEEXTERNALURLS: 'true'
|
|
XPACK_MAPS_SHOWMAPVISUALIZATIONTYPES: 'true'
|
|
XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: 'ElastiFlow_0123456789_0123456789_0123456789'
|
|
|
|
flow-collector:
|
|
image: elastiflow/flow-collector:6.3.6
|
|
container_name: flow-collector
|
|
restart: 'unless-stopped'
|
|
network_mode: 'host'
|
|
volumes:
|
|
- /etc/elastiflow:/etc/elastiflow
|
|
environment:
|
|
EF_LICENSE_ACCEPTED: 'true'
|
|
EF_FLOW_SERVER_UDP_IP: '0.0.0.0'
|
|
EF_FLOW_SERVER_UDP_PORT: 2055
|
|
EF_OUTPUT_ELASTICSEARCH_ENABLE: 'true'
|
|
EF_OUTPUT_ELASTICSEARCH_ECS_ENABLE: 'true'
|
|
EF_OUTPUT_ELASTICSEARCH_TIMESTAMP_SOURCE: 'start'
|
|
EF_OUTPUT_ELASTICSEARCH_INDEX_PERIOD: 'rollover'
|
|
EF_ACCOUNT_ID: '66086a9597246e8760c15154'
|
|
EF_FLOW_LICENSE_KEY: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI2NjA4NmE5NTk3MjQ2ZTg3NjBjMTUxNTQiLCJleHAiOjE3NjA5MTg0MDAsImlzcyI6ImVsYXN0aWZsb3ciLCJzdWIiOiI2MDNkODUwMDMzZDg2YjA3OTE5YjE5Y2EiLCJwb2wiOiI2MDNkODgzMzMzZDg2YjA3OTE5YjE5Y2IiLCJjb3IiOjEsImx2bCI6MiwiZGlzYWJsZV9yaXNraXEiOmZhbHNlLCJ1bnQiOjEsInYiOiJ2MyJ9.pYdlFfT-pwMhDM3lvYeQBDRusv7eTDzFKlyksIO_CLQ'
|
|
#EF_FLOW_LICENSED_UNITS:
|
|
|
|
#EF_INSTANCE_NAME: default
|
|
#EF_API_PORT: 8080
|
|
#EF_API_TLS_ENABLE: ''
|
|
#EF_API_TLS_CERT_FILEPATH: ''
|
|
#EF_API_TLS_KEY_FILEPATH: ''
|
|
#EF_API_BASIC_AUTH_ENABLE: 'false'
|
|
#EF_API_BASIC_AUTH_USERNAME: ''
|
|
#EF_API_BASIC_AUTH_PASSWORD: ''
|
|
|
|
#EF_LOGGER_LEVEL: 'info'
|
|
#EF_LOGGER_ENCODING: 'json'
|
|
#EF_LOGGER_FILE_LOG_ENABLE: 'false'
|
|
#EF_LOGGER_FILE_LOG_FILENAME: '/var/log/elastiflow/flowcoll/flowcoll.log'
|
|
#EF_LOGGER_FILE_LOG_MAX_SIZE: 100
|
|
#EF_LOGGER_FILE_LOG_MAX_AGE: ''
|
|
#EF_LOGGER_FILE_LOG_MAX_BACKUPS: 4
|
|
#EF_LOGGER_FILE_LOG_COMPRESS: 'false'
|
|
|
|
#EF_FLOW_SERVER_UDP_READ_BUFFER_MAX_SIZE: 134217728
|
|
|
|
#EF_FLOW_PACKET_STREAM_MAX_SIZE:
|
|
|
|
EF_AWS_VPC_FLOW_LOG_ENABLE: 'false'
|
|
#EF_AWS_VPC_FLOW_LOG_S3_BUCKET: ''
|
|
#EF_AWS_VPC_FLOW_LOG_PREFIX: 'AWSLogs'
|
|
#AWS_REGION: ''
|
|
#AWS_ACCESS_KEY_ID: ''
|
|
#AWS_SECRET_ACCESS_KEY: ''
|
|
#EF_AWS_VPC_FLOW_LOG_TLS_ENABLE: 'false'
|
|
#EF_AWS_VPC_FLOW_LOG_TLS_SKIP_VERIFICATION: 'false'
|
|
#EF_AWS_VPC_FLOW_LOG_TLS_CA_CERT_FILEPATH: ''
|
|
#EF_AWS_VPC_FLOW_LOG_TLS_MIN_VERSION: '1.2'
|
|
|
|
#EF_INPUT_FLOW_BENCHMARK_ENABLE: 'false'
|
|
#EF_INPUT_FLOW_BENCHMARK_PACKET_FILE_PATH: '/etc/elastiflow/benchmark/flow/packets.txt'
|
|
|
|
#EF_PROCESSOR_POOL_SIZE:
|
|
|
|
#EF_PROCESSOR_DECODE_IPFIX_ENABLE: 'true'
|
|
#EF_PROCESSOR_DECODE_NETFLOW1_ENABLE: 'true'
|
|
EF_PROCESSOR_DECODE_NETFLOW5_ENABLE: 'true'
|
|
#EF_PROCESSOR_DECODE_NETFLOW6_ENABLE: 'true'
|
|
#EF_PROCESSOR_DECODE_NETFLOW7_ENABLE: 'true'
|
|
EF_PROCESSOR_DECODE_NETFLOW9_ENABLE: 'true'
|
|
#EF_PROCESSOR_DECODE_SFLOW5_ENABLE: 'true'
|
|
#EF_PROCESSOR_DECODE_SFLOW_FLOWS_ENABLE: 'true'
|
|
#EF_PROCESSOR_DECODE_SFLOW_FLOWS_KEEP_SAMPLES: 'false'
|
|
#EF_PROCESSOR_DECODE_SFLOW_COUNTERS_ENABLE: 'true'
|
|
#EF_PROCESSOR_DECODE_MAX_RECORDS_PER_PACKET: 64
|
|
|
|
#EF_PROCESSOR_TRANSLATE_KEEP_IDS: 'default'
|
|
|
|
EF_PROCESSOR_ENRICH_APP_ID_ENABLE: 'false'
|
|
#EF_PROCESSOR_ENRICH_APP_ID_PATH: '/etc/elastiflow/app/appid.yml'
|
|
#EF_PROCESSOR_ENRICH_APP_ID_TTL: 7200
|
|
EF_PROCESSOR_ENRICH_APP_IPPORT_ENABLE: 'false'
|
|
#EF_PROCESSOR_ENRICH_APP_IPPORT_PATH: '/etc/elastiflow/app/ipport.yml'
|
|
#EF_PROCESSOR_ENRICH_APP_IPPORT_TTL: 7200
|
|
#EF_PROCESSOR_ENRICH_APP_IPPORT_PRIVATE: 'true'
|
|
#EF_PROCESSOR_ENRICH_APP_IPPORT_PUBLIC: 'false'
|
|
#EF_PROCESSOR_ENRICH_APP_REFRESH_RATE: 15
|
|
|
|
#EF_PROCESSOR_ENRICH_IPADDR_TTL: 7200
|
|
|
|
EF_PROCESSOR_ENRICH_IPADDR_METADATA_ENABLE: 'false'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_METADATA_USERDEF_PATH: '/etc/elastiflow/metadata/ipaddrs.yml'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_METADATA_REFRESH_RATE: 15
|
|
|
|
EF_PROCESSOR_ENRICH_IPADDR_DNS_ENABLE: 'false'
|
|
EF_PROCESSOR_ENRICH_IPADDR_DNS_NAMESERVER_IP: '172.16.0.50'
|
|
EF_PROCESSOR_ENRICH_IPADDR_DNS_NAMESERVER_TIMEOUT: 3000
|
|
#EF_PROCESSOR_ENRICH_IPADDR_DNS_RESOLVE_PRIVATE: 'true'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_DNS_RESOLVE_PUBLIC: 'true'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_DNS_USERDEF_PATH: '/etc/elastiflow/hostname/user_defined.yml'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_DNS_USERDEF_REFRESH_RATE: 15
|
|
#EF_PROCESSOR_ENRICH_IPADDR_DNS_INCLEXCL_PATH: '/etc/elastiflow/hostname/incl_excl.yml'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_DNS_INCLEXCL_REFRESH_RATE: 15
|
|
|
|
EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_ENABLE: 'true'
|
|
EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_ASN_PATH: '/etc/elastiflow/maxmind/GeoLite2-ASN.mmdb'
|
|
|
|
EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_ENABLE: 'true'
|
|
EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_PATH: '/etc/elastiflow/maxmind/GeoLite2-City.mmdb'
|
|
EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_VALUES: 'city,country,country_code,location,timezone'
|
|
EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_LANG: 'en'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_INCLEXCL_PATH: '/etc/elastiflow/maxmind/incl_excl.yml'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_MAXMIND_GEOIP_INCLEXCL_REFRESH_RATE: 15
|
|
|
|
EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_ENABLE: 'true'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_ENDPOINT: 'https://api.passivetotal.org/v2/netflow/blocklist/download'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_REFRESH_INTERVAL: 1440
|
|
#EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_INCLEXCL_PATH: '/etc/elastiflow/riskiq/incl_excl.yml'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_THREAT_INCLEXCL_REFRESH_RATE: 15
|
|
EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_API_USER: 'mataruso@gmail.com'
|
|
EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_API_KEY: 'a636643ad83008f432c35fb6ecef5a8580aa85f04b25f10563b7c8df6cb805d0'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_RISKIQ_API_TIMEOUT: 180
|
|
|
|
#EF_PROCESSOR_ENRICH_ASN_PREF: 'lookup'
|
|
|
|
#EF_PROCESSOR_ENRICH_NETIF_TTL: 7200
|
|
|
|
EF_PROCESSOR_ENRICH_NETIF_METADATA_ENABLE: 'false'
|
|
#EF_PROCESSOR_ENRICH_NETIF_METADATA_USERDEF_PATH: '/etc/elastiflow/metadata/ipaddrs.yml'
|
|
#EF_PROCESSOR_ENRICH_NETIF_METADATA_REFRESH_RATE: 15
|
|
|
|
EF_PROCESSOR_ENRICH_NETIF_FLOW_OPTIONS_ENABLE: 'true'
|
|
|
|
EF_PROCESSOR_ENRICH_NETIF_SNMP_ENABLE: 'true'
|
|
#EF_PROCESSOR_ENRICH_NETIF_SNMP_PORT: 161
|
|
#EF_PROCESSOR_ENRICH_NETIF_SNMP_VERSION: 2
|
|
EF_PROCESSOR_ENRICH_NETIF_SNMP_COMMUNITIES: '205gti205gti'
|
|
#EF_PROCESSOR_ENRICH_NETIF_SNMP_V3_USERNAME: ''
|
|
#EF_PROCESSOR_ENRICH_NETIF_SNMP_V3_AUTHENTICATION_PROTOCOL: 'noauth'
|
|
#EF_PROCESSOR_ENRICH_NETIF_SNMP_V3_AUTHENTICATION_PASSPHRASE: ''
|
|
#EF_PROCESSOR_ENRICH_NETIF_SNMP_V3_PRIVACY_PROTOCOL: 'nopriv'
|
|
#EF_PROCESSOR_ENRICH_NETIF_SNMP_V3_PRIVACY_PASSPHRASE: ''
|
|
#EF_PROCESSOR_ENRICH_NETIF_SNMP_TIMEOUT: 2
|
|
#EF_PROCESSOR_ENRICH_NETIF_SNMP_RETRIES: 1
|
|
|
|
#EF_PROCESSOR_ENRICH_TOTALS_IF_NO_DELTAS: 'false'
|
|
|
|
EF_PROCESSOR_ENRICH_SAMPLERATE_CACHE_SIZE: 1024
|
|
EF_PROCESSOR_ENRICH_SAMPLERATE_USERDEF_ENABLE: 'true'
|
|
EF_PROCESSOR_ENRICH_SAMPLERATE_USERDEF_PATH: '/etc/elastiflow/settings/sample_rate.yml'
|
|
EF_PROCESSOR_ENRICH_SAMPLERATE_USERDEF_OVERRIDE: 'true'
|
|
|
|
#EF_PROCESSOR_ENRICH_COMMUNITYID_ENABLE: 'true'
|
|
#EF_PROCESSOR_ENRICH_COMMUNITYID_SEED: 0
|
|
#EF_PROCESSOR_ENRICH_CONVERSATIONID_ENABLE: 'true'
|
|
#EF_PROCESSOR_ENRICH_CONVERSATIONID_SEED: 0
|
|
|
|
#EF_PROCESSOR_ENRICH_JOIN_ASN: 'true'
|
|
#EF_PROCESSOR_ENRICH_JOIN_GEOIP: 'true'
|
|
#EF_PROCESSOR_ENRICH_JOIN_SEC: 'true'
|
|
#EF_PROCESSOR_ENRICH_JOIN_NETATTR: 'true'
|
|
#EF_PROCESSOR_ENRICH_JOIN_SUBNETATTR: 'true'
|
|
|
|
#EF_PROCESSOR_DURATION_PRECISION: 'ms'
|
|
#EF_PROCESSOR_TIMESTAMP_PRECISION: 'ms'
|
|
#EF_PROCESSOR_PERCENT_NORM: 100
|
|
#EF_PROCESSOR_EXPAND_CLISRV: 'true'
|
|
#EF_PROCESSOR_EXPAND_CLISRV_NO_L4_PORTS: 'true'
|
|
#EF_PROCESSOR_KEEP_CPU_TICKS: 'false'
|
|
|
|
#EF_PROCESSOR_DROP_FIELDS: ''
|
|
|
|
#EF_PROCESSOR_IFA_ENABLE: 'false'
|
|
#EF_PROCESSOR_IFA_WORKER_SIZE: 0
|
|
|
|
# stdout
|
|
#EF_OUTPUT_STDOUT_ENABLE: 'false'
|
|
#EF_OUTPUT_STDOUT_FORMAT: 'json_pretty'
|
|
|
|
# monitor
|
|
#EF_OUTPUT_MONITOR_ENABLE: 'false'
|
|
#EF_OUTPUT_MONITOR_INTERVAL: 300
|
|
|
|
# Elasticsearch
|
|
#EF_OUTPUT_ELASTICSEARCH_BATCH_DEADLINE: 2000
|
|
#EF_OUTPUT_ELASTICSEARCH_BATCH_MAX_BYTES: 8388608
|
|
#EF_OUTPUT_ELASTICSEARCH_TIMESTAMP_SOURCE: 'collect'
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_PERIOD: 'rollover'
|
|
#EF_OUTPUT_ELASTICSEARCH_TSDS_ENABLE: 'false'
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_SUFFIX: ''
|
|
#EF_OUTPUT_ELASTICSEARCH_DROP_FIELDS: ''
|
|
#EF_OUTPUT_ELASTICSEARCH_ALLOWED_RECORD_TYPES: 'as_path_hop,flow_option,flow,telemetry'
|
|
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ENABLE: 'true'
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_OVERWRITE: 'true'
|
|
EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_SHARDS: 1
|
|
EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REPLICAS: 0
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL: '10s'
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_CODEC: 'best_compression'
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ILM_LIFECYCLE: 'elastiflow'
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_PIPELINE_DEFAULT: '_none'
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_PIPELINE_FINAL: '_none'
|
|
|
|
# A comma separated list of Elasticsearch nodes to use. DO NOT include "http://" or "https://"
|
|
EF_OUTPUT_ELASTICSEARCH_ADDRESSES: '172.16.1.67:9200'
|
|
EF_OUTPUT_ELASTICSEARCH_USERNAME: 'elastic'
|
|
EF_OUTPUT_ELASTICSEARCH_PASSWORD: 'changeme'
|
|
#EF_OUTPUT_ELASTICSEARCH_CLOUD_ID: ''
|
|
#EF_OUTPUT_ELASTICSEARCH_API_KEY: ''
|
|
#EF_OUTPUT_ELASTICSEARCH_CLIENT_CA_CERT_FILEPATH: ''
|
|
#EF_OUTPUT_ELASTICSEARCH_CLIENT_CERT_FILEPATH: ''
|
|
#EF_OUTPUT_ELASTICSEARCH_CLIENT_KEY_FILEPATH: ''
|
|
|
|
EF_OUTPUT_ELASTICSEARCH_TLS_ENABLE: 'false'
|
|
EF_OUTPUT_ELASTICSEARCH_TLS_SKIP_VERIFICATION: 'false'
|
|
EF_OUTPUT_ELASTICSEARCH_TLS_CA_CERT_FILEPATH: ''
|
|
|
|
#EF_OUTPUT_ELASTICSEARCH_RETRY_ENABLE: 'true'
|
|
#EF_OUTPUT_ELASTICSEARCH_RETRY_ON_TIMEOUT_ENABLE: 'true'
|
|
#EF_OUTPUT_ELASTICSEARCH_MAX_RETRIES: 3
|
|
#EF_OUTPUT_ELASTICSEARCH_RETRY_BACKOFF: 1000
|
|
|
|
# OpenSearch
|
|
EF_OUTPUT_OPENSEARCH_ENABLE: 'false'
|
|
EF_OUTPUT_OPENSEARCH_ECS_ENABLE: 'false'
|
|
#EF_OUTPUT_OPENSEARCH_BATCH_DEADLINE: 2000
|
|
#EF_OUTPUT_OPENSEARCH_BATCH_MAX_BYTES: 8388608
|
|
#EF_OUTPUT_OPENSEARCH_TIMESTAMP_SOURCE: 'collect'
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_PERIOD: 'daily'
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_SUFFIX: ''
|
|
#EF_OUTPUT_OPENSEARCH_DROP_FIELDS: ''
|
|
#EF_OUTPUT_OPENSEARCH_ALLOWED_RECORD_TYPES: 'as_path_hop,flow_option,flow,telemetry'
|
|
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ENABLE: 'true'
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_OVERWRITE: 'true'
|
|
EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_SHARDS: 1
|
|
EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REPLICAS: 0
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL: '10s'
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_CODEC: 'best_compression'
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ISM_POLICY: 'elastiflow'
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_DEFAULT: '_none'
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_FINAL: '_none'
|
|
|
|
# A comma separated list of OpenSearch nodes to use. DO NOT include "http://" or "https://"
|
|
EF_OUTPUT_OPENSEARCH_ADDRESSES: '172.16.1.67:9200'
|
|
EF_OUTPUT_OPENSEARCH_USERNAME: 'admin'
|
|
EF_OUTPUT_OPENSEARCH_PASSWORD: 'admin'
|
|
#EF_OUTPUT_OPENSEARCH_CLIENT_CA_CERT_FILEPATH: ''
|
|
#EF_OUTPUT_OPENSEARCH_CLIENT_CERT_FILEPATH: ''
|
|
#EF_OUTPUT_OPENSEARCH_CLIENT_KEY_FILEPATH: ''
|
|
|
|
EF_OUTPUT_OPENSEARCH_TLS_ENABLE: 'false'
|
|
EF_OUTPUT_OPENSEARCH_TLS_SKIP_VERIFICATION: 'false'
|
|
EF_OUTPUT_OPENSEARCH_TLS_CA_CERT_FILEPATH: ''
|
|
|
|
#EF_OUTPUT_OPENSEARCH_RETRY_ENABLE: 'true'
|
|
#EF_OUTPUT_OPENSEARCH_RETRY_ON_TIMEOUT_ENABLE: 'true'
|
|
#EF_OUTPUT_OPENSEARCH_MAX_RETRIES: 3
|
|
#EF_OUTPUT_OPENSEARCH_RETRY_BACKOFF: 1000
|
|
|
|
# Splunk
|
|
EF_OUTPUT_SPLUNK_HEC_ENABLE: 'false'
|
|
#EF_OUTPUT_SPLUNK_HEC_CIM_ENABLE: 'false'
|
|
EF_OUTPUT_SPLUNK_HEC_ADDRESSES: '127.0.0.1:8088'
|
|
EF_OUTPUT_SPLUNK_HEC_TOKEN: ''
|
|
#EF_OUTPUT_SPLUNK_HEC_BATCH_MAX_BYTES: 8388608
|
|
#EF_OUTPUT_SPLUNK_HEC_BATCH_DEADLINE: 2000
|
|
#EF_OUTPUT_SPLUNK_HEC_TLS_ENABLE: 'true'
|
|
#EF_OUTPUT_SPLUNK_HEC_TLS_SKIP_VERIFICATION: 'false'
|
|
#EF_OUTPUT_SPLUNK_HEC_TLS_CA_CERT_FILEPATH: ''
|
|
#EF_OUTPUT_SPLUNK_HEC_DROP_FIELDS: ''
|
|
|
|
# Kafka
|
|
EF_OUTPUT_KAFKA_ENABLE: 'false'
|
|
EF_OUTPUT_KAFKA_BROKERS: ''
|
|
#EF_OUTPUT_KAFKA_VERSION: '1.0.0'
|
|
#EF_OUTPUT_KAFKA_TOPIC: 'elastiflow-flow-codex'
|
|
#EF_OUTPUT_KAFKA_PARTITION_KEY: 'flow.export.ip.addr'
|
|
#EF_OUTPUT_KAFKA_CLIENT_ID: 'elastiflow-flowcoll'
|
|
#EF_OUTPUT_KAFKA_RACK_ID: ''
|
|
#EF_OUTPUT_KAFKA_TIMEOUT: 30
|
|
#EF_OUTPUT_KAFKA_DROP_FIELDS: ''
|
|
#EF_OUTPUT_KAFKA_ALLOWED_RECORD_TYPES: 'as_path_hop,flow_option,flow,telemetry'
|
|
#EF_OUTPUT_KAFKA_FLAT_RECORD_ENABLE: 'true'
|
|
|
|
EF_OUTPUT_KAFKA_SASL_ENABLE: 'false'
|
|
#EF_OUTPUT_KAFKA_SASL_USERNAME: ''
|
|
#EF_OUTPUT_KAFKA_SASL_PASSWORD: ''
|
|
|
|
#EF_OUTPUT_KAFKA_TLS_ENABLE: 'false'
|
|
#EF_OUTPUT_KAFKA_TLS_CA_CERT_FILEPATH: ''
|
|
#EF_OUTPUT_KAFKA_TLS_CERT_FILEPATH: ''
|
|
#EF_OUTPUT_KAFKA_TLS_KEY_FILEPATH: ''
|
|
#EF_OUTPUT_KAFKA_TLS_SKIP_VERIFICATION: 'false'
|
|
|
|
#EF_OUTPUT_KAFKA_PRODUCER_MAX_MESSAGE_BYTES: 1000000
|
|
#EF_OUTPUT_KAFKA_PRODUCER_REQUIRED_ACKS: 1
|
|
#EF_OUTPUT_KAFKA_PRODUCER_TIMEOUT: 10
|
|
#EF_OUTPUT_KAFKA_PRODUCER_COMPRESSION: 3
|
|
#EF_OUTPUT_KAFKA_PRODUCER_COMPRESSION_LEVEL: -1000
|
|
#EF_OUTPUT_KAFKA_PRODUCER_FLUSH_BYTES: 1000000
|
|
#EF_OUTPUT_KAFKA_PRODUCER_FLUSH_MESSAGES: 1024
|
|
#EF_OUTPUT_KAFKA_PRODUCER_FLUSH_FREQUENCY: 1000
|
|
#EF_OUTPUT_KAFKA_PRODUCER_FLUSH_MAX_MESSAGES: 0
|
|
#EF_OUTPUT_KAFKA_PRODUCER_RETRY_MAX: 3
|
|
#EF_OUTPUT_KAFKA_PRODUCER_RETRY_BACKOFF: 100
|
|
|
|
# Cribl
|
|
EF_OUTPUT_CRIBL_ENABLE: 'false'
|
|
EF_OUTPUT_CRIBL_ADDRESSES: '127.0.0.1:10080'
|
|
EF_OUTPUT_CRIBL_TOKEN: ''
|
|
#EF_OUTPUT_CRIBL_BATCH_DEADLINE: 2000
|
|
#EF_OUTPUT_CRIBL_BATCH_MAX_BYTES: 8388608
|
|
#EF_OUTPUT_CRIBL_TLS_ENABLE: 'false'
|
|
#EF_OUTPUT_CRIBL_TLS_SKIP_VERIFICATION: 'false'
|
|
#EF_OUTPUT_CRIBL_TLS_CA_CERT_FILEPATH: ''
|
|
#EF_OUTPUT_CRIBL_DROP_FIELDS: ''
|
|
|
|
# Generic HTTP
|
|
EF_OUTPUT_GENERIC_HTTP_ENABLE: 'false'
|
|
EF_OUTPUT_GENERIC_HTTP_ECS_ENABLE: 'false'
|
|
#EF_OUTPUT_GENERIC_HTTP_BATCH_DEADLINE: 2000
|
|
#EF_OUTPUT_GENERIC_HTTP_BATCH_MAX_BYTES: 8388608
|
|
EF_OUTPUT_GENERIC_HTTP_ADDRESSES: ''
|
|
#EF_OUTPUT_GENERIC_HTTP_USERNAME: ''
|
|
#EF_OUTPUT_GENERIC_HTTP_PASSWORD: ''
|
|
#EF_OUTPUT_GENERIC_HTTP_TLS_ENABLE: 'false'
|
|
#EF_OUTPUT_GENERIC_HTTP_TLS_SKIP_VERIFICATION: 'false'
|
|
#EF_OUTPUT_GENERIC_HTTP_TLS_CA_CERT_FILEPATH: ''
|
|
#EF_OUTPUT_GENERIC_HTTP_DROP_FIELDS: ''
|
|
#EF_OUTPUT_GENERIC_HTTP_TIMESTAMP_SOURCE: 'collect'
|
|
|
|
#RiskIQ
|
|
EF_OUTPUT_RISKIQ_ENABLE: 'true'
|
|
EF_OUTPUT_RISKIQ_HOST: 'flow.riskiq.net'
|
|
EF_OUTPUT_RISKIQ_PORT: 20000
|
|
EF_OUTPUT_RISKIQ_CUSTOMER_UUID: 'accd6af8-eebc-11ee-8dcf-969fd2482ebb'
|
|
EF_OUTPUT_RISKIQ_CUSTOMER_ENCRYPTION_KEY: 'nIuZ6qCD6lTHCLCKI6CouQ=='
|
|
|
|
|
|
snmp-collector:
|
|
image: elastiflow/snmp-collector:7.3.2
|
|
container_name: snmp-collector
|
|
restart: 'unless-stopped'
|
|
volumes:
|
|
- /etc/elastiflow:/etc/elastiflow
|
|
environment:
|
|
EF_LICENSE_ACCEPTED: 'true'
|
|
EF_ACCOUNT_ID: '66086a9597246e8760c15154'
|
|
|
|
EF_SNMP_LICENSE_KEY: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI2NjA4NmE5NTk3MjQ2ZTg3NjBjMTUxNTQiLCJleHAiOjE3NjA5MTg0MDAsImlzcyI6ImVsYXN0aWZsb3ciLCJzdWIiOiI2MzZhYjc0N2NiMGVkYzEzNmUwN2JjMTgiLCJwb2wiOiI2MzZhYjgwYmNiMGVkYzEzNmUwN2JjMWQiLCJjb3IiOjEsImx2bCI6MiwiZGlzYWJsZV9yaXNraXEiOmZhbHNlLCJ1bnQiOjEsInYiOiJ2MyJ9.CNuBxq6XglKIp7Q-bwK2pzlqbfQD6NCLFXPNckSkAds'
|
|
#EF_SNMP_LICENSED_UNITS:
|
|
|
|
#EF_INSTANCE_NAME: default
|
|
#EF_API_PORT: 8080
|
|
#EF_API_TLS_ENABLE: ''
|
|
#EF_API_TLS_CERT_FILEPATH: ''
|
|
#EF_API_TLS_KEY_FILEPATH: ''
|
|
#EF_API_BASIC_AUTH_ENABLE: 'false'
|
|
#EF_API_BASIC_AUTH_USERNAME: ''
|
|
#EF_API_BASIC_AUTH_PASSWORD: ''
|
|
|
|
#EF_LOGGER_LEVEL: 'info'
|
|
#EF_LOGGER_ENCODING: 'json'
|
|
#EF_LOGGER_FILE_LOG_ENABLE: 'false'
|
|
#EF_LOGGER_FILE_LOG_FILENAME: '/var/log/elastiflow/flowcoll/flowcoll.log'
|
|
#EF_LOGGER_FILE_LOG_MAX_SIZE: 100
|
|
#EF_LOGGER_FILE_LOG_MAX_AGE: ''
|
|
#EF_LOGGER_FILE_LOG_MAX_BACKUPS: 4
|
|
#EF_LOGGER_FILE_LOG_COMPRESS: 'false'
|
|
|
|
#EF_INPUT_SNMP_POLLER_WORKER_POOL_SIZE: # defaults to the number of CPU threads * 4
|
|
#EF_INPUT_SNMP_POLLER_ERROR_HANDLING: 'partial'
|
|
#EF_INPUT_SNMP_DEVICE_DEFINITIONS_DIRECTORY_PATH: '/etc/elastiflow/snmp/devices'
|
|
#EF_INPUT_SNMP_DEVICE_GROUP_DEFINITIONS_DIRECTORY_PATH: '/etc/elastiflow/snmp/device_groups'
|
|
#EF_INPUT_SNMP_OBJECT_GROUP_DEFINITIONS_DIRECTORY_PATH: '/etc/elastiflow/snmp/object_groups'
|
|
#EF_INPUT_SNMP_OBJECT_DEFINITIONS_DIRECTORY_PATH: '/etc/elastiflow/snmp/objects'
|
|
#EF_INPUT_SNMP_PERSIST_ENABLE: 'true'
|
|
#EF_INPUT_SNMP_PERSIST_DIRECTORY_PATH: '/usr/share/elastiflow/snmpcoll'
|
|
|
|
#EF_PROCESSOR_SNMP_ENUM_DEFINITIONS_DIRECTORY_PATH: '/etc/elastiflow/snmp/enums'
|
|
#EF_PROCESSOR_POOL_SIZE:
|
|
#EF_PROCESSOR_TRANSLATE_KEEP_IDS: 'default'
|
|
|
|
#EF_PROCESSOR_ENRICH_IPADDR_TTL: 7200
|
|
|
|
EF_PROCESSOR_ENRICH_IPADDR_METADATA_ENABLE: 'false'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_METADATA_USERDEF_PATH: '/etc/elastiflow/metadata/ipaddrs.yml'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_METADATA_REFRESH_RATE: 15
|
|
|
|
EF_PROCESSOR_ENRICH_IPADDR_DNS_ENABLE: 'false'
|
|
EF_PROCESSOR_ENRICH_IPADDR_DNS_NAMESERVER_IP: ''
|
|
EF_PROCESSOR_ENRICH_IPADDR_DNS_NAMESERVER_TIMEOUT: 3000
|
|
#EF_PROCESSOR_ENRICH_IPADDR_DNS_RESOLVE_PRIVATE: 'true'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_DNS_RESOLVE_PUBLIC: 'true'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_DNS_USERDEF_PATH: '/etc/elastiflow/hostname/user_defined.yml'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_DNS_USERDEF_REFRESH_RATE: 15
|
|
#EF_PROCESSOR_ENRICH_IPADDR_DNS_INCLEXCL_PATH: '/etc/elastiflow/hostname/incl_excl.yml'
|
|
#EF_PROCESSOR_ENRICH_IPADDR_DNS_INCLEXCL_REFRESH_RATE: 15
|
|
|
|
#EF_PROCESSOR_DURATION_PRECISION: 'ms'
|
|
#EF_PROCESSOR_TIMESTAMP_PRECISION: 'ms'
|
|
#EF_PROCESSOR_PERCENT_NORM: 100
|
|
#EF_PROCESSOR_KEEP_CPU_TICKS: 'false'
|
|
|
|
#EF_PROCESSOR_DROP_FIELDS: ''
|
|
|
|
# stdout
|
|
#EF_OUTPUT_STDOUT_ENABLE: 'false'
|
|
#EF_OUTPUT_STDOUT_FORMAT: 'json_pretty'
|
|
|
|
# monitor
|
|
#EF_OUTPUT_MONITOR_ENABLE: 'false'
|
|
#EF_OUTPUT_MONITOR_INTERVAL: 300
|
|
|
|
# Elasticsearch
|
|
EF_OUTPUT_ELASTICSEARCH_ENABLE: 'true'
|
|
EF_OUTPUT_ELASTICSEARCH_ECS_ENABLE: 'true'
|
|
#EF_OUTPUT_ELASTICSEARCH_BATCH_DEADLINE: 2000
|
|
#EF_OUTPUT_ELASTICSEARCH_BATCH_MAX_BYTES: 8388608
|
|
#EF_OUTPUT_ELASTICSEARCH_TIMESTAMP_SOURCE: 'collect'
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_PERIOD: 'rollover'
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_SUFFIX: ''
|
|
#EF_OUTPUT_ELASTICSEARCH_DROP_FIELDS: ''
|
|
#EF_OUTPUT_ELASTICSEARCH_ALLOWED_RECORD_TYPES: 'as_path_hop,flow_option,flow,telemetry'
|
|
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ENABLE: 'true'
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_OVERWRITE: 'true'
|
|
EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_SHARDS: 1
|
|
EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REPLICAS: 0
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL: '10s'
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_CODEC: 'best_compression'
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ILM_LIFECYCLE: 'elastiflow'
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_PIPELINE_DEFAULT: '_none'
|
|
#EF_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_PIPELINE_FINAL: '_none'
|
|
|
|
# A comma separated list of Elasticsearch nodes to use. DO NOT include "http://" or "https://"
|
|
EF_OUTPUT_ELASTICSEARCH_ADDRESSES: '172.16.1.67:9200'
|
|
EF_OUTPUT_ELASTICSEARCH_USERNAME: 'elastic'
|
|
EF_OUTPUT_ELASTICSEARCH_PASSWORD: 'changeme'
|
|
#EF_OUTPUT_ELASTICSEARCH_CLOUD_ID: ''
|
|
#EF_OUTPUT_ELASTICSEARCH_API_KEY: ''
|
|
#EF_OUTPUT_ELASTICSEARCH_CLIENT_CA_CERT_FILEPATH:
|
|
#EF_OUTPUT_ELASTICSEARCH_CLIENT_CERT_FILEPATH:
|
|
#EF_OUTPUT_ELASTICSEARCH_CLIENT_KEY_FILEPATH:
|
|
|
|
EF_OUTPUT_ELASTICSEARCH_TLS_ENABLE: 'false'
|
|
EF_OUTPUT_ELASTICSEARCH_TLS_SKIP_VERIFICATION: 'false'
|
|
EF_OUTPUT_ELASTICSEARCH_TLS_CA_CERT_FILEPATH: ''
|
|
|
|
#EF_OUTPUT_ELASTICSEARCH_RETRY_ENABLE: 'true'
|
|
#EF_OUTPUT_ELASTICSEARCH_RETRY_ON_TIMEOUT_ENABLE: 'true'
|
|
#EF_OUTPUT_ELASTICSEARCH_MAX_RETRIES: 3
|
|
#EF_OUTPUT_ELASTICSEARCH_RETRY_BACKOFF: 1000
|
|
|
|
# OpenSearch
|
|
EF_OUTPUT_OPENSEARCH_ENABLE: 'false'
|
|
EF_OUTPUT_OPENSEARCH_ECS_ENABLE: 'false'
|
|
#EF_OUTPUT_OPENSEARCH_BATCH_DEADLINE: 2000
|
|
#EF_OUTPUT_OPENSEARCH_BATCH_MAX_BYTES: 8388608
|
|
#EF_OUTPUT_OPENSEARCH_TIMESTAMP_SOURCE: 'collect'
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_PERIOD: 'daily'
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_SUFFIX: ''
|
|
#EF_OUTPUT_OPENSEARCH_DROP_FIELDS: ''
|
|
#EF_OUTPUT_OPENSEARCH_ALLOWED_RECORD_TYPES: 'as_path_hop,flow_option,flow,telemetry'
|
|
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ENABLE: 'true'
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_OVERWRITE: 'true'
|
|
EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_SHARDS: 1
|
|
EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REPLICAS: 0
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_REFRESH_INTERVAL: '10s'
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_CODEC: 'best_compression'
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_ISM_POLICY: 'elastiflow'
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_DEFAULT: '_none'
|
|
#EF_OUTPUT_OPENSEARCH_INDEX_TEMPLATE_PIPELINE_FINAL: '_none'
|
|
|
|
# A comma separated list of OpenSearch nodes to use. DO NOT include "http://" or "https://"
|
|
EF_OUTPUT_OPENSEARCH_ADDRESSES: '172.16.1.67:9200'
|
|
EF_OUTPUT_OPENSEARCH_USERNAME: 'elastic'
|
|
EF_OUTPUT_OPENSEARCH_PASSWORD: 'changeme'
|
|
#EF_OUTPUT_OPENSEARCH_CLIENT_CA_CERT_FILEPATH:
|
|
#EF_OUTPUT_OPENSEARCH_CLIENT_CERT_FILEPATH:
|
|
#EF_OUTPUT_OPENSEARCH_CLIENT_KEY_FILEPATH:
|
|
|
|
EF_OUTPUT_OPENSEARCH_TLS_ENABLE: 'false'
|
|
EF_OUTPUT_OPENSEARCH_TLS_SKIP_VERIFICATION: 'false'
|
|
EF_OUTPUT_OPENSEARCH_TLS_CA_CERT_FILEPATH: ''
|
|
|
|
#EF_OUTPUT_OPENSEARCH_RETRY_ENABLE: 'true'
|
|
#EF_OUTPUT_OPENSEARCH_RETRY_ON_TIMEOUT_ENABLE: 'true'
|
|
#EF_OUTPUT_OPENSEARCH_MAX_RETRIES: 3
|
|
#EF_OUTPUT_OPENSEARCH_RETRY_BACKOFF: 1000
|
|
|
|
# Splunk
|
|
EF_OUTPUT_SPLUNK_HEC_ENABLE: 'false'
|
|
#EF_OUTPUT_SPLUNK_HEC_CIM_ENABLE: 'false'
|
|
EF_OUTPUT_SPLUNK_HEC_ADDRESSES: '127.0.0.1:8088'
|
|
EF_OUTPUT_SPLUNK_HEC_TOKEN: ''
|
|
#EF_OUTPUT_SPLUNK_HEC_BATCH_MAX_BYTES: 8388608
|
|
#EF_OUTPUT_SPLUNK_HEC_BATCH_DEADLINE: 2000
|
|
#EF_OUTPUT_SPLUNK_HEC_TLS_ENABLE: 'true'
|
|
#EF_OUTPUT_SPLUNK_HEC_TLS_SKIP_VERIFICATION: 'false'
|
|
#EF_OUTPUT_SPLUNK_HEC_TLS_CA_CERT_FILEPATH: ''
|
|
#EF_OUTPUT_SPLUNK_HEC_DROP_FIELDS: ''
|
|
|
|
# Kafka
|
|
EF_OUTPUT_KAFKA_ENABLE: 'false'
|
|
EF_OUTPUT_KAFKA_BROKERS: ''
|
|
#EF_OUTPUT_KAFKA_VERSION: '1.0.0'
|
|
#EF_OUTPUT_KAFKA_TOPIC: 'elastiflow-flow-codex'
|
|
#EF_OUTPUT_KAFKA_PARTITION_KEY: 'flow.export.ip.addr'
|
|
#EF_OUTPUT_KAFKA_CLIENT_ID: 'elastiflow-flowcoll'
|
|
#EF_OUTPUT_KAFKA_RACK_ID: ''
|
|
#EF_OUTPUT_KAFKA_TIMEOUT: 30
|
|
#EF_OUTPUT_KAFKA_DROP_FIELDS: ''
|
|
#EF_OUTPUT_KAFKA_ALLOWED_RECORD_TYPES: 'as_path_hop,flow_option,flow,telemetry'
|
|
#EF_OUTPUT_KAFKA_FLAT_RECORD_ENABLE: 'true'
|
|
|
|
EF_OUTPUT_KAFKA_SASL_ENABLE: 'false'
|
|
#EF_OUTPUT_KAFKA_SASL_USERNAME: ''
|
|
#EF_OUTPUT_KAFKA_SASL_PASSWORD: ''
|
|
|
|
#EF_OUTPUT_KAFKA_TLS_ENABLE: 'false'
|
|
#EF_OUTPUT_KAFKA_TLS_CA_CERT_FILEPATH: ''
|
|
#EF_OUTPUT_KAFKA_TLS_CERT_FILEPATH: ''
|
|
#EF_OUTPUT_KAFKA_TLS_KEY_FILEPATH: ''
|
|
#EF_OUTPUT_KAFKA_TLS_SKIP_VERIFICATION: 'false'
|
|
|
|
#EF_OUTPUT_KAFKA_PRODUCER_MAX_MESSAGE_BYTES: 1000000
|
|
#EF_OUTPUT_KAFKA_PRODUCER_REQUIRED_ACKS: 1
|
|
#EF_OUTPUT_KAFKA_PRODUCER_TIMEOUT: 10
|
|
#EF_OUTPUT_KAFKA_PRODUCER_COMPRESSION: 3
|
|
#EF_OUTPUT_KAFKA_PRODUCER_COMPRESSION_LEVEL: -1000
|
|
#EF_OUTPUT_KAFKA_PRODUCER_FLUSH_BYTES: 1000000
|
|
#EF_OUTPUT_KAFKA_PRODUCER_FLUSH_MESSAGES: 1024
|
|
#EF_OUTPUT_KAFKA_PRODUCER_FLUSH_FREQUENCY: 1000
|
|
#EF_OUTPUT_KAFKA_PRODUCER_FLUSH_MAX_MESSAGES: 0
|
|
#EF_OUTPUT_KAFKA_PRODUCER_RETRY_MAX: 3
|
|
#EF_OUTPUT_KAFKA_PRODUCER_RETRY_BACKOFF: 100
|
|
|
|
# Cribl
|
|
EF_OUTPUT_CRIBL_ENABLE: 'false'
|
|
EF_OUTPUT_CRIBL_ADDRESSES: '127.0.0.1:10080'
|
|
EF_OUTPUT_CRIBL_TOKEN: ''
|
|
#EF_OUTPUT_CRIBL_BATCH_DEADLINE: 2000
|
|
#EF_OUTPUT_CRIBL_BATCH_MAX_BYTES: 8388608
|
|
#EF_OUTPUT_CRIBL_TLS_ENABLE: 'false'
|
|
#EF_OUTPUT_CRIBL_TLS_SKIP_VERIFICATION: 'false'
|
|
#EF_OUTPUT_CRIBL_TLS_CA_CERT_FILEPATH: ''
|
|
#EF_OUTPUT_CRIBL_DROP_FIELDS: ''
|
|
|
|
# Generic HTTP
|
|
EF_OUTPUT_GENERIC_HTTP_ENABLE: 'false'
|
|
EF_OUTPUT_GENERIC_HTTP_ECS_ENABLE: 'false'
|
|
#EF_OUTPUT_GENERIC_HTTP_BATCH_DEADLINE: 2000
|
|
#EF_OUTPUT_GENERIC_HTTP_BATCH_MAX_BYTES: 8388608
|
|
EF_OUTPUT_GENERIC_HTTP_ADDRESSES: ''
|
|
#EF_OUTPUT_GENERIC_HTTP_USERNAME: ''
|
|
#EF_OUTPUT_GENERIC_HTTP_PASSWORD: ''
|
|
#EF_OUTPUT_GENERIC_HTTP_TLS_ENABLE: 'false'
|
|
#EF_OUTPUT_GENERIC_HTTP_TLS_SKIP_VERIFICATION: 'false'
|
|
#EF_OUTPUT_GENERIC_HTTP_TLS_CA_CERT_FILEPATH: ''
|
|
#EF_OUTPUT_GENERIC_HTTP_DROP_FIELDS: ''
|
|
#EF_OUTPUT_GENERIC_HTTP_TIMESTAMP_SOURCE: 'collect' |