Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
W
Warden
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Pavel Valach
Warden
Commits
2702130b
Commit
2702130b
authored
7 years ago
by
Pavel Kácha
Browse files
Options
Downloads
Patches
Plain Diff
Added README
parent
cdfe49f8
Branches
Branches containing commit
Tags
Tags containing commit
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
warden3/contrib/connectors/hp-labrea/README
+67
-0
67 additions, 0 deletions
warden3/contrib/connectors/hp-labrea/README
with
67 additions
and
0 deletions
warden3/contrib/connectors/hp-labrea/README
0 → 100644
+
67
−
0
View file @
2702130b
Warden LaBrea connector 0.1 for Warden 3.X
==========================================
Introduction
------------
labrea-idea.py is a daemon, meant for continuous watching of LaBrea log files
and generation of Idea_ format of corresponding security events. It is
usually run in correspondence with warden_filer daemon, which picks the
resulting events up and feeds them to the Warden_ server. Connector supports
sliding window aggregation, so sets of connections with the same source are
reported as one event (within aggregation window).
Dependencies
------------
1. Platform
Python 2.7+
2. Python packages
warden_filer 3.0+ (recommended)
Usage
-----
./labrea-idea.py [options] logfile ...
Options:
-h, --help show this help message and exit
-w WINDOW, --window=WINDOW
max detection window (default: 900)
-t TIMEOUT, --timeout=TIMEOUT
detection timeout (default: 300)
-n NAME, --name=NAME Warden client name
--test Add Test category
-o, --oneshot process files and quit (do not daemonize)
--poll=POLL log file polling interval
-d DIR, --dir=DIR Target directory (mandatory)
-p PID, --pid=PID create PID file with this name (default: /var/run
/labrea-idea.pid)
-u UID, --uid=UID user id to run under
-g GID, --gid=GID group id to run under
-v, --verbose turn on debug logging
--log=LOG syslog facility or log file name (default: local7)
--realtime use system time along with log timestamps (default)
--norealtime don't system time, use solely log timestamps
Configuration
-------------
However, the daemon is usually run by init script (example one is a part of
the distribution, along with sample logrotate definition). Options then can
be configured by /etc/sysconfig/labrea-idea or /etc/defaults/labrea-idea,
depending on your distribution custom, where at least PARAMS variable has
to be specified (for others, see the init script).
.. _Warden: https://warden.cesnet.cz/
.. _Idea: https://idea.cesnet.cz/
------------------------------------------------------------------------------
Copyright (C) 2017 Cesnet z.s.p.o
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
