forked from jasonish/evebox
-
Notifications
You must be signed in to change notification settings - Fork 0
/
agent.yaml.example
38 lines (31 loc) · 1.32 KB
/
agent.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# EveBox Agent configuration file - subject to change.
# Server information.
server:
url: http://localhost:5636
# Username and password. Note that at this time even with
# authentication enabled on the EveBox server, agents can still
# submit events without authenticating. You will need to supply and
# username and password if running behind a reverse proxy
# implementing authentication.
#username: username
#password: password
# Directory to store bookmark information. This is optional and not
# required if the agent has write access to the directory of the log
# file being reader.
#bookmark-directory: "/var/lib/evebox"
# If the EveBox server is running behind TLS and the certificate is
# self signed, certificate validation can be disabled.
#disable-certificate-check: true
# Path to log file. Only a single path is allowed at this time.
input:
filename: "/var/log/suricata/eve.json"
# Custom fields to add to the event. Only top level fields can be set,
# and only simple values (string, integer) can be set.
custom-fields:
# Set a host field. This will override the "host" field set by
# Suricata if the Suricata "sensor-name" option is set.
#host: "evebox-agent"
# The EveBox agent can add the rule to an event. To do so, list the
# rule files here.
rules:
- /etc/suricata/rules/*.rules