The events2logger.yml file configures how and where events are retrieved and forwarded. An example file is attached.
Global Settings
- api.url
- URL to the API Service - for cloud
https://api.802secure.net/apiv1/customer - api.console_url
- URL to the Console
https://console.802secure.net - api.verify_tls
- If TLS verification should be performed. Primarily for on-premise installations. WARNING: This can open up the client to MITM decryption and capture.
- api.server_cert
- File path to the server's public certificate or CA to validate
- api.key
- An API Key from here - use this or email/password
- api.email
- Email for authentication - if not using api.key
- api.password
- Password for authentiation - if not using api.key
- sleep
- Time between checks for new events in seconds
- exclude_source
- Sources to exclude when retrieving
- include_sources
- Sources to only include when retrieving
- minimum_severity
- Minimum severity level to retrieve
- output_format
- Global message output format:
json,cefor undefined. Will be overridden by destination settings.
Syslog Settings
- server
- Target server DNS or IP Address
- proto
- Protocol to use:
udp,tcp,tcp+tls - port
- Target port to connect to
- output_format
- Format for messages:
jsonorcef - facility
- Syslog facility to use, e.g.
LOG_LOCAL5 - certificate
- If using
tcp+tlsthe PEM formatted file of the server's public certificate. - tag
- Additional tag to include
Graylog Settings
- server
- Target server DNS or IP Address
- port
- Target port to connect to
Slack Settings
- webhook
- Your Slack webhook
- channel
- Target channel to deliver messages to
- emoji
- A Slack icon-emoji to use, e.g.
:ghost:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article