package config // Config names const ( Verbose = "verbose" // More information in log, default is false Threads = "threads" // Number of working threads, default is 10 AggregatorUpdateWorkers = "aggregator.updater.workers" // Number of working threads for aggregator bulk update, default is 1 AggregatorBulkCount = "aggregator.updater.bulk_count" // Number of bulk requests for aggregated events, before flush will be called, default is 100 AggregatorBulkFlushInterval = "aggregator.updater.flush" // Time interval, after witch, flush will be called, default is 1m AggregatorNormalizedWorkers = "aggregator.normalizer.workers" // Number of working threads for aggregator bulk update normalized events, default is 1 AggregatorNormalizerBulkCount = "aggregator.normalizer.bulk_count" // Number of bulk requests for normalized events, before flush will be called, default is 100 AggregatorNormalizedBulkFlushInterval = "aggregator.normalizer.flush" // Time interval, after witch, flush will be called, default is 1m AggregatorIterationDuration = "aggregator.iteration" // How often aggregator will query for next bunch of normalized events. Default value is 30s AggregatorWindow = "aggregator.window" // Aggregator inspection window size. Default value is 30s CorrelatorWorkers = "correlator.workers" // Number of working threads for correlator bulk requests, default is 1 CorrelatorBulkCount = "correlator.bulk_count" // Number of bulk requests for aggregated events, before flush will be called, default is 100 CorrelatorFlushInterval = "correlator.flush" // Time interval, after witch, flush will be called, default is 1m ApiPort = "correlator.api.port" // Port for correlator API. Default value is 5566 ConsoleUsername = "console.auth.username" // Username to work with AMC (console) web interface. No default value ConsolePassword = "console.auth.password" // Password to work with AMC (console) web interface. No default value ConsoleUrlToken = "console.url.token" // Url to obtain auth token from web interface. No default value ConsoleUrlIncident = "console.url.incident" // Url to create incident in web interface. No default value ConsoleUrlAsset = "console.url.asset" // Url to create asset in web interface. No default value ConsoleIgnoreSSLErrors = "console.ignore_ssl_errors" // If true, all connections to console will ignore SSL errors. Default if true DebugDumpRequest = "debug.dump" // Dump all network request/responses. Default is false DebugDumpPath = "debug.path" // Path, where to store debug dumps SyslogTag = "syslog.tag" // Tag for syslog action. Default is "correlaor" LogFileName = "log.filename" // Where to write logs. Default is "correlator.log" LogMaxSize = "log.max_size" // Max size of log file before rotation. Default is 100 LogMaxBkup = "log.max_bkup" // How many old logs files exist. Default is 10 LogMaxAge = "log.max_age" // How long we need to keep old log files. Default is 10 LogCompress = "log.compress" // Should we compress ol log files. Default is true LogLevel = "log.level" // Verbosity of logging. Default is 2. Max is 6 (trace) LogFormatter = "log.formatter" // Formatter type. Valid values are "json" and "text". Default is "json" LogForceColors = "log.force_colors" // If formatter is "text", this option enable color output for logging. Default is false ElasticAggregatedIndexName = "elastic.aggregated_index" // Index pattern for aggregator, default is aggregated-2006.01.02 ElasticNormalizedIndexName = "elastic.normalized_index" // Index pattern for correlator, default is arma-*. Warning! If changed, need to change logstash settings ElasticUrl = "elastic.url" // URL for elasticsearch access. No default value ElasticUsername = "elastic.username" // Username for elasticsearch access. No default value ElasticPassword = "elastic.password" // Password for elasticsearch access. No default value ElasticRetryCount = "elastic.retry.count" // How many times should we retry to connect to elasticsearch. Default is 10 ElasticConnectionTimeout = "elastic.retry.timeout" // How long must we wait before next connection attempt. Default is 20s ElasticLogQuery = "elastic.log.query" // Log every elasticsearch query we call. Default is false ElasticLogEncodeQuery = "elastic.log.encode_query" // Encode elasticsearch query with base64. Default is false ElasticIgnoreSSLErrors = "elastic.ignore_ssl_errors" // If true, elastic client will ignore HTTPS errors. Default is true ActionFirewallRuleIgnoreSSLErrors = "actions.firewall_rule.ignore_ssl_errors" // If true, firewall rule action will ignore SSL errors. Default if true AggregatedFields = "events_fields" // List of fields for aggregation ScrollSize = "scroll_size" // Size specifies the number of documents Elasticsearch should return from each shard, per page )