mirror of
https://github.com/evilsocket/opensnitch.git
synced 2025-03-04 08:34:40 +01:00
7b610c0176
Now you can send events to syslog, local or remote. This feature was requested here #638 This feature allows you to integrate opensnitch with your SIEM. Take a look at the above discussion to see examples with syslog-ng+promtail+loki+grafana. There's only one logger implemented (syslog), but it should be easily expandable to add more type of loggers (elastic, etc). The event format can be CSV or RFC5424. It sould also be easy to add more formats. - Allow to configure stats workers. They were hardcoded to 4.
18 lines
383 B
JSON
18 lines
383 B
JSON
{
|
|
"Server":
|
|
{
|
|
"Address":"unix:///tmp/osui.sock",
|
|
"LogFile":"/var/log/opensnitchd.log"
|
|
},
|
|
"DefaultAction": "allow",
|
|
"DefaultDuration": "once",
|
|
"InterceptUnknown": false,
|
|
"ProcMonitorMethod": "ebpf",
|
|
"LogLevel": 2,
|
|
"Firewall": "nftables",
|
|
"Stats": {
|
|
"MaxEvents": 150,
|
|
"MaxStats": 25,
|
|
"Workers": 6
|
|
}
|
|
}
|