| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| |
| include = env/env_preprod.conf |
| include = env/metrics.conf |
| |
| #Global Properties |
| |
| debug.mode=true |
| local.mode=true |
| num.workers=1 |
| |
| #Simulator Spout |
| spout.simulator.num.tasks=1 |
| spout.simulator.parallelism.hint=1 |
| |
| #Kafka Spout |
| spout.kafka.num.tasks=1 |
| spout.kafka.parallelism.hint=1 |
| spout.kafka.topic=test |
| |
| #Parser Bolt |
| bolt.parser.num.tasks=1 |
| bolt.parser.parallelism.hint=1 |
| |
| #Alerts Bolt (Static Configuration) |
| bolt.alerts.num.tasks=1 |
| bolt.alerts.parallelism.hint=1 |
| bolt.alerts.staticpriority=3 |
| bolt.alerts.staticsource=lancope |
| bolt.alerts.cluster=preprod |
| |
| #Host Enrichment |
| bolt.enrichment.host.num.tasks=1 |
| bolt.enrichment.host.parallelism.hint=1 |
| bolt.enrichment.host.MAX_CACHE_SIZE_OBJECTS_NUM=10000 |
| bolt.enrichment.host.MAX_TIME_RETAIN_MINUTES=10 |
| bolt.enrichment.host.enrichment_tag=host |
| bolt.enrichment.host.source_ip=ip_src_addr |
| bolt.enrichment.host.resp_ip=ip_dst_addr |
| |
| #GeoEnrichment |
| bolt.enrichment.geo.num.tasks=1 |
| bolt.enrichment.geo.parallelism.hint=1 |
| bolt.enrichment.geo.enrichment_tag=geo |
| bolt.enrichment.geo.source_ip=ip_src_addr |
| bolt.enrichment.geo.resp_ip=ip_dst_addr |
| bolt.enrichment.geo.adapter.table=GEO |
| bolt.enrichment.geo.MAX_CACHE_SIZE_OBJECTS_NUM=10000 |
| bolt.enrichment.geo.MAX_TIME_RETAIN_MINUTES=10 |
| |
| #WhoisEnrichment |
| bolt.enrichment.whois.num.tasks=1 |
| bolt.enrichment.whois.parallelism.hint=1 |
| bolt.enrichment.whois.whois_enrichment_tag=whois_enrichment |
| bolt.enrichment.whois.source=host\":\"(.*?)\" |
| bolt.enrichment.whois.MAX_CACHE_SIZE_OBJECTS_NUM=10000 |
| bolt.enrichment.whois.MAX_TIME_RETAIN_MINUTES=10 |
| |
| #CIF Enrichment |
| bolt.enrichment.cif.tablename=cif_table |
| bolt.enrichment.cif.num.tasks=1 |
| bolt.enrichment.cif.parallelism.hint=1 |
| bolt.enrichment.cif.source_ip=id.orig_h |
| bolt.enrichment.cif.resp_ip=id.resp_h |
| bolt.enrichment.cif.host=host |
| bolt.enrichment.cif.email=email |
| bolt.enrichment.cif.MAX_CACHE_SIZE_OBJECTS_NUM=10000 |
| bolt.enrichment.cif.MAX_TIME_RETAIN_MINUTES=10 |
| |
| |
| #Indexing Bolt |
| bolt.indexing.num.tasks=1 |
| bolt.indexing.parallelism.hint=1 |
| bolt.indexing.indexname=bro_index |
| bolt.indexing.documentname=bro_doc |
| bolt.indexing.bulk=200 |
| bolt.indexing.indexIP=ctrl01 |
| bolt.indexing.port=9200 |
| bolt.indexing.clustername=devo_es |
| |
| |
| #HDFS Bolt |
| bolt.hdfs.num.tasks=1 |
| bolt.hdfs.parallelism.hint=1 |
| bolt.hdfs.size.rotation.policy=5 |
| bolt.hdfs.size.sink.policy=5 |
| bolt.hdfs.fs.url=hdfs://nn1:8020 |
| |
| #Kafka Bolt |
| bolt.kafka.num.tasks=1 |
| bolt.kafka.parallelism.hint=1 |
| bolt.kafka.topic=test_out |
