Elos Configuration¶
Configuring elos can be done in several ways thanks to the samconf-project.
Currently elos supports :
Files (JSON)
Environment variables
Commandline arguments
The default config file is expected in /etc/elos/elosd.json and can be overwritten by setting the environment variable ELOS_CONFIG_PATH.
Environment variables can only be used to overwrite option from configuration files if UseEnv is set to true in the elos main configuration file /etc/elos/elosd.json.
If UseEnv is enabled the following configurations are equivalent.
{
"root": {
"elos" {
"LogLevel": "Warning"
}
}
}
ELOS_LOGLEVEL="Warning"
Elos use internally a config tree and do lookups for options using a path. For example, to determine the configured log level it will use /root/elos/LogLevel. For the Json file the path is quite obvious. For environment variables the name has to include the full path and _ is used as path separator. The /root can be omitted on environment variables. It is a samconf internal thing and will probably removed.
The configuration contains some elos global settings and then splits up in different section.
Global Elos Options¶
UseEnv: Define if elosd will allow overwrite configuration values by environment variables
LogFilter: Only log messages from these C-Files are shown, don’t touch it except you know what you’re doing (
ELOS_LOG_FILTERdefault value:""); files are separated by;i.e."first.c;second.c"LogLevel: Severity levels deciding how much information will be printed from no messages to extremely detailed the levels are: Off, Fatal, Error, Warn, Info, Debug and Verbose (
ELOS_LOG_LEVELdefault value:"Debug")ClientInputs: This section defines plugins wich provides interface to allow other applications to communicate with elos. See Client Manager for more details on how to configure client plugins.
EventLogging: This section defines plugins wich are used by elos to store events. They are often also referred to as storage backend plugins. See Event Logging for more details on how to configure storage plugins.
Scanner: This section defines plugins wich are used by elos to observe and poll system sources to produce events. See Scanner Manager for more details on how to configure Scanner plugins.
Default Config¶
The default config is a good starting point to configure elos to your needs.
1{
2 "root": {
3 "elos": {
4 "UseEnv": false,
5 "LogFilter": "",
6 "LogLevel": "DEBUG",
7 "ClientInputs": {
8 "Plugins": {
9 "LocalTcpClient": {
10 "File": "client_tcp.so",
11 "Run": "always",
12 "Config": {
13 "ConnectionLimit": 200,
14 "Port": 54321,
15 "Interface": "127.0.0.1",
16 "EventBlacklist": ".event.messageCode 1000 LE",
17 "authorizedProcesses": [
18 ".process.uid 0 EQ .process.gid 0 EQ AND .process.exec '/usr/bin/elosc' STRCMP AND",
19 ".process.gid 200 EQ .process.exec '/usr/bin/elosc' STRCMP AND",
20 ".process.pid 1 EQ"
21 ]
22 }
23 },
24 "PublicTcpClient": {
25 "File": "client_tcp.so",
26 "Run": "always",
27 "Config": {
28 "Port": 54322,
29 "Interface": "0.0.0.0",
30 "EventBlacklist": "1 1 EQ",
31 "authorizedProcesses": []
32 }
33 }
34 }
35 },
36 "EventLogging": {
37 "Plugins": {
38 "fetchapi": {
39 "File": "backend_fetchapi.so",
40 "Run": "always",
41 "Filter": [
42 "1 1 EQ"
43 ],
44 "Config": {
45 "BufferSize": 100
46 }
47 },
48 "JsonBackend": {
49 "File": "backend_json.so",
50 "Run": "always",
51 "Filter": [
52 "1 1 EQ"
53 ],
54 "Config": {
55 "StoragePath": "/tmp/elosd_%host%_%date%_%count%.log",
56 "MaxSize": 60000,
57 "Flags": [
58 "O_SYNC"
59 ]
60 }
61 },
62 "SQLBackend": {
63 "File": "backend_sql.so",
64 "Run": "always",
65 "Filter": [
66 "1 1 EQ"
67 ],
68 "Config": {
69 "ConnectionPath": "/tmp/elos.sqlite"
70 }
71 },
72 "DLT": {
73 "File": "backend_dlt_logger.so",
74 "Run": "always",
75 "Filter": [
76 ".e.messageCode 1000 GE"
77 ],
78 "Config": {
79 "Connection": "/tmp/dlt",
80 "EcuId": "ECU1",
81 "AppId": "ELOS"
82 }
83 }
84 }
85 },
86 "Scanner": {
87 "Plugins": {
88 "OomKiller": {
89 "File": "scanner_oomkiller.so",
90 "Run": "always"
91 },
92 "SyslogScanner": {
93 "File": "scanner_syslog.so",
94 "Run": "always",
95 "Config": {
96 "SyslogPath": "/dev/log",
97 "MappingRules": {
98 "MessageCodes": {
99 "8004": ".event.source.appName 'sshd' STRCMP .e.payload r'authentication failure' REGEX AND",
100 "8005": ".event.source.appName 'sshd' STRCMP .e.payload r'Accepted password for' REGEX AND",
101 "1001": "1 1 EQ"
102 }
103 }
104 }
105 },
106 "KmsgScanner": {
107 "File": "scanner_kmsg.so",
108 "Run": "always",
109 "Config": {
110 "KmsgFile": "/dev/kmsg"
111 }
112 },
113 "Shmem": {
114 "File": "scanner_shmem.so",
115 "Run": "always",
116 "Config": {
117 "ShmemFile": "scanner_shmem",
118 "ShmemCreate": true,
119 "ShmemLogEntries": 256,
120 "ShmemOffset": 0,
121 "SemFile": "scanner_shmem_sem",
122 "SemCreate": true
123 }
124 }
125 }
126 }
127 }
128 }
129}
