HTTP
This module allows the Security Engine
to acquire logs from an HTTP endpoint.
Configuration examples
To receive logs from an HTTP endpoint with basic auth:
source: http
listen_addr: 127.0.0.1:8081
path: /test
auth_type: basic_auth
basic_auth:
username: test
password: test
labels:
type: mytype
To receive logs from an HTTP endpoint with headers:
source: http
listen_addr: 127.0.0.1:8081
path: /test
auth_type: headers
headers:
MyHeader: MyValue
labels:
type: mytype
To receive logs from an HTTP endpoint with TLS and headers:
source: http
listen_addr: 127.0.0.1:8081
path: /test
auth_type: headers
headers:
MyHeader: MyValue
tls:
server_cert: server.crt
server_key: server.key
labels:
type: mytype
To receive logs from an HTTP endpoint with mTLS:
source: http
listen_addr: 127.0.0.1:8081
path: /test
auth_type: mtls
tls:
server_cert: server.crt
server_key: server.key
ca_cert: ca.crt
labels:
type: mytype
If most of cases when the logs are sent in JSON format, you can use the transform
expression to parse the logs.
For example, if the logs are sent in the following format:
{
"Records": [
{
"message": "test",
"timestamp": "2021-01-01T00:00:00Z"
}
]
}
the transform
expression can be:
transform: map(JsonExtractSlice(evt.Line.Raw, "Records"), ToJsonString(#))
Look at the configuration parameters
to view all supported options.
Parameters
listen_addr
The address to listen on (e.g., 127.0.0.1:8088
).
Required.
path
The endpoint path to listen on.
The request method is always POST
.
Optional, default is /
.
auth_type
The authentication type to use.
Can be basic_auth
, headers
, or mtls
.
Required.
basic_auth
The basic auth credentials.
basic_auth.username
The basic auth username.
Optional, to use when auth_type
is basic_auth
.
basic_auth.password
The basic auth password.
Optional, to use when auth_type
is basic_auth
.
headers
The headers to send.
Optional, to use when auth_type
is headers
.
tls
TLS configuration.
tls.server_cert
The server certificate path.
Optional, to use when auth_type
is mtls
.
tls.server_key
The server key path.
Optional, to use when auth_type
is mtls
.
tls.ca_cert
The CA certificate path.
Optional, to use when auth_type
is mtls
.
custom_status_code
The custom status code to return.
Optional.
custom_headers
The custom headers to return.
Optional.
max_body_size
The maximum body size to accept.
Optional.
timeout
The timeout to read the body.
The timeout is in duration format, e.g., 5s
.
Optional.
DSN and command-line
This datasource does not support acquisition from the command line.