-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathconfig.yaml
More file actions
83 lines (73 loc) · 2.37 KB
/
Copy pathconfig.yaml
File metadata and controls
83 lines (73 loc) · 2.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# LegacyTel Agent Production Configuration
agent:
id: "legacytel-hq-01"
name: "mainframe-observability-forwarder"
environment: "production"
region: "us-east-1"
server:
host: "0.0.0.0"
port: 8080
enable_dashboard: true
receivers:
zos_smf:
enabled: true
bind_address: "0.0.0.0"
port: 5080
format: "binary" # binary (raw SMF) or tcp-syslog
charset: "ebcdic"
# Encryption in transit configuration
tls_enabled: false
cert_file: "/etc/legacytel/certs/zos_server.crt"
key_file: "/etc/legacytel/certs/zos_server.key"
client_ca_file: "/etc/legacytel/certs/mainframe_ca.crt" # Set to enable mutual TLS (mTLS)
as400_qaudjrn:
enabled: true
bind_address: "0.0.0.0"
port: 5081
format: "type5" # DB2 or TCP stream type5
charset: "ebcdic"
# Encryption in transit configuration
tls_enabled: false
cert_file: "/etc/legacytel/certs/as400_server.crt"
key_file: "/etc/legacytel/certs/as400_server.key"
client_ca_file: "/etc/legacytel/certs/iseries_ca.crt" # Set to enable mutual TLS (mTLS)
tandem_ems:
enabled: true
bind_address: "0.0.0.0"
port: 5082
format: "ems-binary" # binary or text
charset: "ascii"
# Encryption in transit configuration
tls_enabled: false
cert_file: "/etc/legacytel/certs/ems_server.crt"
key_file: "/etc/legacytel/certs/ems_server.key"
client_ca_file: "/etc/legacytel/certs/nonstop_ca.crt" # Set to enable mutual TLS (mTLS)"
exporters:
otlp_http:
enabled: true
endpoint: "http://localhost:4318/v1/logs"
timeout_ms: 5000
headers:
Authorization: "Bearer otel-secret-token"
syslog:
enabled: true
network: "tcp" # tcp or udp
endpoint: "localhost:514" # Target port for your generic SIEM (Sentinel, Elastic, QRadar, etc.)
format: "cef" # cef (Common Event Format), leef (Log Event Extended Format), or rfc5424 (Standard Syslog)
splunk_hec:
enabled: false # Disabled by default to focus on open OTLP & CEF/LEEF standards
endpoint: "http://localhost:8088/services/collector"
token: "splunk-hec-token-1234-5678"
index: "mainframe_security"
source: "legacytel"
sourcetype: "_json"
tls:
insecure_skip_verify: true
processors:
batch:
max_queue_size: 10000
timeout_ms: 1000
send_batch_size: 512
taxonomy_mapping:
override_severity: true
default_index: "mainframe_security"