Configuration¶

LogMan.io Lookup Builder¶

LogMan.io Lookup Builder takes generic lookup contents from Elasticsearch and lookup declarations from Library and builds lookup binary files. The lookup binary files are then used by other microservices such as LogMan.io Parsec, LogMan.io Correlator, etc.

Dependencies¶

LogMan.io Lookup Builder has the following dependencies:

Elasticsearch
Zookeeper
Library
Tenants to build lookups for

Model¶

To start the application, include it in model and click on Apply button.

/Site/model.yaml

define:
  type: rc/model

services:
  lmio-lookupbuilder:
    - <node>  # Replace with name of the node

Docker Compose¶

  lmio-lookupbuilder:
    network_mode: host
    image: docker.teskalabs.com/lmio/lmio-lookupbuilder:VERSION
    volumes:
      - ./lmio-lookupbuilder:/conf
      - /data/ssd/lookups:/lookups
    restart: always
    logging:
      options:
        max-size: 10m

Configuration file¶

This is the most basic required configuration:

[tenants]
ids=mytenant

[elasticsearch]
url=http://es01:9200/
username=MYUSERNAME
password=MYPASSWORD

[zookeeper]
servers=zookeeper-1:2181,zookeeper-2:2181,zookeeper-3:2181

[library]
providers=zk:///library

Alternatively, instead of specifying tenant ids directly you can add all tenants from the LogMan.io cluster with the following configuration:

[tenants]
tenant_url=http://<SEACAT_AUTH_NODE>:3081/tenant

Replace <SEACAT_AUTH_NODE> with the hostname where SeaCat Auth service runs.

LogMan.io IP Address Processor¶

LogMan.io IP Address Processor takes IP address lookup contents from Elasticsearch and lookup declarations from the Library and builds IP lookup binary files. The IP lookup binary files are then used by other microservices such as LogMan.io Parsec, LogMan.io Correlator, etc. It also downloads built-in lookups from Azure storage from the internet.