admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8f140a2132'
${ noResults }
Deploiement_Server/deployment-apps/appcontentmanager/lib/slim/config/conf-specs/audit.conf.spec

53 lines
2.4 KiB
Raw Blame History

@placement indexer, forwarder
# Version 20170103
#
# This file contains possible attributes and values you can use to configure
# auditing and event signing in audit.conf.
#
# There is NO DEFAULT audit.conf. To set custom configurations, place an
# audit.conf in $SPLUNK_HOME/etc/system/local/. For examples, see
# audit.conf.example. You must restart Splunk to enable configurations.
#
# To learn more about configuration files (including precedence) please see the
# documentation located at
# http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
# GLOBAL SETTINGS
# Use the [default] stanza to define any global settings.
# * You can also define global settings outside of any stanza, at the top of the file.
# * Each conf file should have at most one default stanza. If there are
# multiple default stanzas, attributes are combined. In the case of multiple
# definitions of the same attribute, the last definition in the file wins.
# * If an attribute is defined at both the global level and in a specific
# stanza, the value in the specific stanza takes precedence.
#########################################################################################
# KEYS: specify your public and private keys for encryption.
#########################################################################################
[auditTrail]
* This stanza turns on cryptographic signing for audit trail events (set in inputs.conf).
* You must have a private key to encrypt the signatures and a public key to
decrypt them.
* WARNING: Enabling signing for audit trail events may increase HTTP response latency if
the Splunk instance is handling large numbers of concurrent requests.
privateKey= <path>
* The path to the file containing the private key.
* Generate your own keys using openssl in $SPLUNK_HOME/bin/.
* If not present, a default key will be generated one time and placed at
$SPLUNK_HOME/etc/auth/audit/private.pem
publicKey= <path>
* The path to the file containing the public key.
* Generate your own keys using openssl in $SPLUNK_HOME/bin/.
* If not present, a default key will be generated one time and placed at
$SPLUNK_HOME/etc/auth/audit/public.pem
queueing=[true|false]
* Turn off sending audit events to the indexQueue -- tail the audit events
instead.
* If this is set to 'false', you MUST add an inputs.conf stanza to tail the
audit log in order to have the events reach your index.
* Defaults to true.
Reference in new issue View Git Blame Copy Permalink