Darwin configuration

Description

The configuration file is JSON formatted and contains the filters information. Each entry in the JSON object represents a filter.

Parameters

Each parameters are mandatory:

exec_path : the path to the filter
config_file : the path for the filter's configuration
next_filter : the next_filter called after this one, if the filter is called in both or darwin mode.
nb_thread : the number of thread used by the filter
output : which body the filter will send to the next filter. You can have :
- RAW : body received by the filter
- PARSED : body received by the filter after been parsed
- LOG : filter's result under log form (json)
- NONE : no body send
log_level : which level of log you want to have. You can have :
- DEBUG
- INFO
- CRITICAL
- ERROR

Example

Darwin configuration MUST be formatted as follow:

{
  "session_1": {
    "exec_path": "/home/darwin/filters/darwin_session",
    "config_file": "/var/sockets/redis/redis.sock",
    "next_filter": "logs_1",
    "output": "LOG",
    "cache_size": 0,
    "nb_thread": 5,
    "log_level": "DEBUG"
  },
  "user_agent_1": {
    "exec_path": "/home/darwin/filters/darwin_user_agent",
    "config_file": "/home/darwin/conf/fuseragent/fuseragent.conf",
    "next_filter": "logs_1",
    "output": "LOG",
    "cache_size": 0,
    "nb_thread": 5,
    "log_level": "DEBUG"
  },
  "dga_1": {
    "exec_path": "/home/darwin/filters/darwin_dga",
    "config_file": "/home/darwin/conf/fdga/fdga.conf",
    "next_filter": "logs_1",
    "output": "LOG",
    "cache_size": 0,
    "nb_thread": 5,
    "log_level": "DEBUG"
  },
  "anomaly_1": {
    "exec_path": "/home/darwin/filters/darwin_anomaly",
    "config_file": "/home/darwin/conf/fanomaly/fanomaly.conf",
    "next_filter": "logs_1",
    "output": "LOG",
    "cache_size": 0,
    "nb_thread": 5,
    "log_level": "DEBUG"
  },
  "logs_1": {
    "exec_path": "/home/darwin/filters/darwin_logs",
    "config_file": "/home/darwin/conf/flogs/flogs.conf",
    "next_filter": "end_1",
    "output": "NONE",
    "cache_size": 0,
    "nb_thread": 5,
    "log_level": "DEBUG"
  },
  "end_1": {
    "exec_path": "/home/darwin/filters/darwin_end",
    "config_file": "/var/sockets/redis/redis.sock",
    "next_filter": "",
    "output": "NONE",
    "cache_size": 0,
    "nb_thread": 5,
    "log_level": "DEBUG"
  },
  "ftanomaly_1": {
    "exec_path": "/home/darwin/filters/darwin_tanomaly",
    "config_file": "/home/darwin/conf/ftanomaly/ftanomaly.conf",
    "next_filter": "",
    "output": "NONE",
    "cache_size": 0,
    "nb_thread": 5,
    "log_level": "DEBUG"
  }
}

Home
Darwin Configuration
Connect to Darwin with Python
Management Socket
Alert Format
Statistics
Rsyslog Configuration
Workflow
Automated Testing
Unit Testing
Available Docker images
Filters
- Template
- Anomaly
- Buffer
- Connection
- Content Inspection
- DGA
- HostLookup
- Sofa
- TAnomaly
- Test
- Yara
- (Coming) Session
- (Obsolete) End
- (Obsolete) Logs
- (Obsolete) Reputation
Tools
- Reconciler
HAproxy
- General Configuration
- SPOE Data
Contributions

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Darwin configuration

Description

Parameters

Example

Clone this wiki locally