From 997c139850924c67952f4715a5d26213491f1267 Mon Sep 17 00:00:00 2001 From: Birger Schacht Date: Tue, 6 Apr 2021 10:57:21 +0200 Subject: [PATCH] DOC: remove traces of the defaults.conf from documentation The default.conf file was removed and was replaced by a `global` setting in the runtime.conf. This commit updates the documentation accordingly. --- docs/dev/guide.rst | 1 - docs/user/ELK-Stack.rst | 2 +- docs/user/bots.rst | 2 +- docs/user/configuration-management.rst | 15 ++++++--------- 4 files changed, 8 insertions(+), 12 deletions(-) diff --git a/docs/dev/guide.rst b/docs/dev/guide.rst index c5ed6b8a4..2b224190c 100644 --- a/docs/dev/guide.rst +++ b/docs/dev/guide.rst @@ -232,7 +232,6 @@ Layout Rules /conf pipeline.conf runtime.conf - defaults.conf Assuming you want to create a bot for a new 'Abuse.ch' feed. It turns out that here it is necessary to create different parsers for the respective kind of events (e.g. malicious URLs). Therefore, the usual hierarchy ‘intelmq/bots/parser//parser.py’ would not be suitable because it is necessary to have more parsers for each Abuse.ch Feed. The solution is to use the same hierarchy with an additional "description" in the file name, separated by underscore. Also see the section *Directories and Files naming*. diff --git a/docs/user/ELK-Stack.rst b/docs/user/ELK-Stack.rst index 859899fe5..412aaef14 100644 --- a/docs/user/ELK-Stack.rst +++ b/docs/user/ELK-Stack.rst @@ -6,7 +6,7 @@ If you wish to run IntelMQ with ELK (Elasticsearch, Logstash, Kibana) it is enti Configuring IntelMQ for Logstash -------------------------------- -In order to pass IntelMQ events to Logstash we will utilize already installed Redis. Add a new Redis Output Bot to your pipeline. As the minimum fill in the following parameters: `bot-id`, `redis_server_ip` (can be hostname), `redis_server_port`, `redis_password` (if required, else set to empty!), `redis_queue` (name for the queue). Redis IP, port and password can be taken from `defaults.conf`. It is recommended to use a different `redis_db` parameter than used by the IntelMQ (specified in `defaults.conf` as `source_pipeline_db`, `destination_pipeline_db` and `statistics_database`). +In order to pass IntelMQ events to Logstash we will utilize already installed Redis. Add a new Redis Output Bot to your pipeline. As the minimum fill in the following parameters: `bot-id`, `redis_server_ip` (can be hostname), `redis_server_port`, `redis_password` (if required, else set to empty!), `redis_queue` (name for the queue). It is recommended to use a different `redis_db` parameter than used by the IntelMQ (specified as `source_pipeline_db`, `destination_pipeline_db` and `statistics_database`). Example values: diff --git a/docs/user/bots.rst b/docs/user/bots.rst index 2b56d6339..4d9c3a0c1 100644 --- a/docs/user/bots.rst +++ b/docs/user/bots.rst @@ -551,7 +551,7 @@ Empty strings and `null` as value for search parameters are ignored. **File downloads** -Attachments can be optionally unzipped, remote files are downloaded with the `http_*` settings applied (see `defaults.conf`). +Attachments can be optionally unzipped, remote files are downloaded with the `http_*` settings applied. If `url_regex` or `attachment_regex` are empty strings, false or null, they are ignored. diff --git a/docs/user/configuration-management.rst b/docs/user/configuration-management.rst index f1c580e27..3ee6f5724 100644 --- a/docs/user/configuration-management.rst +++ b/docs/user/configuration-management.rst @@ -51,7 +51,6 @@ All configuration files are in the JSON format. For new installations a default setup with some examples is provided by the `intelmqsetup` tool. If this is not the case, make sure the program was run (see installation instructions). -* ``defaults.conf``: default values for all bots and their behavior, e.g. error handling, log options and pipeline configuration. Will be :issue:`removed in the future <267>`. * ``runtime.conf``: Configuration for the individual bots. See :doc:`bots` for more details. * ``pipeline.conf``: Defines source and destination queues per bot (i.e. where does a bot get its data from, where does it send it to?). @@ -61,13 +60,11 @@ Use the IntelMQ Manager mentioned above to generate the configuration files if u In the shipped examples 4 collectors and parsers, 6 common experts and one output are configured. The default collector and the parser handle data from malware domain list, the file output bot writes all data to ``/opt/intelmq/var/lib/bots/file-output/events.txt``/``/var/lib/intelmq/bots/file-output/events.txt``. -******************************* -System Configuration (defaults) -******************************* - -All bots inherit the default configuration parameters and they can overwrite them using the same parameters in their respective configuration in the ``runtime.conf`` file. -You can set the parameters from ``defaults.conf`` per bot as well. The settings will take effect for running bots after the bot re-reads the configuration (restart or reload). +********************************* +Systemwide Configuration (global) +********************************* +All bots inherit the global configuration parameters in the ``runtime.conf`` and they can overwrite them using the same parameters in their individual configuration in the ``runtime.conf`` file. .. _configuration-logging: @@ -186,7 +183,7 @@ Create default config ``/etc/supervisor/conf.d/intelmq.conf`` and restart ``supe [group:intelmq] -Change IntelMQ process manager in the *defaults* configuration: +Change IntelMQ process manager in the *global* configuration: .. code-block:: @@ -298,7 +295,7 @@ The configuration and the differences are outlined here. Keep in mind that it is slower, but has better monitoring capabilities and is more stable. The AMQP support is considered beta, so small problems might occur. So far, only RabbitMQ as broker has been tested. -You can change the broker for single bots (set the parameters in the runtime configuration per bot) or for the whole botnet (in defaults configuration). +You can change the broker for single bots (set the parameters in the runtime configuration per bot) or for the whole botnet (using the global configuration). You need to set the parameter ``source_pipeline_broker``/``destination_pipeline_broker`` to ``amqp``. There are more parameters available: