.. versionadded:: 3.13.0
XML section name
<gcp-pubsub>
</gcp-pubsub>
This configuration section is used to configure the Google Cloud Pub/Sub module.
This indicates if the module is enabled or disabled.
Default value | n/a |
Allowed values | yes, no |
This tag indicates the Google Cloud project ID.
Default value | n/a |
Allowed values | Any string indicating the project ID |
For example <project_id>wazuh-dev</project_id>
.
This string specifies the name of the subscription to read from.
Default value | n/a |
Allowed values | Any string |
For example <subscription_name>wazuh-name</subscription_name>
.
This setting specifies the path to the Google Cloud credentials file in JW Tokens. Allows both relative (to $HOME_INSTALLATION) and absolute paths.
Default value | n/a |
Allowed values | Any path to a credentials file |
For example <credentials_file>wodles/gcp-pubsub/credentials.json</credentials_file>
.
Number of maximum messages pulled in each iteration.
Default value | 100 |
Allowed values | Any integer |
Toggle between the different logging levels.
Default value | info |
Allowed values | disabled/info/debug/warning/error/critical |
Trigger the pulling in case of an agent start or restart.
Default value | yes |
Allowed values | yes, no |
Interval between module executions.
Default value | 1h |
Allowed values | A positive number that should contain a suffix character indicating a time unit, such as, s (seconds), m (minutes), h (hours), d (days), w (weeks), M (months) |
Day of the month to run the fetch logs from GCP.
Default value | n/a |
Allowed values | Day of the month [1..31] |
Note
When the day
option is set, the interval value must be a multiple of months. By default, the interval is set to a month.
Day of the week to run the script to fetch logs. This option is not compatible with the day
option.
Default value | n/a |
Allowed values |
|
Note
When the wday
option is set, the interval value must be a multiple of weeks. By default, the interval is set to a week.
Time of the day to retrieve logs from GCP. It has to be represented in the format hh:mm. This option is compatible with day
or wday
options.
Default value | n/a |
Allowed values | Time of day [hh:mm] |
Note
When only the time
option is set, the interval value must be a multiple of days or weeks. By default, the interval is set to a day.
Linux configuration:
<gcp-pubsub>
<pull_on_start>yes</pull_on_start>
<interval>1m</interval>
<project_id>wazuh-dev</project_id>
<subscription_name>wazuhdns</subscription_name>
<logging>debug</logging>
<credentials_file>wodles/gcp-pubsub/credentials.json</credentials_file>
</gcp-pubsub>