hypr-audit-trail() and hypr-app-audit-trail() source options
The hypr-audit-trail() and hypr-app-audit-trail() sources have the following options:
chain-hostname()
| Type: | yes, no |
| Default: | no |
Description: This option can be used to enable or disable the chained hostname format. For more information, see the chain-hostnames() global option.
url()
| Type: | url |
| Default: |
Description: A custom URL for Hypr API access (“https://<custom domain>.hypr.com”)
bearer-token()
| Type: | token |
| Default: |
Description: The base64 encoded authentication token from Hypr.
format()
| Synopsis: | format(string) |
| Default: | syslog |
Description: This option specifies the default message parsing format used by syslog-ng OSE.
Plugins can define their own format parsers; if a plugin does not provide one, the default syslog format parser is used.
You can also define and explicitly use a custom parser separately, for example, in Python. For more information, see syslog parser.
internal()
Description: To collect warnings, errors and notices from syslog-ng OSE itself, include this source in one of your source statements.
Example format in configuration:
source s_local { internal(); };
For more details, see internal: Collecting internal messages.
page-size()
| Type: | number |
| Default: | 100 |
Description: Defines the number of results to return in a single page (optional).
initial-hours()
| Type: | number(hours) |
| Default: | 4 |
Description: Defines the number of hours to search backward on initial fetch (optional).
application-skip-list()
| Type: | rpAppId list |
| Default: | HYPRDefaultApplication, HYPRDefaultWorkstationApplication |
Description: The list of rpAppIds not to retrieve from Hypr (optional).
log-level()
| Type: | string |
| Default: | INFO |
The following values are available for log-level():
DEBUGINFOWARNINGERRORCRITICAL
flags()
| Type: | string |
| Default: |
Description: The flags passed to the source, can be used for example to disable message parsing with flags(no-parse) (optional).
ignore-persistence()
| Type: | boolean |
| Default: | no |
Description: This option can be set to ignore the saved value in the persist file, and start querying from the current time (optional).
normalize-hostnames()
| Type: | yes, no |
| Default: | no |
Description: If this option is set to yes (normalize-hostnames(yes)), syslog-ng OSE converts the hostnames to lowercase. This setting only applies to hostnames resolved from DNS. It has no effect if the keep-hostname() option is enabled, and the message contains a hostname.
| Accepted values: | yes | no|
|Default: |no|
NOTE: This setting applies only to hostnames resolved from DNS. It has no effect if the keep-hostname() option is enabled, and the message contains a hostname.
sdata-prefix()
| Type: | string |
| Default: | .SDATA. |
Available in syslog-ng OSE 4.1 and later versions.
Description: Adds a specific string before the names of the parsed SDATA fields to store the name-value pairs created from the SDATA fields separately. Note that unless the value of sdata-prefix starts with .SDATA., using this option excludes the parsed fields from the sdata and rfc5424 scopes of the value pairs.
use-syslogng-pid()
| Accepted values: | yes, no |
| Default: | no |
Description: If this parameter is set to yes, syslog-ng OSE fills the value of the ${PID} macro with its own process ID.