Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document device.listen_addr and Handling Twisted Web Logs #349

Merged
merged 1 commit into from
Mar 24, 2024
Merged

Document device.listen_addr and Handling Twisted Web Logs #349

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 15 additions & 2 deletions docs/starting/configuration.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,8 +116,10 @@ You can also head over to Email Alerts for more **SMTP** options that require au

You may want to look through some other python logging options over at `PyLogger page <https://docs.python.org/2/library/logging.handlers.html>`_.

We have provided you with two different formatters. One is the plain message with incident information; the other is the Syslog RFC format. We have
already added it to the `syslog-unix` handler for your convenience.
We have provided you with two different formatters. One is the plain message with incident information; the other is the Syslog RFC format. We have already added it to the `syslog-unix` handler for your convenience.

The Twisted Web server `twistd` that OpenCanary uses to provide HTTP services is not affected by these logging options and will log HTTP requests regardless of your configuration, as it is launched with the `--syslog` parameter in `bin/opencanaryd`. This can be undesirable
in some scenarios like when a SIEM is collecting the syslog *and* a ``RotatingFileHandler`` output by OpenCanary and can be mitigated with an rsyslog config like ``if $programname == 'opencanaryd' and ($msg contains 'GET ' or $msg contains 'POST ') then stop``

Environment Variables
---------------------
Expand Down Expand Up @@ -286,4 +288,15 @@ you will receive a json formatted config file at `/etc/opencanary/opencanary.con
"vnc.port":5000
}

Other Configuration Options
---------------------------

These configuration options aren't present in the default config file but may be added.

+------------------------+-----------+---------------------------------------------------------------------------+
| Option Key | Default | Description |
+========================+===========+===========================================================================+
| device.listen_addr | "" | Controls which IP interface the Git, RDP, Redis, and VNC modules bind to. |
+------------------------+-----------+---------------------------------------------------------------------------+

Should you have any other questions regarding configuration or setup, please do not hesitate to contact us on `GitHub <https://github.com/thinkst/opencanary>`_.