gcp-bucket
This configuration section is used to configure the Google Cloud Storage bucket module.
Options
Main options
Scheduling options
enabled
This indicates if the module is enabled or disabled.
Default value |
n/a |
Allowed values |
yes, no |
logging
Deprecated since version 4.4.
This option has no effect. The module now uses the wazuh_modules.debug level to set its logging level.
bucket type
Defines a bucket to process. It must have its type
attribute defined. It supports multiple instances of this option.
Bucket options
type
Specifies the type of bucket. It is an attribute of the bucket
tag.
Default value |
N/A |
Allowed values |
access_logs |
bucket\name
Name of the Google Cloud Storage bucket from where logs are read.
Default value |
N/A |
Allowed values |
Any valid bucket name |
bucket\credentials_file
This setting specifies the path to the Google Cloud credentials file in JW Tokens. It allows both relative (to $HOME_INSTALLATION) and absolute paths.
Default value |
n/a |
Allowed values |
Any path to a credentials file |
For example <credentials_file>wodles/gcp-bucket/credentials.json</credentials_file>
.
bucket\path
If defined, the path or prefix for the bucket.
Default value |
N/A |
Allowed values |
Valid path |
bucket\only_logs_after
A valid date, in YYYY-MMM-DD format. Only logs from that date onwards will be parsed.
Default value |
Date of execution at |
Allowed values |
Valid date |
bucket\remove_from_bucket
Define if logs from the Google Cloud Storage bucket should be removed after they are read by the module.
Default value |
no |
Allowed values |
yes, no |
run_on_start
Trigger the module in case the Wazuh service starts or restarts.
Default value |
yes |
Allowed values |
yes, no |
interval
The interval between module executions.
Default value |
1h |
Allowed values |
A positive number that should contain a suffix character indicating a time unit, such as s (seconds), m (minutes), h (hours), d (days), w (weeks), M (months) |
day
Day of the month to run the script to fetch logs from GCP.
Default value |
n/a |
Allowed values |
Day of the month [1..31] |
Note
When the day
option is set, the interval value must be a multiple of months. By default, the interval is set to a month.
wday
Day of the week to run the script to fetch logs. This option is not compatible with the day
option.
Default value |
n/a |
Allowed values |
|
Note
When the wday
option is set, the interval value must be a multiple of weeks. By default, the interval is set to a week.
time
Time of the day to retrieve logs from GCP. It has to be represented in the format hh:mm. This option is compatible with day
or wday
options.
Default value |
n/a |
Allowed values |
Time of day [hh:mm] |
Note
When only the time
option is set, the interval value must be a multiple of days or weeks. By default, the interval is set to a day.
Configuration example
Linux configuration:
<gcp-bucket>
<run_on_start>yes</run_on_start>
<interval>1m</interval>
<project_id>wazuh-dev</project_id>
<subscription_name>wazuhdns</subscription_name>
<credentials_file>wodles/gcp-bucket/credentials.json</credentials_file>
</gcp-bucket>