Security log configuration

User configuration of the security logging system is defined in the following file:

/etc/saymon/logger.json

Categories

{
  "categories": {
    "Default": "Info",
    "MyActor": "Error",
    "MyOtherActor": "Debug"
  }
  ...
}
Section/Parameter Description

categories.<category-name>

Minimal log level for this category.

There is a special logging category, "Default", that defines the default log level.

Possible log levels:

  • "Silent",

  • "Info",

  • "Warn",

  • "Error",

  • "Debug"

Channels

This section allows you to define log channel settings.

You can define multiple transport modules for each channel for simultaneous delivery in multiple log storage systems.

channels {
    ...
    "session": [
      //Send logs to the server via UDP
      {
        "type": "udp",
        "options": {
          "server": "localhost:514"
        }
      },

      // Send logs to Kafka
      {
        "type": "kafka",
        "options": {
          "server": "localhost:9092",
          "topic": "LOG_SESSION"
        }
      }
    ],
    ...
}
By default, the system has a default channel. You don’t need to specify its settings in the configuration file, unless you want to override its default behavior (sending events to the console).
Section/Parameter Description

channels.<channel-name>.type

Transport module type. Possible types:

channels.<channel-name>.options

Transport module configuration. Depends on its type.

common

"common": {
  "resolveRemoteIp": true
},
Section/Parameter Description

common.resolveRemoteIp

If this parameter is set to true, the system will use DNS to automatically detect the client name and include it in the Security log.

Enabling this parameter can affect performance of the logging system, so it should only be enabled in special cases. By default this functionality is disabled.

UDP

Section/Parameter Description

options.server

UDP server address .

System accepts the following address formats:

  • <ip-address|hostname>:<port>

  • <ip-address|hostname>

  • <port>

Kafka

Section/Parameter Description

options.server

Kafka server address.

System accepts the following address formats:

  • <ip-address|hostname>:<port>

  • <ip-address|hostname>

  • <port>

options.topic

Kafka topic, where the events are sent.

Console

Section/Parameter Description

options.level

Minimal log level that is shown in the console output. By default – 'debug'

options.stderrLevels

List of log levels that need to output in stderr, and not in stdout. For example ['error', 'debug', 'info']. By default, the list is empty.

options.colorize

Colorize log levels in the output. By default – false.

options.prettyPrint

Format the console output. By default – true.