Skip to content

Configuration

lmio-lookupbuilder

LogMan.io Lookup Builder takes generic lookup contents from Elasticsearch and lookup declarations from Library and builds lookup binary files. The lookup binary files are then used by other microservices such as LogMan.io Parsec, LogMan.io Correlator, etc.

LogMan.io Lookup Builder has the following dependencies:

  • Elasticsearch
  • Zookeeper
  • Library
  • Tenants to build lookups for

Docker Compose

  lmio-lookupbuilder:
    network_mode: host
    image: docker.teskalabs.com/lmio/lmio-lookupbuilder:VERSION
    volumes:
      - ./lmio-lookupbuilder:/conf
      - /data/ssd/lookups:/lookups
    restart: always
    logging:
      options:
        max-size: 10m

Configuration file

This is the most basic required configuration:

[tenants]
ids=mytenant

[elasticsearch]
url=http://es01:9200/
username=MYUSERNAME
password=MYPASSWORD

[zookeeper]
servers=zookeeper-1:2181,zookeeper-2:2181,zookeeper-3:2181

[library]
providers=zk:///library

Alternatively, instead of specifying tenant ids directly you can add all tenants from the LogMan.io cluster with the following configuration:

[tenants]
tenant_url=http://<SEACAT_AUTH_NODE>:3081/tenant

Replace <SEACAT_AUTH_NODE> with the hostname where SeaCat Auth service runs.

lmio-ipaddrproc

LogMan.io IP Address Processor takes IP adress lookup contents from Elasticsearch and lookup declarations from the Library and builds IP lookup binary files. The IP lookup binary files are then used by other microservices such as LogMan.io Parsec, LogMan.io Correlator, etc. It also downloads built-in lookups from Azure storage from the internet.

LogMan.io IP Address Processor has the following dependencies:

  • ElasticSearch
  • Zookeeper
  • Library
  • Tenants to build lookups for

Docker Compose

  lmio-ipaddrproc:
    network_mode: host
    image: docker.teskalabs.com/lmio/lmio-ipaddrproc:VERSION
    volumes:
      - ./lmio-ipaddrproc:/conf
      - /data/ssd/lookups:/lookups
    restart: always
    logging:
      options:
        max-size: 10m

Configuration file

This is the most basic required configuration:

[tenants]
ids=mytenant

[elasticsearch]
url=http://es01:9200/
username=MYUSERNAME
password=MYPASSWORD

[zookeeper]
servers=zookeeper-1:2181,zookeeper-2:2181,zookeeper-3:2181

[zookeeper]
servers=zookeeper-1:2181,zookeeper-2:2181,zookeeper-3:2181

[library]
providers=zk:///library

Alternatively, instead of specifying tenant ids directly you can add all tenants from the LogMan.io cluster with the following configuration:

[tenants]
tenant_url=http://<SEACAT_AUTH_NODE>:3081/tenant

Replace <SEACAT_AUTH_NODE> with the hostname where SeaCat Auth service runs.