[Settings]
version = 3
api_url = REPLACE_BASE_URL/sensors/entities/datafeed/v2
request_token_url = REPLACE_BASE_URL/oauth2/token
app_id = SIEM-Connector-v2.0.0
enable_correlation_id = false
format_floats_as_scientific = true
# API Client ID
client_id = REPLACE_CLIENT_ID
# API Client Secret
client_secret = REPLACE_CLIENT_SECRET
# Amount of time (in seconds) we will wait for a connect to complete.
connection_timeout = 10
# Amount of time to wait (in seconds) for a server's response headers after fully writing the request.
read_timeout = 30
# Specify partition number 0 to n or 'all' (without quote) for all partitions
partition = all
http_proxy =
# Output formats
# Supported formats are
# 1.syslog: will output syslog format with flat key=value pairs uses the mapping configuration below.
; Use syslog format if CEF/LEEF output is required.
# 2.json: will output raw json format received from FalconHose API (default)
output_format = syslog
# Will be true regardless if Syslog is not enabled
# If path does not exist or user has no permission, log file will be used
output_to_file = false
output_path = /var/log/crowdstrike/falconhoseclient/output
# Offset file full filepath and filename
offset_path = /var/log/crowdstrike/falconhoseclient/stream_offsets
[Output_File_Rotation]
# If the output is writing to a file, then the settings below will govern output file rotation
#
# If true, then the rotation rules will apply. If not, the client will continue to write to the same file.
rotate_file = true
# Maximum individual output file size in MB
max_size = 500
# Number of backups of the output file to be stored
max_backups = 10
# Maximum age of backup output files before it is deleted in DAYS
max_age = 30
[Logging]
verbose_log = true
# Maximum individual log file size in MB
max_size = 500
# Number of backups to be stored
max_backups = 10
# Maximum age of backup files before it is deleted in DAYS
max_age = 30
[Syslog]
send_to_syslog_server = true
host = REPLACE_SYSLOG_HOST
port = REPLACE_SYSLOG_PORT
protocol = tcp