Settings for a connector of the nats-jetstream type are described in the following tables.
Basic settings tab
Setting
Description
Name
Unique name of the resource. Maximum length of the name: 128 Unicode characters.
Required setting.
Tenant
The name of the tenant that owns the resource.
Required setting.
Type
Connector type. You need select nats-jetstream.
Required setting.
URL
URL that you want to connect to.
Required setting.
Topic
The topic of NATS messages. You need to specify a Unicode string.
Required setting.
Delimiter
The character that marks the boundary between events. Available values:
\n
\t
\0
If you do not select a value, \n is selected by default.
Description
Description of the resource. Maximum length of the description: 4000 Unicode characters.
Advanced settings tab
Setting
Description
Buffer size
Connector buffer size in bytes for accumulating events in the RAM of the server before sending sending them for further processing or storage. The value must be a positive integer. Default connector buffer size: 1,048,576 bytes (1 MB). Maximum connector buffer size: 67,108,864 bytes (64 MB).
GroupID.
The GroupID parameter for NATS messages. Maximum length of the parameter: 255 Unicode characters. The default value is default.
Number of handlers
Number of handlers that the service can run simultaneously to process response rules in parallel. To determine the number of handlers, you can use the following formula: (<number of CPUs> / 2) + 2.
Character encoding
Character encoding. The default value is UTF-8.
Cluster ID
ID of the NATS cluster.
TLS mode
TLS encryption mode. Available values:
Disabled means TLS encryption is not used. The default value.
Enabled means TLS encryption is used, but certificates are not verified.
With verification means TLS encryption is used with verification of the certificate signed with the KUMA root certificate. The root certificate and key of KUMA are created automatically during application installation and are stored on the KUMA Core server in the folder /opt/kaspersky/kuma/core/certificates/.
Custom CA means TLS encryption is used with verification that the certificate was signed by a Certificate Authority. If you select this value, from the Custom CA drop-down list, select a secret with a certificate signed by the CA.
You can create a CA-signed certificate on the KUMA Core server (the following command examples use OpenSSL).
To create a certificate signed by a Certificate Authority:
Generate a key to be used by the Certificate Authority, for example:
openssl genrsa -out ca.key 2048
Create a certificate for the generated key, for example:
openssl req -new -x509 -days 365 -key ca.key -subj "/CN=<common host name of Certificate Authority>" -out ca.crt
Create a private key and a request to have it signed by the Certificate Authority, for example:
openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/CN=<common host name of KUMA server>" -out server.csr
Create the certificate signed by the Certificate Authority. You need to include the domain names or IP addresses of the server for which you are creating the certificate in the subjectAltName variable, for example:
Upload the generated server.crt certificate to the KUMA web interface into a secret of the certificate type, then select the secret of the certificate type in the Custom CA drop-down list.
To use KUMA certificates on third-party devices, you must change the certificate file extension from CERT to CRT. Otherwise, you can get the x509: certificate signed by unknown authority error.
When using TLS encryption, you cannot specify an IP address as the URL.