Destination, type nats-jetstream

Destinations of the nats-jetstream type are used for communication through NATS. Settings for a destination of the nats-jetstream type are described in the following tables.

Basic settings tab

Setting

Description

Name

Unique name of the resource. Maximum length of the name: 128 Unicode characters.

Required setting.

Tenant

The name of the tenant that owns the resource.

Required setting.

State

Events must be sent to the destination.

The toggle switch is turned off by default.

 

Type

Type of the destination. You need to select nats-jetstream.

Required setting.

URL

URL that you want to connect to.

Required setting.

Topic

The topic of NATS messages. You need to specify a Unicode string.

Required setting.

Delimiter

The character that marks the boundary between events. Available values:

  • \n
  • \t
  • \0

If you do not select a value, \n is selected by default.

Authorization

Type of authorization when connecting to the specified URL. Possible values:

  • disabled. The default value.
  • plain. If this option is selected, you must indicate the secret containing user account credentials for authorization when connecting to the destination.

    How to add a secret?

Description

Description of the resource. Maximum length of the description: 4000 Unicode characters.

Advanced settings tab

Setting

Description

Compression

Using Snappy compression. Available values:

  • Disabled. The default value.
  • Use Snappy.

Buffer size

Destination buffer size in bytes for accumulating events in the RAM of the server before sending sending them for further processing or storage. The value must be a positive integer. Default desination buffer size: 1,048,576 bytes (1 MB). Maximum destination buffer size: 67,108,864 bytes (64 MB).

Disk buffer size limit

Size of the destination disk buffer in bytes. The default value is 10 GB.

Cluster ID

ID of the NATS cluster.

Output format

Format for sending events to an external destination. Available values:

  • JSON.
  • CEF. If this value is selected, the transmitted events contain the CEF header and only non-empty fields.

TLS mode

TLS encryption mode. Available values:

  • Disabled means TLS encryption is not used. The default value.
  • Enabled means TLS encryption is used, but certificates are not verified.
  • With verification means TLS encryption is used with verification of the certificate signed with the KUMA root certificate. The root certificate and key of KUMA are created automatically during application installation and are stored on the KUMA Core server in the folder /opt/kaspersky/kuma/core/certificates/.
  • Custom CA means TLS encryption is used with verification that the certificate was signed by a Certificate Authority. If you select this value, from the Custom CA drop-down list, select a secret with a certificate signed by the CA.

    How to create a certificate signed by a Certificate Authority?

    To use KUMA certificates on third-party devices, you must change the certificate file extension from CERT to CRT. Otherwise, you can get the x509: certificate signed by unknown authority error.

    When using TLS encryption, you cannot specify an IP address as the URL.

Delimiter

In the drop-down list, you can select the character to mark the boundary between events. By default, \n is used.

Buffer flush interval

Interval (in seconds) for sending data to the destination. The default value is 1 second.

Number of handlers

Number of handlers that the service can run simultaneously to process response rules in parallel. By default, this value is equal to the number of vCPUs of the KUMA Core server.

Debug

Resource logging. The toggle switch is turned off by default.

Disk buffer disabled

Whether a disk buffer is used. By default, the disk buffer is enabled.

The disk buffer is used if the collector cannot send normalized events to the destination. The amount of allocated disk space is limited by the value specified in the Disk buffer size limit field.

If the disk space allocated for the disk buffer is exhausted, events are rotated as follows: new events replace the oldest events written to the buffer.

Filter

Conditions for determining which events must be processed by the resource. You can select an existing filter or create a filter.

How to create a filter?

Page top