Configuring Balancer

Support

Support for business applications

Kaspersky CyberTrace

Administrator guides

Using Kaspersky CyberTrace in High Availability mode

Configuring Balancer

April 11, 2024

ID 214597

The parameters of Balancer are specified in the kl_balancer.conf configuration file included in the distribution kit. kl_balancer.conf is an XML file that contains the parameters described in the table below.

Configuration file parameters

Parameter	Description
`Balancer`	Specifies the address for connection to Balancer. The value can be an IPv4 address, an IPv6 address, or a host name. The following parameters must be specified: `matching_port`—The port on which Balancer receives incoming events. The range of values for this parameter is from `1` to `65535`. This parameter is mandatory. `api_port`—The port on which Balancer accepts API requests. The range of values for this parameter is from `1` to `65535`. This parameter is mandatory. `cybertrace_port`—The port on which Balancer receives alert events from Kaspersky CyberTrace instances. The range of values for this parameter is from `1` to `65535`. This parameter is mandatory. `scanners_count`—The maximum number of simultaneous connections. The range of values for this parameter is from `1` to `100`. This parameter is mandatory. This element is mandatory. The configuration file can contain only one `Balancer` element.
`EventDelimiter`	The regular expression that defines the delimiter for events. This element is optional. If an event contains newline characters (`\n`), such an event will be split by using both the value of this element and newline characters as event delimiters.
`SSLCertificatePath`	The path to the PEM-formatted certificate for HTTPS connections. This element can contain an absolute or a relative path. If a relative path is specified, it is calculated relative to the Balancer binary file. This parameter is optional. The default value is: On Windows systems: `..\httpsrv\kl_feed_service_cert.pem`. On Linux systems: `../httpsrv/kl_feed_service_cert.pem`. Update the value of this element if Balancer is deployed on a computer without Kaspersky CyberTrace.
`SSLPrivateKeyPath`	The path to the PEM-formatted private key for HTTPS connections. This element can contain an absolute or a relative path. If a relative path is specified, it is calculated relative to the Balancer binary file. This parameter is optional. The default value is: On Windows systems: `..\httpsrv\kl_feed_service_private.pem`. On Linux systems: `../httpsrv/kl_feed_service_private.pem`. Update the value of this element if Balancer is deployed on a computer without Kaspersky CyberTrace.
`LicenseDirPath`	The path to the directory with a license key file. This element can contain an absolute or a relative path. If a relative path is specified, it is calculated relative to the Balancer binary file. This parameter is optional. The default value is: On Windows systems: `..\httpsrv\lic`. On Linux systems: `../httpsrv/lic`. Update the value of this element if Balancer is deployed on a computer without Kaspersky CyberTrace.
`CertDirPath`	The path to the directory with the CyberTrace reference certificates. This element can contain an absolute or a relative path. If a relative path is specified, it is calculated relative to the Balancer executable file. The parameter is mandatory. The default value is: `..\etc\certs`
`OutputSettings`	Specifies the address for sending the results of incoming events matching. The value can be an IPv4 address, an IPv6 address, or a host name. The following parameter can be specified: `port`—The port to which Balancer sends the results of incoming events matching. The range of values for this parameter is from `1` to `65535`. This parameter is mandatory. This element is mandatory.
`Instances`	The section that contains elements with parameters of Kaspersky CyberTrace instances. The following parameters can be specified for the section: `update_seconds`—The time interval, in seconds, between attempts to connect to inaccessible instances of Kaspersky CyberTrace. This parameter is mandatory. The range of values for this parameter is from `1` to `3600`. `matching_timeout_seconds`—The timeout, in seconds, for the response from an instance of Kaspersky CyberTrace with the result of incoming event matching. This parameter is mandatory. The range of values for this parameter is from `1` to `3600`. `api_timeout_seconds`—The timeout, in seconds, for the response from an instance of Kaspersky CyberTrace to a REST API request. This parameter is mandatory. The range of values for this parameter is from `1` to `3600`. This element is mandatory.
`Instances/Instance`	An element with parameters for connection to an instance of Kaspersky CyberTrace. The value can be an IPv4 or IPv6 address. This element is mandatory. The following parameters can be specified: `enabled`—Specifies the state of the Kaspersky CyberTrace instance. This parameter is mandatory. Use `true` or `false` as a value for this parameter. `matching_port`—The port on which the Kaspersky CyberTrace instance accepts incoming events. The value of this parameter must be similar to the value of the InputSettings > ConnectionString element in the configuration file of the Kaspersky CyberTrace instance. This parameter is mandatory. The range of values for this parameter is from `1` to `65535`. `api_port`—The port on which the Kaspersky CyberTrace instance accepts REST API requests. The value of this parameter must be similar to the value of the HTTPServer > ConnectionString element in the configuration file of the Kaspersky CyberTrace instance. This parameter is mandatory. The range of values for this parameter is from `1` to `65535`. `scanners_count`—The maximum number of simultaneous connections allowed for the Kaspersky CyberTrace instance. This parameter is mandatory. The range of values for this parameter is from `1` to `100`. The value of the `scanners_count` parameter of a Kaspersky CyberTrace instance must not exceed the value, less 1, of the `ScannersCount` parameter specified in the configuration file of that Kaspersky CyberTrace instance. This element is mandatory.
`AllowedRequests`	The section that contains elements with parameters of allowed REST API requests to Kaspersky CyberTrace instances. This element is mandatory.
`AllowedRequests/AllowedRequest`	An element with parameters of an allowed REST API request to Kaspersky CyberTrace instances. This element is optional. This element can contain a string that is from 1 to 2048 characters long and contains only ASCII characters. The value of this element can contain the '*' wildcard character, which stands for zero or any number of any characters. The following parameter can be specified: `method`—The request method. Use `GET`, `POST`, `PUT`, or `DELETE` as a value for this parameter. This parameter is mandatory. The value of this parameter is not case-sensitive. By default, `kl_balancer.conf` contains all necessary `AllowedRequest` elements for using the REST API of Kaspersky CyberTrace.

Default configuration file

By default, kl_balancer.conf contains the following parameters:

<SSLCertificatePath>..\httpsrv\kl_feed_service_cert.pem</SSLCertificatePath>

<SSLPrivateKeyPath>..\httpsrv\kl_feed_service_private.pem</SSLPrivateKeyPath>

<LicenseDirPath>..\httpsrv\lic</LicenseDirPath>

</Instances>

<AllowedRequest method="GET">/api/1.2/suppliers</AllowedRequest>

<AllowedRequest method="GET">/api/1.2/suppliers/*</AllowedRequest>

<AllowedRequest method="POST">/api/1.2/lookup</AllowedRequest>

<AllowedRequest method="GET">/ioc_exports/*</AllowedRequest>

</AllowedRequests>

</Settings>

The default configuration file above is the one included in the distribution kit for Windows systems. The default configuration file for Linux systems has the same contents except for the format of local paths in the values of the SSLCertificatePath, SSLPrivateKeyPath, and LicenseDirPath parameters, where '\' is substituted for '/'.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.