Tcp type

The tcp type is used for TCP communications.

Basic settings tab

Setting

Description

Name

Required setting.

Unique name of the resource. Must contain 1 to 128 Unicode characters.

Tenant

Required setting.

The name of the tenant that owns the resource.

The State toggle switch

Used when events must be sent to the destination.

By default, sending events is enabled.

Type

Required setting.

Destination type, tcp.

URL

Required setting.

URL that you want to connect to. Available formats: host:port, IPv4:port, :port.

IPv6 addresses are also supported. When using IPv6 addresses, you must also specify the interface in the [address%interface]:port format.

For example, [fe80::5054:ff:fe4d:ba0c%eth0]:4222).

Description

Resource description: up to 4,000 Unicode characters.

Advanced settings tab

Setting

Description

Compression

You can use Snappy compression. By default, compression is disabled.

Buffer size

Sets the size of the buffer.

The default value is 1 KB, and the maximum value is 64 MB.

Timeout

The time (in seconds) to wait for a response from another service or component.

The default value is 30.

Disk buffer size limit

Size of the disk buffer in bytes.

The default value is 10 GB.

Output format

Format for sending events to an external destination. Available values:

  • JSON
  • CEF

TLS mode

TLS encryption mode using certificates in pem x509 format. Available values:

  • Disabled means TLS encryption is not used. The default value.
  • Enabled means encryption is used, but certificates are not verified.
  • With verification means encryption is used with verification that the certificate was signed with the KUMA root certificate. The root certificate and key of KUMA are created automatically during application installation and are stored on the KUMA Core server in the folder /opt/kaspersky/kuma/core/certificates/.

When using TLS, it is impossible to specify an IP address as a URL.

Delimiter

In the drop-down list, you can select the character to mark the boundary between events. By default, \n is used.

Buffer flush interval

Time (in seconds) between sending batches of data to the destination. The default value is 1 second.

Number of handlers

This field is used to set the number of services processing the queue. By default, this value is equal to the number of vCPUs of the KUMA Core server.

Debug

This toggle switch lets you specify whether resource logging must be enabled. The default value is Disabled.

Disk buffer disabled

Drop-down list that lets you enable or disable the disk buffer. By default, the disk buffer is enabled.

The disk buffer is used if the collector cannot send normalized events to the destination. The amount of allocated disk space is limited by the value of the Disk buffer size limit setting.

If the disk space allocated for the disk buffer is exhausted, events are rotated as follows: new events replace the oldest events written to the buffer.

Filter

In this section, you can specify the criteria for identifying events that must be processed by the resource. You can select an existing filter from the drop-down list or create a new filter.

Creating a filter in resources

Page top