Http type

The http type is used for HTTP communications.

Basic settings tab

Setting

Description

Name

Required setting.

Unique name of the resource. Must contain 1 to 128 Unicode characters.

Tenant

Required setting.

The name of the tenant that owns the resource.

The State toggle switch

Used when events must be sent to the destination.

By default, sending events is enabled.

Type

Required setting.

Destination type, http.

URL

Required setting.

URL that you want to connect to.

Available formats: host:port, IPv4:port, :port.

IPv6 addresses are also supported, however, when you use them, you must specify the interface as well: [address%interface]:port.
Example: [fe80::5054:ff:fe4d:ba0c%eth0]:4222).

Authorization

Type of authorization when connecting to the specified URL Possible values:

  • disabled is the default value.
  • plain: if this option is selected, you must indicate the secret containing user account credentials for authorization when connecting to the connector.

    Add secret

Description

Resource description: up to 4,000 Unicode characters.

Advanced settings tab

Setting

Description

Compression

You can use Snappy compression. By default, compression is disabled.

Buffer size

Sets the size of the buffer.

The default value is 1 KB, and the maximum value is 64 MB.

Timeout

The time (in seconds) to wait for a response from another service or component.

The default value is 30.

Disk buffer size limit

Size of the disk buffer in bytes.

The default value is 10 GB.

Output format

Format for sending events to an external destination. Available values:

  • JSON
  • CEF

TLS mode

Use of TLS encryption. Available values:

  • Disabled (default) means TLS encryption is not used.
  • Enabled means encryption is used, but the certificate is not verified.
  • With verification means encryption is used with verification that the certificate was signed with the KUMA root certificate. The root certificate and key of KUMA are created automatically during program installation and are stored on the KUMA Core server in the folder /opt/kaspersky/kuma/core/certificates/.
  • Custom CA means encryption is used with verification that the certificate was signed by a Certificate Authority. The secret containing the certificate is selected from the Custom CA drop-down list, which is displayed when this option is selected.

    Creating a certificate signed by a Certificate Authority

    When using TLS, it is impossible to specify an IP address as a URL.

URL selection policy

From the drop-down list, you can select the method of deciding which URL to send events to if multiple URLs are specified. Available values:

  • Any. Events are sent to one of the available URLs as long as this URL receives events. If the connection is broken (for example, the receiving node is disconnected) a different URL will be selected as the events destination.
  • Prefer first. Events are sent to the first URL in the list of added addresses. If it becomes unavailable, events are sent to the next available node in sequence. When the first URL becomes available again, events start to be sent to it again.
  • Balanced means that packages with events are evenly distributed among the available URLs from the list. Because packets are sent either on a destination buffer overflow or on the flush timer, this URL selection policy does not guarantee an equal distribution of events to destinations.

Delimiter

In the drop-down list, you can select the character to mark the boundary between events. By default, \n is used.

Path

The path that must be added for the URL request. For example, if you specify the path /input and enter 10.10.10.10 for the URL, requests for 10.10.10.10/input will be sent from the destination.

Buffer flush interval

Time (in seconds) between sending batches of data to the destination. The default value is 1 second.

Number of handlers

The number of services that are processing the queue. By default, this value is equal to the number of vCPUs of the KUMA Core server.

Health check path

The URL for sending requests to obtain health information about the system that the destination resource is connecting to.

Health check timeout

Frequency of the health check in seconds.

Health Check Disabled

Check box that disables the health check.

Debug

This toggle switch lets you specify whether resource logging must be enabled. The default value is Disabled.

Disk buffer disabled

Drop-down list that lets you enable or disable the disk buffer. By default, the disk buffer is enabled.

The disk buffer is used if the collector cannot send normalized events to the destination. The amount of allocated disk space is limited by the value of the Disk buffer size limit setting.

If the disk space allocated for the disk buffer is exhausted, events are rotated as follows: new events replace the oldest events written to the buffer.

Filter

In the Filter section, you can specify the criteria for identifying events that must be processed by the resource. You can select an existing filter from the drop-down list or create a new filter.

Creating a filter in resources

Page top