connector.conf.ini

Specifications #

[auditlogs://<specify_name>]
host = <host-name>, Default is current system hostname
source = <source-name>, Default is connector stanza name
repo =  <repository-name>
sourcetype = dataelicit/cisco-umbrella:cisco-umbrella-audit
frequency = <seconds>  Interval to run the input
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.

        Note: Schedule the connector (frequency/cron) in 15 mins to 1 day only. As connector will only check for data that is available today and yesterday. Using values outside preferred timeframe may lead to missing data.

bucket_name = Name of AWS S3 Bucket
dir_name = Folder in S3 where logs are stored
            Note: When using Cisco-managed S3 Bucket, data path is provide like: <AWS S3 bucket name>/<AWS S3 bucket directory prefix> Ex: cisco-managed-us-west-1/2069997_6ff2802af17337def701c2e7816cf14913zf848a, where bucket_name = cisco-managed-us-west-1 and dir_name = 2069997_6ff2802af17337def701c2e7816cf14913zf848a
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[dnslogs://<specify_name>]
host = <host-name>, Default is current system hostname
source = <source-name>, Default is connector stanza name
repo =  <repository-name>
sourcetype = dataelicit/cisco-umbrella:cisco-umbrella-dns
frequency = <seconds>  Interval to run the input
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.

        Note: Schedule the connector (frequency/cron) in 15 mins to 1 day only. As connector will only check for data that is available today and yesterday. Using values outside preferred timeframe may lead to missing data.

bucket_name = Name of AWS S3 Bucket
dir_name = Folder in S3 where logs are stored
            Note: When using Cisco-managed S3 Bucket, data path is provide like: <AWS S3 bucket name>/<AWS S3 bucket directory prefix> Ex: cisco-managed-us-west-1/2069997_6ff2802af17337def701c2e7816cf14913zf848a, where bucket_name = cisco-managed-us-west-1 and dir_name = 2069997_6ff2802af17337def701c2e7816cf14913zf848a
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

[proxylogs://<specify_name>]
host = <host-name>, Default is current system hostname
source = <source-name>, Default is connector stanza name
repo =  <repository-name>
sourcetype = dataelicit/cisco-umbrella:cisco-umbrella-proxy
frequency = <seconds>  Interval to run the input
cron = <cron-expression> 
        Note: Cron has higher priority and will be considered for scheduling instead of frequency, if both are defined.
        It is preferable to define only one, either cron or frequency.

        Note: Schedule the connector (frequency/cron) in 15 mins to 1 day only. As connector will only check for data that is available today and yesterday. Using values outside preferred timeframe may lead to missing data.

bucket_name = Name of AWS S3 Bucket
dir_name = Folder in S3 where logs are stored
            Note: When using Cisco-managed S3 Bucket, data path is provide like: <AWS S3 bucket name>/<AWS S3 bucket directory prefix> Ex: cisco-managed-us-west-1/2069997_6ff2802af17337def701c2e7816cf14913zf848a, where bucket_name = cisco-managed-us-west-1 and dir_name = 2069997_6ff2802af17337def701c2e7816cf14913zf848a
secret = <secret-stanza-name>
global = <global-stanza-name>
disabled = 0/1

Example #

[auditlogs://audit]
sourcetype = dataelicit/cisco-umbrella:cisco-umbrella-audit
frequency = 3600
bucket_name = cisco-managed-ap-northeast-1
dir_name = 7944991_d1d08b738dc27ac3dabda3b204a0c16fab885cd3
global = umbrella
secret = umbrella

[dnslogs://dns]
sourcetype = dataelicit/cisco-umbrella:cisco-umbrella-dns
cron = 0 0 * * *
bucket_name = cisco-managed-ap-northeast-1
dir_name = 7944991_d1d08b738dc27ac3dabda3b204a0c16fab885cd3
global = umbrella
secret = umbrella

[proxylogs://proxy]
sourcetype = dataelicit/cisco-umbrella:cisco-umbrella-proxy
frequency = 3600
bucket_name = cisco-managed-ap-northeast-1
dir_name = 7944991_d1d08b738dc27ac3dabda3b204a0c16fab885cd3
global = umbrella
secret = umbrella

Note #

Make sure that the stanza name you define in local/connector.conf is not already disabled in default/connector.conf, else it will get skipped.

Still stuck? How can we help?

Updated on December 16, 2024