Tag

Definition

Impact

export TURBOAUDIT_HANDLE_ROLLOVER=false
use to disable processing of rollover audit logs before end of file is processed.  Enabled by default


> 2.0

export TURBOAUDIT_MAX_QUEUE_DEPTH=1000

export TURBOAUDIT_OUTPUT_RMQ_MULTIPLICITY=0

export TURBOAUDIT_BATCH_MS=0

export TURBOAUDIT_BATCH_SIZE=0



tuning values

Do not change leave at defaults.

export TURBOAUDIT_MAX_INPUT_RATE=10000

Rate limit ingress audit rate for Turbo audit

Can be changed to increase processing speed, this will increase CPU utilization of the cluster.  

export ECA_BUFFER_DB_FLUSH_MILLIS=1000

export RMQ_MAX_QUEUE_LENGTH=50000

export DEAD_LETTER_EXCHANGE_NAME=eca_dead_letter

export DEAD_LETTER_ROUTE_KEY=route_eca_dead_letter





export BYPASSED_EVENT_TYPES=DIR_SET_ACL,DIR_OPEN,DIR_CLOSE,DIR_SET_SEC (use this with Turboaudit to filter out events from being processed applies to Ransomware and Auditor) 


use only directed by events

export AUDIT_NFS_MOUNT_BASE=/ifs/data/test/audit/logs (watch container nfs default mount path assumed for audit logs, ifs/var etc… default location but can be changed for R&D testing only with load generators)


use only directed by events