Skip to main content

Privacera Documentation

Audit Fluentd properties on Privacera Platform

The following table contains the list of custom properties that can be configured for the Audit Fluentd service. To use a custom property from the table, just add it to the following YML file in the custom-vars folder configured as per your environment:

  • vars.audit-fluentd.yml

Property

Description

Example

AUDIT_FLUENTD_AUDIT_DESTINATION

Set the audit destination where the audits will be saved. If the value is set to S3, the audits get stored in the AWS S3 server. For S3, the default time interval to publish the audits is 3600s (1hr).

Local storage should be used only for development and testing purposes. All the audit received are stored in the same container/pod.

Value: local, s3, azure-blob, azure-adls

s3

When the destination is local, edit the following property:

AUDIT_FLUENTD_LOCAL_FILE_TIME_INTERVAL

This is the time interval after which the audits will be pushed to the local destination.

3600s

When the destination is s3, edit the following properties:

AUDIT_FLUENTD_S3_BUCKET

Set the bucket name, if you set the audit destination above to S3.

Leave unchanged, if you set the audit destination to local.

bucket_1

AUDIT_FLUENTD_S3_REGION

Set the bucket region, if you set the audit destination above to S3.

Leave unchanged, if you set the audit destination to local.

us-east-1

AUDIT_FLUENTD_S3_FILE_TIME_INTERVAL

This is the time interval after which the audits will be pushed to the S3 destination.

3600s

AUDIT_FLUENTD_S3_ACCESS_KEY

AUDIT_FLUENTD_S3_SECRET_KEY

Set the access and secret key, if you set the audit destination above to S3.

Leave unchanged, if you set the audit destination to local and are using AWS IAM Instance Role.

AUDIT_FLUENTD_S3_ACCESS_KEY: "AKIAIOSFODNN7EXAMPLE"

AUDIT_FLUENTD_S3_SECRET_KEY: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"

AUDIT_FLUENTD_S3_BUCKET_ENCRYPTION_TYPE

Property to encrypt an S3 bucket. You can use the property, if you have set S3 as the audit destination in the property, AUDIT_FLUENTD_AUDIT_DESTINATION.

You can assign one of the following values as the encryption types:

  • SSE-S3

  • SSE-KMS

  • SSE-C

  • NONE

SSE-S3 and SSE-KMS are encryptions managed by AWS. You need to enable the server-side encryption for the S3 bucket. For more information on how to enable SSE-S3 or SSE-KMS encryption types, click here

SSE-C is the custom encryption type, where the encryption key and MD5 have to generated separately.

NONE

AUDIT_FLUENTD_S3_BUCKET_ENCRYPTION_KEY

If you have set SSE-C encryption type in the AUDIT_FLUENTD_S3_BUCKET_ENCRYPTION_TYPE property, then the encryption key is mandatory. It is optional for SSE-KMS encryption type.

AUDIT_FLUENTD_S3_BUCKET_ENCRYPTION_KEY_MD5

If you have set SSE-C encryption type in the AUDIT_FLUENTD_S3_BUCKET_ENCRYPTION_TYPE property, then the MD5 encryption key is mandatory.

To get the MD5 hash for the encryption key, run the following command:

echo -n "<generated-key>"|  openssl dgst -md5 -binary | openssl enc -base64

When the destination is azure-blob or azure-adls, edit the following properties:

AUDIT_FLUENTD_AZURE_STORAGE_ACCOUNT

AUDIT_FLUENTD_AZURE_CONTAINER

Set the storage account and the container, if you set the audit destination above to Azure Blob or Azure ADLS.

Leave unchanged, if you set the audit destination to local.

Note

Currently, it supports Azure blob storage only.

AUDIT_FLUENTD_AZURE_STORAGE_ACCOUNT: "storage_account_1"

AUDIT_FLUENTD_AZURE_CONTAINER: "container_1"

AUDIT_FLUENTD_AZURE_FILE_TIME_INTERVAL

This is the time interval after which the audits will be pushed to the Azure ADLS/Blob destination.

3600s

AUDIT_FLUENTD_AUTH_TYPE

Select an authentication type from the dropdown list.

AUDIT_FLUENTD_AZURE_STORAGE_ACCOUNT_KEY

AUDIT_FLUENTD_AZURE_STORAGE_SAS_TOKEN

Configure this property, if you have selected SAS Key in the property, AUDIT_FLUENTD_AUTH_TYPE.

Set the storage account key and the SAS token, if you set the audit destination above to Azure Blob.

Leave unchanged, if you're using Azure's Managed Identity Service.

AUDIT_FLUENTD_AZURE_OAUTH_TENANT_ID

AUDIT_FLUENTD_AZURE_OAUTH_APP_ID

AUDIT_FLUENTD_AZURE_OAUTH_SECRET

Configure this property, if you have selected OAUTH in the property, AUDIT_FLUENTD_AUTH_TYPE.

Set the storage account key and the SAS token, if you set the audit destination above to Azure ADLS.

Leave unchanged, if you're using Azure's Managed Identity Service.

AUDIT_FLUENTD_AZURE_USER_MANAGED_IDENTITY_ENABLE

AUDIT_FLUENTD_AZURE_USER_MANAGED_IDENTITY

Configure this property, if you have selected MSI (UserManaged) in the property, AUDIT_FLUENTD_AUTH_TYPE.