Skip to content

Data Acquisition

Service parameters which are found in service configuration files:

config.ini file
parameter type default value description
Alternate_DB_HOST string tcp://127.0.0.1:3306 This is the address of the alternate mysql DB server
Config_DB_HOST string tcp://127.0.0.1:3306 This is the address of the mysql DB server
Config_DB_DB string config This is the database name of the mysql DB server
Config_DB_USER string root This is the username of the mysql DB server
Config_DB_PASSWORD string **** This is the password of the mysql DB server

The following are parameters set in application settings:

parameter type default value description
EL_Url string 127.0.0.1 Short term storage (elasticsearch) address
EL_Port string 9200 Short term storage (elasticsearch) port
LIC_PATH string /var/opt/cyberquest/
dataacquisition/conf/lic
License file path
CLEANUP_CRON string * * * deprecated
bulk_size string 2000 Bulk size to send to short term storage (elasticsearch)
no_of_threads string 3 deprecated
ServiceDebugLevel string 2 The debug level as
0-FATAL ERROR,ERROR messages
1-WARNING messages
2-INFO messages
3-DEBUG messages
RMQ_host string 127.0.0.1 Address of the queuing services
RMQ_username string cq Username of the queuing services
RMQ_password string ** Encrypted password of the queuing services
RMQ_queue string events Queuing services incoming events queue name
maxmindb_path string /var/opt/cyberquest/
dataacquisition/bin/GeoIP.mmdb
Location of maxmindb database file
run_collection_servers string false deprecated
throttle_queue string 100000 Number of events stored in the message queue at which it will stop sending events. All events will be cached locally.
cache_path string /data/dataacquisition/cache/ Cache files location
collection_unique_keys string Computer,EventLog,agent_guid Unique event identifier based of fields enumerated, to identify one asset
el_shards string 2 Template number of shards for short term storage
use_http_ES_DA_client string 1 Whether use http transport for Short term storage (elasticsearch), if false transport will be used by other means via queue service (fanout)
sendRawData string 0 Whether send raw data to short term storage (elasticsearch)
writeEventPath string 0 Whether send path of the event in CQ system to short term storage (elasticsearch)
validateDataForEL string 1 deprecated
GetterThreadNo string 3 Number of threads to read from incoming events queue
ParserThreadNo string 3 Number of threads to parse data
RMQPusherThreadNo string 2 Number of threads to push data to queue service
ELPusherThreadNo string 2 Number of threads to push data to short term storage (elasticsearch)
supressRawData string 1 Whether delete raw data to send to long term storage (datastorage)
RedisServerURL string 127.0.0.1 Memory based storage address
RedisServerPORT string 6379 Memory based storage port
dbVersion string missing Loaded database version (if LoadDatabase is set to true)
ResyncCache string 0 Resync cache if used in default parsers, it will be reset to 0 after setting it to 1
UseDefaultParsers string false Whether use internal defined parsers for all events
EL_minim_free_space string 3072 Minimum space available on disk used by short term storage (elasticsearch), in case of throttling
Cache_minim_free_space string 3072 Minimum space available on disk to write data, in case of throttling
LoadDatabase string false Whether load database stored in sql folder