GBDI 4.2

Sonargd Configuration

The following items are configured using sonargd during the initial installation and can be reconfigured at any time by editing the sonargd.conf file.

Note

After making changes you need to restart (or stop and start) the sonargd service.

SonarW URI

This is the URI that sonargd uses to access SonarW. It needs to be able to ingest data, create collection and inspect existing collections, including system collections (system.ingest). This URI must include the database to be used by sonargd and sonargdm for the data injection.

Default: mongodb://localhost:27117/sonargd.

Base Directory

The base directory of operation for sonargd. All files read and written by sonargd will reside under this directory (except possibly log files). Sonargd needs write permissions and enough free space in the base directory. See Directory Structure for details.

Default: /var/lib/sonargd

Log Directory

The directory under which log files are to be created. This is usually different from the base directory and will often reside on a different partition.

Log files will be named sonargd.log, and will be rotated every 10 MB, with 10 backup copies.

In addition, sonargdm output files for each file set will be placed here, and named sonargdm.<timestamp>:<collector>.<n>.log.

  • timestamp – A 14-digit timestamp from the original file, format YYYYMMDDhhmmss.

  • collector – The name of the collector extracted from the original file

  • n – The number used by sonargdm to ensure files are not being overwritten

Defaults to /var/log/sonargd

Log Level

Messages reported to the log file can be fine-tuned by choosing one of the following: debug, info, warning, error, critical. Each level emits less messages than the previous one.

Defaults to info.

Incoming Server URI

To allow sonargd to pull the data from a different server, provide the URI for the server. URI is defined in RFC-3986, and is of the general form of ssh://user:password@server/path/to/files.

If you do not specify a URI here, sonargd assumes that files will appear in the incoming folder through other means. See Pulling Data Manually for more information.

Incoming Server SSH Key

As an alternative to providing a password in the Incoming Server URI, you can provide an SSH private key file to be used when connecting to the server. Managing keys may require more effort, but provides more security and allows fine-grained control over who can connect to each server. Ensure the public portion of this key is added as an authorized key on the server.

In the absence of an SSH private key, sonargd will connect to the server using the URI supplied above.