From 39823d4201e5ae9d405ec8646e9509467a16b26a Mon Sep 17 00:00:00 2001 From: "Zsolt Gyulai (zgyulai)" Date: Fri, 19 Jul 2024 13:05:13 +0200 Subject: [PATCH 1/4] Documented hypr-audit sources. Signed-off-by: Zsolt Gyulai (zgyulai) --- _data/external_links.yml | 5 ++ .../060_Sources/031_Hypr/000_Hypr_options.md | 68 +++++++++++++++++++ .../060_Sources/031_Hypr/README.md | 53 +++++++++++++++ 3 files changed, 126 insertions(+) create mode 100644 doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md create mode 100644 doc/_admin-guide/060_Sources/031_Hypr/README.md diff --git a/_data/external_links.yml b/_data/external_links.yml index 1f686808..9ae73d9f 100644 --- a/_data/external_links.yml +++ b/_data/external_links.yml @@ -881,6 +881,11 @@ hadoop-rel: url: http://hadoop.apache.org/releases.html title: [ "Hadoop release page" ] +hypr-audit: + id: hypr-audit + url: https://apidocs.hypr.com/ + title: [ "Hypr REST API" ] + jellyfin: id: jellyfin url: https://jellyfin.org/ diff --git a/doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md b/doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md new file mode 100644 index 00000000..64c42e65 --- /dev/null +++ b/doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md @@ -0,0 +1,68 @@ +--- +title: `hypr-audit-trail()` and `hypr-app-audit-trail() `source options +id: adm-src-hypr-opt +--- + +The `hypr-audit-trail()` and `hypr-app-audit-trail() sources have the following options: + +## url() + +| Type: | url| +| Default:| | + +*Description:* A custom URL for Hypr API access ("https://.hypr.com") + +## bearer-token() + +| Type: | token| +| Default:| | + +*Description:* The base64 encoded authentication token from Hypr. + +## page-size() + +| Type: | number| +| Default:| 100| + +*Description:* Defines the number of results to return in a single page (optional). + +## initial-hours() + +| Type: | number(hours)| +| Default:| 4| + +*Description:* Defines the number of hours to search backward on initial fetch (optional). + +## application-skip-list() + +| Type: | rpAppId list| +| Default:| `HYPRDefaultApplication`, `HYPRDefaultWorkstationApplication`| + +*Description:* The list of rpAppIds not to retrieve from Hypr (optional). + +## log-level() + +| Type: | string| +| Default:| `INFO`| + +The following values are available for log-level(): + +* `DEBUG` +* `INFO` +* `WARNING` +* `ERROR` +* `CRITICAL` + +## flags() + +| Type: | string| +| Default:| | + +*Description:* The flags passed to the source, can be used for example to disable message parsing with flags(no-parse) (optional). + +## ignore-persistence() + +| Type: | boolean| +| Default:| `no`| + +*Description:* This option can be set to ignore the saved value in the persist file, and start querying from the current time (optional). \ No newline at end of file diff --git a/doc/_admin-guide/060_Sources/031_Hypr/README.md b/doc/_admin-guide/060_Sources/031_Hypr/README.md new file mode 100644 index 00000000..b8d67266 --- /dev/null +++ b/doc/_admin-guide/060_Sources/031_Hypr/README.md @@ -0,0 +1,53 @@ +--- +title: 'Hypr Audit Trail and Hyper App Audit Trail' +short_title: hype-audit +id: adm-src-hypr +description: >- + This source is available in syslog-ng OSE 4.2 and later versions. Using this source syslog-ng OSE can fetch events from the Hypr REST API using the following drivers: +--- +* `hypr-audit-trail()`: is a source driver that pulls messages from the Hypr API, associated to any RP Application ID. +* `hypr-app-audit-trail()`: is a source driver that pulls messages from the Hypr API, but only those associated to a specific RP Application ID. + +**Note:** Applications that are registered after syslog-ng is started are not recognized. +{: .notice--info} + +## Hyper Audit Trail + +The `hypr-audit-trail()` source queries the Hypr API for the list of potential applications at startup, then monitors the audit trail for each of the detected applications. + +To follow audit trails restart syslog-ng. + +### Example: hypr-audit-trail minimal configuration + +```config +source s_hypr { + hypr-audit-trail( + url('https://.hypr.com') + bearer-token('') + ); +}; +``` + +### Example: hypr-audit-trail detailed configuration + +```config +source s_hypr { + hypr-audit-trail( + url('https://.hypr.com') + bearer-token('') + page-size() + initial-hours() + application-skip-list('HYPRDefaultApplication', 'HYPRDefaultWorkstationApplication') + log-level('INFO') + flags() + ignore-persistence() + ); +}; +``` +## Hypr App Audit Trail + +The `hypr-app-audit-trail()` monitors the audit trail for one specific RP Application ID. This driver requires the `rp-app-id()` parameter in order to operate. + +## Acknowledgements + +These chapters are based on the hypr-audit-trail() content, written by Dan Elder. \ No newline at end of file From c2bd53e00a2611a73a3c9f4ddae98289bada9591 Mon Sep 17 00:00:00 2001 From: "Zsolt Gyulai (zgyulai)" Date: Fri, 19 Jul 2024 13:29:44 +0200 Subject: [PATCH 2/4] Small editing modifications. Signed-off-by: Zsolt Gyulai (zgyulai) --- doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md | 2 +- doc/_admin-guide/060_Sources/031_Hypr/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md b/doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md index 64c42e65..38f64d55 100644 --- a/doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md +++ b/doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md @@ -1,5 +1,5 @@ --- -title: `hypr-audit-trail()` and `hypr-app-audit-trail() `source options +title: `hypr-audit-trail()` and `hypr-app-audit-trail()` source options id: adm-src-hypr-opt --- diff --git a/doc/_admin-guide/060_Sources/031_Hypr/README.md b/doc/_admin-guide/060_Sources/031_Hypr/README.md index b8d67266..e1a99db6 100644 --- a/doc/_admin-guide/060_Sources/031_Hypr/README.md +++ b/doc/_admin-guide/060_Sources/031_Hypr/README.md @@ -1,6 +1,6 @@ --- title: 'Hypr Audit Trail and Hyper App Audit Trail' -short_title: hype-audit +short_title: hypr id: adm-src-hypr description: >- This source is available in syslog-ng OSE 4.2 and later versions. Using this source syslog-ng OSE can fetch events from the Hypr REST API using the following drivers: From 0d1bb100aee992b5939d0f8736e21b83c0edde1c Mon Sep 17 00:00:00 2001 From: zsoltgyulai94 <147834757+zsoltgyulai94@users.noreply.github.com> Date: Mon, 22 Jul 2024 13:30:11 +0200 Subject: [PATCH 3/4] Update doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Gergely Karácsonyi <64634678+mrgarris0n@users.noreply.github.com> Signed-off-by: zsoltgyulai94 <147834757+zsoltgyulai94@users.noreply.github.com> --- doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md b/doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md index 38f64d55..c2533bd1 100644 --- a/doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md +++ b/doc/_admin-guide/060_Sources/031_Hypr/000_Hypr_options.md @@ -10,7 +10,7 @@ The `hypr-audit-trail()` and `hypr-app-audit-trail() sources have the following | Type: | url| | Default:| | -*Description:* A custom URL for Hypr API access ("https://.hypr.com") +*Description:* A custom URL for Hypr API access ("https://\.hypr.com") ## bearer-token() From c5b2abb77cc961649c44f7977515d3c9236b036b Mon Sep 17 00:00:00 2001 From: zsoltgyulai94 <147834757+zsoltgyulai94@users.noreply.github.com> Date: Mon, 22 Jul 2024 13:30:17 +0200 Subject: [PATCH 4/4] Update doc/_admin-guide/060_Sources/031_Hypr/README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Gergely Karácsonyi <64634678+mrgarris0n@users.noreply.github.com> Signed-off-by: zsoltgyulai94 <147834757+zsoltgyulai94@users.noreply.github.com> --- doc/_admin-guide/060_Sources/031_Hypr/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/_admin-guide/060_Sources/031_Hypr/README.md b/doc/_admin-guide/060_Sources/031_Hypr/README.md index e1a99db6..159d0b0c 100644 --- a/doc/_admin-guide/060_Sources/031_Hypr/README.md +++ b/doc/_admin-guide/060_Sources/031_Hypr/README.md @@ -50,4 +50,4 @@ The `hypr-app-audit-trail()` monitors the audit trail for one specific RP Applic ## Acknowledgements -These chapters are based on the hypr-audit-trail() content, written by Dan Elder. \ No newline at end of file +These chapters are based on hypr-audit-trail() documentation written by Dan Elder and Axoflow. \ No newline at end of file