Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Akamai SIEM Collector Migration Guide

For users upgrading to version 3.0.0, changes in the configuration files need to be applied to ensure compatibility. This section provides step-by-step instructions for a smooth migration process.

Preparing for Migration

  1. Backup Your Current Configuration: Ensure you have a backup of your existing configuration files before proceeding.

  2. Review the New Configuration Changes: Familiarize yourself with the changes introduced in version 3.0.0, particularly regarding the security_events section.

Migration Steps

Step 1: Update Configuration

Changes in the security_events configuration:

The variable override_base_url has been renamed to host for better clarity. New variables were also introduced, and some have default values that can be overridden.

Before (Version <3.0.0):

"security_events": {
  "override_base_url": "<host>",
  "logs_limit": "<logs_limit>",
  "configs_id": "<configs_id>",
  "decode_attack_data_rules": <bool>
}

After (Version >=3.0.0):

"security_events": {
  "host": "<host_value>",
  "configs_id": "<configs_id>",
  "override_decode_attack_data_rules": <"override_decode_attack_data_rules">,
  "override_base_tag": <"override_base_tag_value">,
  "override_logs_limit": <"override_logs_limit_value">
}

Key Changes

  • override_base_url renamed to host.

  • Added override_base_tag for custom tag configuration.

  • logs_limit now defaults to 10000 but can be overridden with override_logs_limit.

  • decode_attack_data_rules defaults to False but can be overridden with override_decode_attack_data_rules.

Downgrading

Downgrade to a previous version is not compatible due to changes in the persistence layer. Ensure you fully transition to the updated configuration format before upgrading.

  • No labels