Thu, 13 Jun 2024 17:42:05 GMT

[email protected]. - How do you price BindPlane OP? BindPlane OP has several editions and is priced based on the amount of data ingested by agents managed by BindPlane. For more information please reach out to our sales team at [email protected] - How do I upgrade BindPlane OP for Linux? Running the install command without the init flag at the end is enough to upgrade BindPlane. You can get the installer command from going to the download page. Run this script on your BindPlane server to upgrade BindPlane. - Can you deploy BindPlane OP on Kubernetes? You can install the BindPlane OP server and agents on Kubernetes. See Kubernetes Installation for more information. - What license type do I need? We offer a free tier license that supports up to 10 agents ingesting up to 10 GB/Day, a BindPlane for Google license that only supports Google Cloud as a destination, and our enterprise license with no limitations. More information about our license types can be found on our solutions page. Sources File Source - How do you reset the file collector to re-read files in a directory? Under the advanced configuration for the file source, set the file to read at the beginning and uncheck the Enable File Offset Storage. Destinations Google SecOps Windows Events routing to Google SecOps: - Google SecOps can only read 'RAW' telemetry. Please verify that in the Google SecOps Destination settings 'Send Single Field' is checked, with the 'Field to Send' set to 'Body'. - The 'Log Type' in the Google SecOps Destination settings should be set to 'WINEVTLOG' to capture Windows Event Logs. - On the 'Windows Events' Source, under 'Advanced', please make sure 'Raw Logs' is selected. - To send events from a custom channel to Google SecOps, you can specify the channel name in the 'Windows Events' source under 'Advanced Settings'. To find the value for the custom channel name you can run the following commands on the Windows Server to find the value of the custom channel log name: Get-WinEvent -ListLog - To capture DNS logs on Windows, you can add the 'DNS Server' channel in the Windows Events source and under Advanced. - To capture DHCP logs on Windows, you can use the CSV source and point it to your DHCP logs that may be located at 'c:\windows\system32\dhcp\dhcpsrvlog.\.txt']]>

Mon, 11 Dec 2023 16:10:29 GMT

Thu, 13 Jun 2024 17:42:05 GMT

[email protected] From there, a ticket is opened and you will be emailed tracking information automatically. Google Destination Partnership Support Customers using BindPlane for Google are entitled to support. This support channel is through the Google Partnership. Opening a Ticket with Google There is an integrated support process where customers initiate support requests with Google. These issues are worked mutually with Google for observIQ product technical and configuration issues. For more information on opening a ticket with Google Support: https://cloud.google.com/support/docs]]>

Mon, 23 Sep 2024 14:36:33 GMT

Mon, 11 Nov 2024 20:37:21 GMT

[email protected] for more information. Processors Available for BindPlane OP Processor Metrics Logs Traces Google Edition : : : : : Add Fields Batch Coalesce Compute Metric Statistics Count Telemetry Custom Delete Empty Values Delete Fields Deduplicate Logs Extract Metric Filter by Condition Filter by Field Filter HTTP Status Filter Metric Name Filter by Regex Filter Severity Group by Attributes Google SecOps Standardization Log Sampling Lookup Fields Marshal Mask Sensitive Data Move Field Parse CSV Parse JSON Parse Key Value Parse Severity Parse Timestamp Parse with Regex Parse XML Rename Fields Rename Metric Resource Detection]]>

Wed, 30 Oct 2024 16:06:44 GMT

Wed, 16 Oct 2024 19:04:42 GMT

Thu, 11 Apr 2024 15:26:58 GMT

Thu, 31 Oct 2024 18:44:23 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Thu, 11 Apr 2024 15:26:58 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Wed, 23 Oct 2024 13:40:24 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Thu, 11 Apr 2024 15:26:58 GMT

Tue, 19 Mar 2024 01:26:01 GMT

Tue, 15 Oct 2024 13:59:37 GMT

Wed, 23 Oct 2024 13:40:24 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Wed, 19 Jun 2024 15:05:05 GMT

Wed, 14 Feb 2024 12:40:11 GMT

Thu, 23 May 2024 14:03:50 GMT

Thu, 11 Apr 2024 15:26:58 GMT

Wed, 10 Apr 2024 20:00:01 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Thu, 11 Apr 2024 15:26:58 GMT

[email protected]" Path to Rabbitmq log file(s). start_at enum end Start reading the file from the 'beginning' or 'end'. username\ string Username used to authenticate. password\ string Password used to authenticate. endpoint string http://localhost:15672 The endpoint of the Rabbitmq server. collection_interval int 60 Sets how often (seconds) to scrape for metrics. enable_tls bool false Whether or not to use TLS. insecure_skip_verify bool false Enable to skip TLS certificate verification. ca_file string Certificate authority used to validate the database server's TLS certificate. cert_file string A TLS certificate used for client authentication, if mutual TLS is enabled. key_file string A TLS private key used for client authentication, if mutual TLS is enabled. \_required field_]]>

Thu, 09 Nov 2023 09:26:01 GMT

Fri, 12 Apr 2024 14:10:48 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Thu, 11 Apr 2024 15:26:58 GMT

Thu, 13 Jun 2024 17:42:05 GMT

Wed, 28 Aug 2024 20:09:59 GMT

Thu, 11 Apr 2024 15:26:58 GMT

Fri, 12 Apr 2024 14:10:48 GMT

Thu, 23 May 2024 14:03:50 GMT

Thu, 11 Apr 2024 15:26:58 GMT

Tue, 05 Dec 2023 18:59:32 GMT

Wed, 30 Oct 2024 16:06:44 GMT

Thu, 13 Jun 2024 12:58:52 GMT

Wed, 17 Jul 2024 13:47:01 GMT

Thu, 13 Jun 2024 12:58:52 GMT

Thu, 11 Apr 2024 15:26:58 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Thu, 23 May 2024 14:03:50 GMT

Tue, 09 Jan 2024 15:41:26 GMT

Tue, 16 Apr 2024 18:12:20 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Tue, 16 Apr 2024 18:12:20 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Tue, 03 Sep 2024 17:23:47 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Tue, 16 Apr 2024 18:12:20 GMT

Thu, 23 May 2024 14:03:50 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Tue, 16 Apr 2024 18:12:20 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Thu, 23 May 2024 14:03:50 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Tue, 16 Apr 2024 18:12:20 GMT

Thu, 23 May 2024 14:03:50 GMT

Fri, 25 Oct 2024 18:37:14 GMT

Tue, 05 Nov 2024 16:44:23 GMT

Thu, 23 May 2024 14:03:50 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Tue, 16 Apr 2024 18:12:20 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Tue, 16 Apr 2024 18:12:20 GMT

Wed, 05 Jun 2024 17:59:27 GMT

Wed, 30 Oct 2024 16:06:44 GMT

Thu, 24 Oct 2024 19:42:30 GMT

Wed, 05 Jun 2024 17:59:27 GMT

Thu, 26 Sep 2024 02:03:45 GMT

Wed, 05 Jun 2024 17:59:27 GMT

Fri, 11 Oct 2024 15:08:18 GMT

Wed, 11 Sep 2024 17:46:43 GMT

Tue, 24 Sep 2024 09:50:47 GMT

Thu, 13 Jun 2024 17:17:32 GMT

Mon, 11 Nov 2024 19:01:29 GMT

Tue, 24 Sep 2024 18:24:18 GMT

Wed, 05 Jun 2024 17:59:27 GMT

Wed, 17 Jul 2024 13:47:01 GMT

Wed, 05 Jun 2024 17:59:27 GMT

Tue, 30 Jul 2024 17:59:27 GMT

Tue, 22 Oct 2024 20:11:50 GMT

Fri, 14 Jun 2024 14:04:08 GMT

Wed, 23 Oct 2024 17:46:02 GMT

Wed, 05 Jun 2024 17:59:27 GMT

body.timestamp - Exclude a host.name field from the log attributes -> attributes.host\.name - Exclude a nested ip field inside a src attribute -> attributes.src.ip Example Configuration Basic Configuration Setting a custom log_count_attribute and timezone while deduplicating logs on a 60 second interval. Web Interface Standalone Processor Exclude Fields This example shows the addition of exclude_fields. More information on exclude_fields can be found here. Web Interface Standalone Processor]]>

Wed, 05 Jun 2024 17:59:27 GMT

Thu, 13 Jun 2024 17:17:32 GMT

Wed, 05 Jun 2024 17:59:27 GMT

Mon, 23 Sep 2024 13:54:19 GMT

Wed, 05 Jun 2024 17:59:27 GMT

Mon, 07 Oct 2024 18:49:43 GMT

Wed, 30 Oct 2024 17:03:48 GMT

Thu, 09 Nov 2023 09:26:01 GMT

Tue, 20 Aug 2024 16:21:04 GMT

Thu, 13 Jun 2024 17:42:05 GMT

Fri, 14 Jun 2024 14:04:08 GMT

Tue, 04 Jun 2024 14:21:20 GMT

Tokens Example: Creating a Token within Splunk Network Requirements Network access to the Splunk indexer, TCP: 8088 is the default. Supported Platforms Platform Logs Metrics Traces : : : : Linux Windows macOS Configuration Table Parameter Type Default Description : : : : token string Authentication token used when connecting to the HTTP Event Collector. index string Optional name of the Splunk index targeted. hostname string localhost Hostname or IP address of the HTTP Event Collector. port int 8088 TCP port to which the exporter is going to send data. path string /services/collector/event The HTTP API path to which the exporter is going to send data. max_request_size int 2097152 The maximum size (in bytes) of a request sent to the destination. A value of 0 will send unbounded requests. The maximum allowed value is 838860800 (800MB). max_event_size int 2097152 The maximum size (in bytes) of an individual event. Events larger than this will be dropped. The maximum allowed value is 838860800 (800MB). enable_compression bool true Compress telemetry data using gzip before sending. enable_tls bool false Whether or not to use TLS. insecure_skip_verify bool false Enable to skip TLS certificate verification. ca_file string Certificate authority that is used to validate TLS certificates. Configuration Example: Splunk Destination configuration Supported Retry and Queuing Settings This destination supports the following retry and queuing settings: Sending Queue Persistent Queue Retry on Failure : : :]]>

Tue, 04 Jun 2024 14:21:20 GMT

Mon, 12 Feb 2024 18:49:58 GMT

Mon, 11 Nov 2024 19:01:29 GMT

Raw Logs enabled) - Microsoft SQL Server - Common Event Format - CSV - File - HTTP - TCP - UDP Log Type Handling / Google SecOps Parsing Google Secops uses the log_type ingestion label to determine which SecOps Parser should be applied to logs. In BindPlane you can set the log_type ingestion label in one of the following ways: 1. Automatic Mapping: BindPlane will automatically create the log_type ingestion label for sources that use one of the following log_types. In these cases, you dont need to take any action. attributes[log_type] chronicle_log_type (Ingestion Label) windows_event.security WINEVTLOG windows_event.application WINEVTLOG windows_event.system WINEVTLOG sql_server MICROSFT_SQL 2. Set Google SecOps Log Type: You can use the Google SecOps Standardization Processor to specify the appropriate SecOps ingestion label (log_type). Its best practice to always explicitly set this when sending logs to Google Secops. You can optionally specify a namespace to identify an appropriate data domain and add additional ingestion labels to configure custom metadata. Note: The log_type field will take precedence over any automatic mapping that may occur. 3. Fallback: The Google SecOps Destination has a Fallback Log Type field that you can set as a fallback option, in the case that you did not set chronicle_log_type or BindPlane couldnt automatically map the log_type for you. Credentials This exporter requires a Google Cloud service account with access to the Google SecOps API. The service account must have access to the endpoint specfied in the config. For the legacy API (gRPC), besides the default endpoint (https://malachiteingestion-pa.googleapis.com), there are also regional endpoints that can be used here. When using the DataPlane API (https), the available regions can be found here For additional information on accessing SecOps, see the Chronicle documentation, and DataPlane documentation Supported Retry and Queuing Settings This destination supports the following retry and queuing settings: Sending Queue Persistent Queue Retry on Failure : : :]]>

Tue, 04 Jun 2024 14:21:20 GMT

Wed, 02 Oct 2024 10:42:40 GMT

Mon, 15 Apr 2024 12:36:34 GMT

Fri, 14 Jun 2024 14:04:08 GMT

Thu, 18 Jul 2024 19:53:03 GMT

Mon, 15 Apr 2024 12:36:34 GMT

Thu, 13 Jun 2024 17:42:05 GMT

Tue, 04 Jun 2024 14:21:20 GMT

Tue, 11 Jun 2024 17:01:55 GMT

Wed, 30 Oct 2024 16:06:44 GMT

Tue, 04 Jun 2024 14:21:20 GMT

Thu, 17 Oct 2024 17:56:27 GMT

Thu, 13 Jun 2024 17:17:32 GMT

Wed, 16 Oct 2024 19:25:54 GMT

Fleet > Agent Policies (Search for _agent policies_). - Select the Agent Policy you wish to configure your agent for. If none exist, one must be created. - Under the integrations tab, there should be a row titled Elastic APM. On the far right of this row is a menu of actions. Select the action Edit Integration. - Your Server URL is listed under General > Server Configuration > URL. - Your Secret Token is listed under Agent Authorization > Secret token and can be configured if desired. Self-Managed For Kubernetes hosted Elastic, reference the Elastic docs: Connect to the APM Server Configuration Table Parameter Type Default Description : : : : telemetry_types telemetrySelector Logs, Metrics, Traces Specifies which types of telemetry to export to Elasticsearch. deployment_type enum Elastic Cloud The deployment model of your elastic instance. Either Elastic Cloud or Self-Managed. Used to determine whether the http or gRPC protocol will be used, respectively. server_url string The URL of your Elastic APM Server. Telemetry will be sent to server_url/v1/logs, server_url/v1/metrics, server_url/v1/traces respectively. Only relevant for Elastic Cloud instances. hostname string The hostname or IP address of your Elastic APM Server. Only relevant for Self-Managed Elastic instances. grpc_port int 8200 TCP port to which the exporter is going to send OTLP data. Only relevant for Self-Managed Elastic instances. secret_token string The Secret Token for agents to authenticate with your Elastic APM Server. enable_tls bool true Enable advanced TLS settings. Only relevant for Self-Managed Elastic. Elastic Cloud instances always use TLS with TLS Verification enabled. insecure_skip_verify bool false Enable to skip TLS certificate verification. ca_file string Certificate authority used to validate the database server's TLS certificate. tls_server_name_override string Optional virtual hostname. Indicates the name of the server requested by the client. This option is generally not required. mutual_tls bool false Whether or not to use mutual TLS authentication. cert_file string A TLS certificate used for client authentication if mutual TLS is enabled. key_file string A TLS private key used for client authentication if mutual TLS is enabled. compression enum gzip Compression algorithm to use when sending data to the OTLP server. Must be one of none, gzip, and zlib. headers map {} Additional headers to attach to each request. Supported Retry and Queuing Settings This destination supports the following retry and queuing settings: Sending Queue Persistent Queue Retry on Failure : : : Example Configuration Web Interface]]>

Wed, 16 Oct 2024 19:25:54 GMT

Thu, 08 Feb 2024 21:27:35 GMT

Tue, 04 Jun 2024 14:21:20 GMT

Tue, 16 Apr 2024 14:04:22 GMT

Mon, 15 Apr 2024 12:36:34 GMT

Tue, 04 Jun 2024 14:21:20 GMT

Mon, 09 Sep 2024 13:52:56 GMT

Mon, 15 Apr 2024 12:36:34 GMT

Mon, 16 Sep 2024 16:32:55 GMT

Tue, 04 Jun 2024 14:21:20 GMT

Fri, 12 Apr 2024 10:33:42 GMT

Tue, 04 Jun 2024 14:21:20 GMT

Fri, 09 Aug 2024 20:20:04 GMT

failed to get transform agent client: there are no registered transform agents Support This error generally indicates a misconfiguration issue, however, if Live Preview was working in the past and is not working now, it is recommended that you engage with Support. Linux On Linux, the Transform Agent operates as a subprocess. Make sure your configuration file at /etc/bindplane/config.yaml has the following section. Run the following command to check if the BindPlane service is running: If the Transform Agent sub-process is missing, check the logs at /var/log/bindplane/bindplane.log and sudo journalctl -f unit bindplane lines 200. It is expected that the Transform Agent always be running without additional configuration, so it is recommended to engage observIQ Support. Docker On Docker, check to see if the Transform Agent container is running. If the Transform Agent is running, make sure BindPlane is configured with the following environment variables. If the environment is configured correctly, view the recent logs from the BindPlane container. If the Transform Agent is running, and the environment is configured with the correct service name or hostname, it is recommended to engage observIQ Support. Kubernetes On Kubernetes, the Transform Agent is fully managed by the BindPlane OP Helm Chart. Make sure the Transform Agent containers are running. If the Transform Agent container is running, check to see if it has an endpoint in the bindplane-transform-agent clusterIP service. Notice that in the example, the Transform Agent pod has the IP address 10.244.0.3. Check for service endpoints for the pod's IP address. If the Transform Agent pod is running and contains a service endpoint, check the BindPlane server pod logs. Use the following commands as a reference. Select Deployment if operating BindPlane in high availability. If the Transform Agent is running, and the Transform Agent clusterIP service has a valid endpoint, it is recommended to engage observIQ Support.]]>

Fri, 26 Apr 2024 22:44:21 GMT

Tue, 22 Oct 2024 14:42:06 GMT

Mon, 10 Jun 2024 15:38:35 GMT

json_lines configuration, such as in the examples below to work as expected. Example output stanza This output stanza sends to a BindPlane agent installed on a host with the IP 10.10.1.5, and configured to listen on port 2255 (the default). Below are a pair of sample logstash conf.d files. After adding these, or modifying the output stanza of existing ones, restart the logstash service. Config for collecting from /var/log files using the logstash file plugin Config for collecting from a json formatted log file using the logstash beats plugin Step 2: Deploy a BindPlane Agent as a Gateway This is the agent you will be routing data through and is what will be managed by BindPlane OP. In a production environment, this is likely to be a fleet of agents behind a load balancer. See our Collector Sizing and Scaling docs for more details on determining your collector architecture. Step 3: Build the Configuration 1. Create a new configuration 2. Add the Logstash Source and configure it to receive from your Logstash agents (as shown below) 3. Add a destination of your choice and configure it. Step 4: Transform the Data Once you have verified data is flowing through the BindPlane Agent to your destination without issue, you can now start re-routing data to different destinations and inserting processors into your pipeline to reduce the amount of data you are sending.]]>

Wed, 30 Oct 2024 16:06:44 GMT

Thu, 13 Jun 2024 12:58:52 GMT

Wed, 25 Sep 2024 15:39:46 GMT

Wed, 17 Jul 2024 17:39:09 GMT

Thu, 11 Jan 2024 13:03:21 GMT

Thu, 13 Jun 2024 17:42:05 GMT

Wed, 20 Mar 2024 19:26:45 GMT

Fri, 20 Sep 2024 12:15:34 GMT

[email protected]. When prompted for the bind username and password, provide the user principal and password for your bind user. This user must have permission to bind to the domain services LDAP server. Example Configuration Once the configuration is initialized, the auth section will look like this: In this example, the domain services hostname is bindplane-ldap.onmicrosoft.com and the certificate is valid for the hostname bindplane-ldap.onmicrosoft.com. The TLS certificates and private key are located at /etc/bindplane/azure_ldap with the following permissions. High Availability If operating BindPlane in high availability, make sure the configuration changes to the auth section of the configuration file are copied to the other servers. Kubernetes The BindPlane Helm Chart v1.10.0 or newer supports Azure LDAP. See the Readme and the Initialization section on this page for details on each option. Before you begin, make sure a secret containing the TLS certificates exists in the namespace that BindPlane is deployed to. Update your values file with the following options. Make sure to update them to reflect your environment. Update your Helm deployment with the new options. Troubleshooting You can use the ldapsearch utility to interface with Azure LDAP. It is useful for validating your certificate, bind user, and base DN. Example usage: Make sure to update the LDAP connection string (-H), bind user (-D) bind password (-w) and base dn (-b). Resources - Azure Identity Documentation - LDAP authentication with Microsoft Entra ID - What is Microsoft Entra Domain Services? - Tutorial: Create and configure a Microsoft Entra Domain Services managed domain - Enable secure LDAP for Microsoft Entra Domain Services - LDAP Search Utility]]>

Tue, 17 Sep 2024 19:47:44 GMT

Sun, 27 Oct 2024 17:07:00 GMT

Wed, 17 Jul 2024 13:47:01 GMT

Tue, 11 Jun 2024 20:29:42 GMT

Mon, 24 Jun 2024 14:32:52 GMT

Mon, 24 Jun 2024 14:32:16 GMT

Wed, 30 Oct 2024 16:06:44 GMT

Tue, 09 Jan 2024 11:51:48 GMT

Mon, 10 Jun 2024 12:50:01 GMT

Mon, 16 Sep 2024 17:31:39 GMT

Thu, 11 Apr 2024 12:15:06 GMT

Fri, 12 Apr 2024 09:57:08 GMT

Tue, 30 Jan 2024 20:47:57 GMT

Thu, 10 Oct 2024 18:27:30 GMT

Tue, 30 Jan 2024 20:47:57 GMT

Mon, 22 Jan 2024 17:01:07 GMT

Thu, 04 Apr 2024 08:43:26 GMT

Mon, 09 Sep 2024 09:32:31 GMT

Mon, 18 Nov 2024 16:25:12 GMT

Mon, 10 Jun 2024 12:50:01 GMT

Fri, 26 Apr 2024 22:44:21 GMT

Wed, 15 Mar 2023 09:52:05 GMT

Fri, 10 Nov 2023 14:57:59 GMT

Thu, 13 Jun 2024 19:03:39 GMT

Sun, 27 Oct 2024 17:07:00 GMT

Thu, 13 Jun 2024 12:58:52 GMT

Sun, 27 Oct 2024 17:07:00 GMT

Fri, 24 May 2024 17:06:13 GMT

Wed, 17 Jul 2024 13:47:01 GMT

Fri, 26 Jul 2024 14:51:31 GMT

Thu, 13 Jun 2024 17:42:05 GMT

Thu, 23 May 2024 18:15:38 GMT

Fri, 24 May 2024 20:18:30 GMT

Fri, 24 May 2024 17:06:13 GMT

Fri, 24 May 2024 20:18:30 GMT

Thu, 13 Jun 2024 17:42:05 GMT

Tue, 09 Jan 2024 11:00:00 GMT

Mon, 10 Jun 2024 12:50:01 GMT

Thu, 14 Nov 2024 10:08:15 GMT

Wed, 13 Dec 2023 11:59:08 GMT

Mon, 04 Nov 2024 15:36:35 GMT

Fri, 10 Nov 2023 14:57:59 GMT

Wed, 09 Oct 2024 10:41:55 GMT

environment variables > configuration file. Server and client configurations can be bootstrapped using the init command. See the initialization section. For detailed examples, see the configurations section. Host IP Address the BindPlane server binds to. This can be a single address or 0.0.0.0 for all interfaces. Option Flag Environment Variable Default network.host host BINDPLANE_HOST 127.0.0.1 Port TCP port the BindPlane server binds to. This must be an unprivileged port when running BindPlane as a non-root user. Option Flag Environment Variable Default network.port port BINDPLANE_PORT 3001 Remote URL URL used to reach the BindPlane server. This must be set in all client and server configurations and must be a valid URL with a protocol (HTTP / HTTPS), hostname or IP address, and port. If the server is behind a proxy or load balancer, the proxy URL can be used. Option Flag Environment Variable Default network.remoteURL remote-url BINDPLANE_REMOTE_URL http://127.0.0.1:3001 CorsAllowedOrigins A list of origin domains allowed to make requests to BindPlane OP. It should at least contain the domain of the hosted UI. An empty or null value matches all origins. A wildcard "\" is also allowed to match all origins. In most cases, this value can be the same as network.remoteURL. Option Flag Environment Variable Default network.corsAllowedOrigins cors-allowed-origins BINDPLANE_CORS_ALLOWED_ORIGINS Logging Log output (file or stdout). When log output is set to file, a log file path can be specified. Option Flag Environment Variable Default logging.output logging-output BINDPLANE_LOGGING_OUTPUT file logging.filePath logging-file-path BINDPLANE_LOGGING_FILE_PATH /.bindplane/bindplane.log Server installations will use /var/log/bindplane/bindplane.log, which is set using an environment variable in the systemd service configuration. Log files are rotated and gzip compressed, and cleaned up automatically by BindPlane. Log files have a max size of 100mb and up to 10 rotates or 30 days of age, whichever comes first. Using an external utility such as logrotate is not recommended. Metrics BindPlane can be configured to forward metrics to an OpenTelemetry collector. The easiest way to get up and running is to deploy an agent on the same machine BindPlane is installed on. The agent should be configured with the OpenTelemetry source. Configure BindPlane to send metrics over localhost. Once configured, the managed agent can forward the metrics to the destination of your choice. Metrics are sent to OpenTelemetry collectors using the gRPC protocol. Option Flag Environment Variable Default metrics.type metrics-type BINDPLANE_METRICS_TYPE metrics.interval metrics-interval BINDPLANE_METRICS_INTERVAL 1m0s metrics.otlp.endpoint metrics-otlp-endpoint BINDPLANE_METRICS_OTLP_ENDPOINT metrics.otlp.insecure metrics-otlp-insecure BINDPLANE_METRICS_OTLP_INSECURE Tracing BindPlane supports configuration to enable tracing. tracing.type can be set to google or otlp. Option Flag Environment Variable Default tracing.type tracing-type BINDPLANE_TRACING_TYPE When tracing.type is set to otlp, some more configuration is possible. Option Flag Environment Variable Default tracing.otlp.endpoint tracing-otlp-endpoint BINDPLANE_TRACING_OTLP_ENDPOINT tracing.otlp.insecure tracing-otlp-insecure BINDPLANE_TRACING_OTLP_INSECURE FALSE TLS BindPlane supports server side TLS and mutual TLS. See the tls examples for detailed usage. Option Flag Environment Variable network.tlsCert tls-cert BINDPLANE_TLS_CERT network.tlsKey tls-key BINDPLANE_TLS_KEY network.tlsCA tls-ca BINDPLANE_TLS_CA network.tlsSkipVerify tls-skip-verify BINDPLANE_TLS_SKIP_VERIFY network.tlsMinVersion tls-min-version BINDPLANE_TLS_MIN_VERSION Server - network.tlsCert: Enables server-side TLS - network.tlsKey: Enables server-side TLS - network.tlsCA: Enables mutual TLS Client - network.tlsCA: Allows the client to trust the server certificate. Not required if the host operating system already trusts the server certificate. - network.tlsCert: Enables mutual TLS - network.tlsKey: Enables mutual TLS - network.tlsSkipVerify: Skip server certificate verification Storage Backend BindPlane supports two storage backends, bbolt and postgres. Option Flag Environment Variable Default store.type store-type BINDPLANE_STORE_TYPE bbolt BBolt Option Flag Environment Variable Default store.bbolt.path \store-bbolt-path BINDPLANE_STORE_BBOLT_PATH /.bindplane/storage Postgres Postgres can be used as a local or remote storage backend. Postgres storage is enabled when store.type is set to postgres. Postgres is a BindPlane OP Enterprise feature. Option Flag Environment Variable Default store.postgres.host postgres-host BINDPLANE_POSTGRES_HOST localhost store.postgres.port postgres-port BINDPLANE_POSTGRES_PORT 5432 store.postgres.database postgres-database BINDPLANE_POSTGRES_DATABASE bindplane store.postgres.sslmode postgres-ssl-mode BINDPLANE_POSTGRES_SSL_MODE disable store.postgres.sslrootcert postgres-ssl-root-cert BINDPLANE_POSTGRES_SSL_ROOT_CERT Optional store.postgres.sslcert postgres-ssl-cert BINDPLANE_POSTGRES_SSL_CERT Optional store.postgres.sslkey postgres-ssl-key BINDPLANE_POSTGRES_SSL_KEY Optional store.postgres.username postgres-username BINDPLANE_POSTGRES_USERNAME store.postgres.password postgres-password BINDPLANE_POSTGRES_PASSWORD postgres.maxConnections postgres-max-connections BINDPLANE_POSTGRES_MAX_CONNECTIONS 100 Example Postgres configuration: Event Bus BindPlane uses an event bus to communicate between components within BindPlane. When operating BindPlane with multiple servers, the event bus can be used to send events between BindPlane servers. Option Flag Environment Variable eventBus.type event-bus-type BINDPLANE_EVENT_BUS_TYPE The event bus type supports the following options: - local - nats - googlePubSub Local Event Bus The local event bus is the default event bus used by BindPlane. The local event bus does not have a configuration. It can be used by setting the event bus type to local. Google Pub/Sub Event Bus The Google Pub/Sub event bus can be used when operating multiple BindPlane servers. Option Flag Environment Variable eventBus.googlePubSub.projectID event-bus-type BINDPLANE_GOOGLE_PUB_SUB_PROJECT_ID eventBus.googlePubSub.credentialsFile google-pub-sub-credentials-file BINDPLANE_GOOGLE_PUB_SUB_CREDENTIALS_FILE eventBus.googlePubSub.topic google-pub-sub-topic BINDPLANE_GOOGLE_PUB_SUB_TOPIC When operating BindPlane on Google Compute Engine with the pub/sub" oath scopes enabled, BindPlane will handle authentication automatically. The configuration is simple and requires only the projectID and topic options. When running outside of Google Cloud, or without the Pub/Sub oauth scopes, you can use a Google Service Account Credential by setting the credentialsFile option. This credentials file must be installed on the BindPlane server's filesystem and be readable by the bindplane user. BindPlane will manage its own Pub/Sub subscription. Subscriptions are created and named based on the server's hostname. BindPlane will attempt to clean up its subscription on shutdown. Subscriptions are automatically cleaned up by Google Cloud if they have been disconnected for more than one day. NATS Event Bus NATS can be used as the event bus for BindPlane OP Enterprise and is a good option for distributed on-prem deployments. NATS is embedded into BindPlane and does not require external infrastructure. See the NATS Configuration documentation for more information. Server Session Secret A UUIDv4 is used for encoding web UI login cookies. This should be a new random UUIDv4. This value should be different than auth.secretKey. Option Flag Environment Variable auth.sessionSecret session-secret BINDPLANE_SESSION_SECRET Prometheus It is not necessary to make changes to the BindPlane Prometheus configuration when using BindPlane's bundled Prometheus. Base Configuration. Option Description prometheus.enable Whether or not to enable Prometheus as the measurement backend. prometheus.enableRemote Whether or not to use a remote Prometheus instance. When disabled, BindPlane will manage a local Prometheus child process. prometheus.localFolder The directory where the Prometheus binary and dependencies are located. prometheus.host The hostname or ip address of the Prometheus instance. prometheus.port The port of the Prometheus instance's API. prometheus.queryPathPrefix The path prefix of the query endpoint. This parameter is useful if using a Prometheus compatible system such as Mimir. Authentication. Authentication is supported for remote Prometheus deployments. BindPlane OP supports two authentication modes. - No authentication - Basic authentication Prometheus does not use authentication by default. Follow the Prometheus Basic Auth Password Hashing documentation for more information. Option Description prometheus.auth.type The authentication type to use. Supported options are none and basic (Basic Authentication). prometheus.auth.username The username to use when basic authentication is enabled. prometheus.auth.password The password to use when basic authentication is enabled. TLS BindPlane supports connecting to Prometheus with TLS and Mutual TLS. Option Description prometheus.enableTLS Whether or not to use TLS when communicating with Prometheus. prometheus.tls.tlsSkipVerify Whether or not to skip verification of the Prometheus server's TLS certificate. It is not recommended to enable this option. prometheus.tls.tlsCa The x509 PEM encoded certificate authority file to use to verify the Prometheus server's TLS certificate. Alternatively, the CA certificate can be imported into the host's trust store, instead of configuring this option. prometheus.tls.tlsCert The x509 PEM encoded client certificate file to use for mutual TLS...]]>

Fri, 10 Nov 2023 14:23:29 GMT

Thu, 07 Nov 2024 13:54:57 GMT

Thu, 13 Jun 2024 17:42:05 GMT

Tue, 16 Jan 2024 23:50:36 GMT

Tue, 16 Jan 2024 23:23:50 GMT

Thu, 13 Jun 2024 17:42:05 GMT

Tue, 16 Jan 2024 23:57:15 GMT

Thu, 13 Jun 2024 17:42:05 GMT

Tue, 16 Jan 2024 23:50:36 GMT

Wed, 17 Jan 2024 00:05:32 GMT

Wed, 07 Aug 2024 19:04:49 GMT

Thu, 13 Jun 2024 17:42:05 GMT

Mon, 16 Sep 2024 19:44:54 GMT

Tue, 06 Aug 2024 14:58:44 GMT

Mon, 16 Sep 2024 19:42:09 GMT

Tue, 15 Oct 2024 19:34:04 GMT

Wed, 29 Nov 2023 17:29:30 GMT

Mon, 24 Jun 2024 14:05:16 GMT

Thu, 18 Jan 2024 20:24:51 GMT

Thu, 17 Oct 2024 09:35:11 GMT

Fri, 06 Sep 2024 15:57:06 GMT

Mon, 16 Sep 2024 16:10:03 GMT

5), it is recommended to enable NATS server on three nodes. Default value: false. Server Name The NATS server name can be set with eventBus.nats.server.name. It is required that servers have unique names. It is safe for this value to match the NATS client's name when BindPlane is operating the NATS client and server. Default value: System's hostname. Server Client Host The eventBus.nats.server.client.host option is used to configure the network interface used by the NATS server to receive incoming connections from clients. This can be localhost if the server is only receiving connections from the local NATS client, in situations where BindPlane is operating the client and server. Default value: localhost. Server Client Port The eventBus.nats.server.client.port option is used to configure the TCP port used by the NATS server to receive incoming connections from clients. Default value: 4222 Server HTTP Host The eventBus.nats.server.http.host option is used to configure the network interface used to expose the NATS server Monitoring API. You can find documentation for the API here. This should be set to localhost, with any monitoring tools running on the server system. Default value: localhost. Server HTTP Port The eventBus.nats.server.http.port option is used to configure the TCP port used by the NATS server to expose the Monitoring API. Default value: 8222. Server Cluster Name The eventBus.nats.server.cluster.name option sets the name of the NATS cluster. All nodes within the NATS cluster should have the same cluster name. Default value: bindplane. Server Cluster Host The eventBus.nats.server.cluster.host option is used to configure the network interface used to expose the NATS server's cluster interface. When operating more than one NATS server, it should be set to 0.0.0.0 or a specific IP address that is reachable by all other NATS servers. Default value: localhost. Server Cluster Port The eventBus.nats.server.cluster.port option is used to configure the TCP port used by the NATS server's cluster interface. Default value: 6222. Server Cluster Advertise The eventBus.nats.server.cluster.advertise option can be used to advertise the endpoint other servers in the cluster should use to reach the NATS server. This option should be considered advanced and is generally not required. The configured value should be of the form host:port, it should not contain a URI scheme. Default value: Unset. Server Cluster Routes The eventBus.nats.server.cluster.routes option is used to define a list of servers that the NATS server should connect to. This list can contain the local server. In this example, there are three BindPlane servers. All three servers will make connections to each endpoint in the list of routes. The servers will detect if they are connected to themselves, and automatically remove the route as it is unnecessary. Default value: Unset. Authentication Authentication is supported by configuring TLS. The NATS event bus uses mutual TLS to authenticate the client and server. TLS Configuration The following options can be set under eventBus.nats.tls. When TLS is enabled, NATS will use mutual TLS to authenticate the NATS clients and servers. A certificate authority file is required to enforce the use of mutual TLS. Option Description Default enableTLS Enable or disable TLS false tlsCert File path to TLS x509 PEM encoded certificate required tlsKey File path to TLS x509 PEM encoded private key required tlsCA File path(s) to TLS x509 PEM encoded certificate authority required tlsSkipVerify Enable or disable strict hostname verification false The following example enables TLS by setting enableTLS, tlsCert, tlsKey, and tlsCa. Generating Certificates You can use Step CLI, OpenSSL, or other tools to generate certificates. Certificates do not need to be publicly signed. The following examples will use step to generate a certificate authority and a signed certificate suitable for use with NATS. Create the certificate authority: Modify the san flag values to the hostnames of your BindPlane servers. If you have more than three servers, add additional san flags. You can also issue unique certificates for each server. Copy ca.crt, nats.crt, nats.key to /etc/bindplane on all of your servers. After copying them, set the filesystem permissions. Update your NATS configuration section to include the TLS options. - eventBus.nats.enableTLS - eventBus.nats.tls.tlsCert - eventBus.nats.tls.tlsKey - eventBus.nats.tls.tlsCa]]>

Tue, 11 Jun 2024 20:29:42 GMT

Thu, 15 Aug 2024 14:04:24 GMT

Fri, 15 Dec 2023 19:01:01 GMT

Wed, 19 Jun 2024 20:25:36 GMT

Thu, 13 Jun 2024 17:42:05 GMT

Wed, 15 Nov 2023 16:10:29 GMT

Thu, 02 Nov 2023 16:23:52 GMT