diff --git a/docs/admin/common-problems.md b/docs/admin/common-problems.md index 11463007d..9a2775631 100644 --- a/docs/admin/common-problems.md +++ b/docs/admin/common-problems.md @@ -4,7 +4,7 @@ --> -# Common Problems +# Common Problems ## IntelMQ diff --git a/docs/admin/configuration/intelmq.md b/docs/admin/configuration/intelmq.md index 7c57d5575..5b96d7c98 100644 --- a/docs/admin/configuration/intelmq.md +++ b/docs/admin/configuration/intelmq.md @@ -16,7 +16,7 @@ If you installed the packages, standard Linux paths (LSB paths) are used: - `/var/log/intelmq/` (logs) - `/var/lib/intelmq/` (local states) - `/var/run/intelmq/` (PID files) - + Otherwise, the configuration directory is `/opt/intelmq/etc/`. Using the environment variable `INTELMQ_ROOT_DIR` allows setting any arbitrary root directory. You can switch this by setting the environment variables `INTELMQ_PATHS_NO_OPT` and `INTELMQ_PATHS_OPT`, respectively. @@ -42,7 +42,7 @@ The environment variable `ROOT_DIR` is meant to set an alternative root director This is the main configuration file. It uses YAML format since IntelMQ 3.0. It consists of two parts: * Global Configuration -* Individual Bot Configuration +* Individual Bot Configuration !!! warning Comments in YAML are currently not preserved by IntelMQ (known bug [#2003](https://github.com/certtools/intelmq/issues/2003)). @@ -152,7 +152,7 @@ Some information can as well be found in Python's documentation on the used **`error_dump_message`** (required, boolean) Specifies if the bot will write queued up messages to its dump file (use intelmqdump to - re-insert the message). + re-insert the message). If the path `_on_error` exists for a bot, the message is also sent to this queue, instead of (only) dumping the file if configured to do so. @@ -178,7 +178,7 @@ configured to do so. (optional, string) Allowed values are `redis` and `amqp`. Selects the message broker IntelMQ should use. As this parameter can be overridden by each bot, this allows usage of different broker systems and hosts, as well as switching between them on the same IntelMQ instance. Defaults to `redis`. - - **redis** - Please note that persistence has to be [manually activated](http://redis.io/topics/persistence). + - **redis** - Please note that persistence has to be [manually activated](http://redis.io/topics/persistence). - **amqp** - [Using the AMQP broker]() is currently beta but there are no known issues. A popular AMQP broker is [RabbitMQ](https://www.rabbitmq.com/). **`destination_pipeline_broker`** @@ -320,7 +320,7 @@ Example: a bot with id `example-bot` will have a default source queue named `exa **`destination_queues`** -(optional, object) Bots can have multiple destination queues. Destination queues can also be grouped into **named paths**. There are two special path names `_default` and `_on_error`. The path `_default` is used if the path is not is specified by the bot itself (which is the most common case). In case of an error during the processing, the message will be sent to the `_on_error` path if specified (optional). +(optional, object) Bots can have multiple destination queues. Destination queues can also be grouped into **named paths**. There are two special path names `_default` and `_on_error`. The path `_default` is used if the path is not is specified by the bot itself (which is the most common case). In case of an error during the processing, the message will be sent to the `_on_error` path if specified (optional). Only few of the bots (mostly expert bots with filtering capabilities) can take advantage of arbitrarily named paths. Some expert bots are capable of sending messages to paths, this feature is explained in their documentation, e.g. the [Filter](../../user/bots.md#intelmq.bots.experts.filter.expert) expert and the [Sieve](../../user/bots.md#intelmq.bots.experts.sieve.expert) expert. diff --git a/docs/admin/database/elasticsearch.md b/docs/admin/database/elasticsearch.md index 4bed8c217..9389b58d9 100644 --- a/docs/admin/database/elasticsearch.md +++ b/docs/admin/database/elasticsearch.md @@ -53,7 +53,7 @@ redis_db: 4 redis_queue: logstash-queue ``` -!!! warning +!!! warning You will not be able to monitor this redis queue via IntelMQ Manager. ### Configuring Logstash @@ -70,7 +70,7 @@ input { redis { host => "10.10.10.10" port => 6379 - db => 4 + db => 4 data_type => "list" key => "logstash-queue" } diff --git a/docs/admin/database/postgresql.md b/docs/admin/database/postgresql.md index 844deedea..e9cf99b1c 100644 --- a/docs/admin/database/postgresql.md +++ b/docs/admin/database/postgresql.md @@ -120,7 +120,7 @@ intelmq_psql_initdb --partition-key "time.source" ### How to setup -Thanks to TimescaleDB its very easy to setup. +Thanks to TimescaleDB its very easy to setup. 1. Choose your preferred [Timescale diff --git a/docs/admin/installation/linux-packages.md b/docs/admin/installation/linux-packages.md index 23d97c3d5..82f293456 100644 --- a/docs/admin/installation/linux-packages.md +++ b/docs/admin/installation/linux-packages.md @@ -50,7 +50,7 @@ For Ubuntu you must enable the Universe repository which provides community-main Add the repository to the package manager and install IntelMQ (packages `intelmq-api` and `intelmq-manager` are optional): 1. Open the file `/etc/apt/sources.list` in an editor of your choice. Use `sudo` or the `root` user. - + 2. Append `universe` to this line: ``` deb http://[...].archive.ubuntu.com/ubuntu/ focal main universe diff --git a/docs/admin/installation/pypi.md b/docs/admin/installation/pypi.md index ea840c886..8323a9029 100644 --- a/docs/admin/installation/pypi.md +++ b/docs/admin/installation/pypi.md @@ -9,7 +9,7 @@ This guide provides instruction on how to install IntelMQ and it's components using the Python Package Index (PyPI) repository. -!!! note +!!! note Some bots may have additional dependencies which are mentioned in their own documentation. ## Installing IntelMQ diff --git a/docs/admin/management/intelmq.md b/docs/admin/management/intelmq.md index 8bde09641..43837d674 100644 --- a/docs/admin/management/intelmq.md +++ b/docs/admin/management/intelmq.md @@ -491,7 +491,7 @@ In case of errors, unsuccessful operations, the exit code is higher than enabled bot is not running, the exit code is 1. The same is valid for e.g. `intelmqctl status`, which can be used for monitoring, and all other operations. - + ## Error Handling When bots are failing due to bad input data or programming errors, they can dump the problematic message to a file along diff --git a/docs/dev/library.md b/docs/dev/library.md index a524c61d9..6e63368d1 100644 --- a/docs/dev/library.md +++ b/docs/dev/library.md @@ -39,7 +39,7 @@ settings=BotLibSettings | { ``` As the bot is not fully initialized, we can process messages now. -Inserting a message as dictionary: +Inserting a message as dictionary: ```python queues = domain_suffix.process_message({'source.fqdn': 'www.example.com'}) diff --git a/docs/unsorted/intelmq-3.0-architecture.md b/docs/unsorted/intelmq-3.0-architecture.md index 0d907cb6e..ac24809cb 100644 --- a/docs/unsorted/intelmq-3.0-architecture.md +++ b/docs/unsorted/intelmq-3.0-architecture.md @@ -56,7 +56,7 @@ See [#1424](https://github.com/certtools/intelmq/issues/1424) _Task_: create a setup where each bot MAY run in a docker container _Background_: It might make sense to be able to run each bot in a docker container since it fits with a lot of new paradigms in orchestration. -With a proper template, each bot running in a docker container could send its logs to some central logger (for example splunk or similar) and +With a proper template, each bot running in a docker container could send its logs to some central logger (for example splunk or similar) and the sysadmin/devops teams which are already using these systems for monitoring alerts can properly fit the IntelMQ logs and alerts to their regular daily routine. Docker also allows the sysadmin/devops folks to centrally manage the system. @@ -69,7 +69,7 @@ _Category_: this feature should be OPTIONAL. _Task_: create tutorials with VMs/docker images. _Background_: -We are missing good tutorials ("playbooks") on how to run certain workflows via IntelMQ. Ideally, we would offer ready-made VMs/docker images where people who want to +We are missing good tutorials ("playbooks") on how to run certain workflows via IntelMQ. Ideally, we would offer ready-made VMs/docker images where people who want to try out IntelMQ (and consequently adapt the setup to their own needs). This also helps teachers/presenters who want to demo IntelMQ. Specifically we would like to have: diff --git a/docs/user/api.md b/docs/user/api.md index 7179fddcd..68d9b76a6 100644 --- a/docs/user/api.md +++ b/docs/user/api.md @@ -43,7 +43,7 @@ Here is a full example using **curl**: ```json {"login_token":"68b329da9893e34099c7d8ad5cb9c940","username":"$username"} ``` - + 2. Using the login token to fetch data: ```bash curl --location "http://localhost/intelmq/v1/api/version" \ diff --git a/docs/user/intro.md b/docs/user/intro.md index 5a8e994c4..cb5944c6c 100644 --- a/docs/user/intro.md +++ b/docs/user/intro.md @@ -35,7 +35,7 @@ The User Guide provides information on how to use installed IntelMQ and it's com ``` - Bots are divided into following groups: - + - **Collectors** - bots that collect data from sources such as website, mailbox, api, etc. - **Parsers** - bots that split and parse collected data into individual events. - **Experts** - bots that can do additional processing of events such as enriching, filtering, etc.