Configuring synchronization between Wallarm node and Cloud¶
The filtering node regularly synchronizes with the Wallarm Cloud to:
-
Get updates for traffic processing rules (LOM)
-
Get updates of proton.db
-
Send data on detected attacks and vulnerabilities
-
Send metrics for processed traffic
These instructions describe parameters and methods used to configure filtering node and Wallarm Cloud synchronization.
Access parameters¶
The node.yaml
file contains the parameters providing the filtering node access to the Cloud.
This file is automatically created after running the register-node
script and includes the filtering node name and UUID, and Wallarm API secret key. Default path to the file is /etc/wallarm/node.yaml
. This path can be changed via the wallarm_api_conf
directive.
The node.yaml
file may contain the following access parameters:
Parameter | Description | Default value |
---|---|---|
hostname | Filtering node name. This variable is required to be set in the node.yaml file. | Provided by register-node |
regtoken | Token for node to be able to access the Wallarm API. | Provided by register-node |
uuid | Filtering node UUID. This variable is required to be set in the node.yaml file. | Provided by regtoken |
secret | Secret key to access the Wallarm API. This variable is required to be set in the node.yaml file. | Provided by regtoken |
api.host | Wallarm API endpoint. Can be:
| api.wallarm.com |
api.port | Wallarm API port. | 443 |
api.use_ssl | Whether to use SSL when connecting to Wallarm API. | true |
api.ca_verify | Whether to enable/disable Wallarm API server certificate verification. Can be:
| true |
api.ca_file | Path to the SSL certificate file. | /usr/share/wallarm-common/ca.pem |
api.localhost | Local IP address of the network interface through which requests to Wallarm API are sent. This parameter is required if the network interface used by default restricts access to Wallarm API (for example, access to the Internet may be closed). | - |
api.localport | Port of the network interface through which requests to Wallarm API are sent. This parameter is required if the network interface used by default restricts access to Wallarm API (for example, access to the Internet may be closed). | - |
To change synchronization parameters, proceed with the following steps:
-
Make changes to the
node.yaml
file by adding the required parameters and assigning the desired values to them. -
Restart NGINX to apply updated settings to the synchronization process:
sudo systemctl restart nginx
sudo service nginx restart
sudo systemctl restart nginx
sudo systemctl restart nginx
Synchronization interval¶
By default, the filtering node synchronizes with the Wallarm Cloud every 120‑240 seconds (2‑4 minutes). You can change the synchronization interval via the system environment variable WALLARM_SYNCNODE_INTERVAL
.
To change the interval between filtering node and Wallarm Cloud synchronizations:
-
Open the file
/etc/environment
. -
Add the
WALLARM_SYNCNODE_INTERVAL
variable to the file and set a desired value to the variable in seconds. The value cannot be less than the default value (120
seconds). For example:WALLARM_SYNCNODE_INTERVAL=800
-
Save the changed file
/etc/environment
. New interval value will be applied to the synchronization process automatically.
Configuration example¶
Note that besides parameters providing the filtering node access to the Cloud (general and api
sections, described in this article), the node.yaml
file may also contain parameters providing different processes the access to files needed for the node operation (syncnode
section).
Example of the valid node.yaml
contents:
hostname: example-node-name
uuid: ea1xa0xe-xxxx-42a0-xxxx-b1b446xxxxxx
secret: b827axxxxxxxxxxxcbe45c855c71389a2a5564920xxxxxxxxxxxxxxxxxxc4613260
api:
host: api.wallarm.com
port: 443
ca_verify: true
syncnode:
owner: root
group: wallarm
mode: 0640