OITC Access Control System: service that logs all access attempts to the OpenSearch database.
400
Maintained by: Michael Oberdorf IT-Consulting
Source code: GitHub
Container image: DockerHub
Access Control System documentation: ACS Documentation
Dockerfile linksThis service is part of the Michael Oberdorf IT-Consulting (OITC) Access Control System (ACS).
On accessing entry points, this information is available in the internal bus system. This service listens on these events and writes them into an Opensearch (or Elasticsearch) database as searchable audit trail for compliance and security analysis.
This service is NO standalone service. It requires an OITC ACS system to be running.
The container get's the configuration from environment variables.
| Variable name | Description | Required | Default value |
|---|---|---|---|
MQTT_SERVER | The MQTT server hostname or IP address. | OPTIONAL | localhost |
MQTT_PORT | The TCP port of the MQTT server. | OPTIONAL | 1883 |
MQTT_PROTOCOL_VERSION | The MQTT protocol version to use. Currently supported 3 (means 3.1.1) and 5. | OPTIONAL | 3 |
MQTT_TLS | Should SSL communication be enabled (true) or not (false). | OPTIONAL | false |
MQTT_CACERT_FILE | If TLS is enabled, the path to the CA certificate file to validate the MQTT server certificate. | OPTIONAL | /etc/ssl/certs/ca-certificates.crt |
MQTT_TLS_INSECURE | If TLS is enabled, skip the hostname validation of the TLS certificate. | OPTIONAL | false |
MQTT_CLIENT_ID | The MQTT client id to use for the MQTT connection. | OPTIONAL | |
MQTT_USERNAME | The MQTT username for MQTT authentication. | OPTIONAL | |
MQTT_PASSWORD | The MQTT password for MQTT authentication. | OPTIONAL | |
MQTT_PASSWORD_FILE | The filepath where the MQTT password is stored for MQTT authentication. | OPTIONAL | |
DB_TYPE | The database type is one of opensearch or elasticsearch | OPTIONAL | opensearch |
DB_CLUSTER_NODES | Comma separated list of cluster nodes (hostname:port) | OPTIONAL | localhost:9200 |
DB_TLS | Should SSL communication be enabled (true) or not (false). | OPTIONAL | false |
DB_TLS_INSECURE | If TLS is enabled, skip the hostname validation of the TLS certificate. | OPTIONAL | false |
DB_CACERT_FILE | If TLS is enabled, the path to the CA certificate file to validate the DB server certificate. | OPTIONAL | /etc/ssl/certs/ca-certificates.crt |
DB_API_KEY | When DB_TYPE is elasticsearch, the API_KEY to connect to the Elasticsearch DB. | OPTIONAL | |
DB_API_KEY_FILE | When DB_TYPE is elasticsearch, the filepath where the API_KEY is stored. | OPTIONAL | |
DB_USERNAME | When DB_TYPE is opensearch, the username for authentication. | OPTIONAL | |
DB_PASSWORD | When DB_TYPE is opensearch, the password for authentication. | OPTIONAL | |
DB_PASSWORD_FILE | When DB_TYPE is opensearch, the filepath where the password is stored for authentication. | OPTIONAL | |
MAPPING_FILE | The file that contains the MQTT topic and DB mapping configuration. | OPTIONAL | /app/etc/mappings.json |
PROMETHEUS_LISTENER_ADDR | The listener address to expose the prometheus exporter. | OPTIONAL | 0.0.0.0 |
PROMETHEUS_LISTENER_PORT | The TCP listener port to expose the prometheus exporter. | OPTIONAL | 8080 |
TZ | Timezone | OPTIONAL | UTC |
HINT:
MQTT_PASSWORD_FILE will be priorized before MQTT_PASSWORDDB_API_KEY_FILE will be priorized before DB_API_KEYDB_PASSWORD_FILE will be priorized before DB_PASSWORDservices:
logging-service:
restart: always
user: 2300:2300
image: oitc/acs.logging-service:latest
environment:
MQTT_SERVER: test.mosquitto.org
MQTT_PORT: 1883
MQTT_PROTOCOL_VERSION: 3
MQTT_TOPIC_ACS_STATUS: location/oitc-acs/general/status
MQTT_TOPIC_DOOR_ACCESS: location/oitc-acs/entrypoints/+/access
A bigger example can be found here: docker-compose.yaml
Please have a look to the main documentation: MQTT message reference
I would appreciate a small donation to support the further development of my open source projects.
Content type
Image
Digest
sha256:e3f64b66a…
Size
41.6 MB
Last updated
3 months ago
docker pull oitc/acs.logging-service