pgsqlpot 2.0.0__py2.py3-none-any.whl

pgsqlpot/data/docs/sqlite3/READMEWIN.md

@@ -0,0 +1,123 @@
+# Sending the Output of the Honeypot to an SQLite3 Database
+
+- [Sending the Output of the Honeypot to an SQLite3 Database](#sending-the-output-of-the-honeypot-to-an-sqlite3-database)
+  - [Prerequisites](#prerequisites)
+  - [Installation](#installation)
+  - [SQLite3 Database Creation](#sqlite3-database-creation)
+  - [Honeypot Configuration](#honeypot-configuration)
+  - [Restart the honeypot](#restart-the-honeypot)
+
+## Prerequisites
+
+- Working honeypot installation
+- SQLite3 (Can be downloaded from the [official site](https://sqlite.org/download.html))
+
+## Installation
+
+When writing to an SQLite3 database, the honeypot uses the free databases
+provided by MaxMind for the purposes of geoloacting the IP addresses. Start by
+ downloading the database update program for your particular kind of Windows
+from [GitHub](https://github.com/maxmind/geoipupdate/releases) and put it in a
+directory listed in the `PATH` variable of the environment.
+
+Create an account at the [MaxMind web
+site](https://support.maxmind.com/knowledge-base/articles/create-a-maxmind-account),
+log in, go to "My Account" and then to "Manage license keys". Write down the
+account ID, generate a license key, and copy it.
+
+Go to the directory `data`, where the gelolocation databases will reside:
+
+```powershell
+PS C:\> cd \pgsqlpot-workdir\data
+```
+
+Create in this directory a file named `geoip.cfg` with the following contents:
+
+```geoip.cfg
+AccountID <ACCOUNT>
+LicenseKey <KEY>
+EditionIDs GeoLite2-City GeoLite2-ASN
+DatabaseDirectory C:\pgsqlpot-workdir\data
+LockFile C:\pgsqlpot-workdir\data\.geoipupdate.lock
+```
+
+Change the paths in the options `DatabaseDirectory` and `LockFile` if you
+have opted to use paths different from the ones suggested by the
+honeypot installation documentation. Make sure you replace `<ACCOUNT>`
+and `<KEY>` with the account and license key obtained from MaxMind.
+
+Download the latest version of the Maxmind geolocation databases:
+
+```powershell
+PS C:\pgsqlpot-workdir\data> geoipupdate -f geoip.cfg
+```
+
+To have the database updated automatically (it is updated on MaxMind's site
+every second Tuesday of each month, so download it every second Wednesday),
+run the script `geoipupdtask.ps1` in the working directory:
+
+```powershell
+PS C:\pgsqlpot\data> ..\geoipupdtask.ps1 
+```
+
+It expects that the program `geoipupdate.exe` resides in one of the directories
+listed in the `PATH` variable of the environment, that the configuration file
+for it is named `geoip.cfg` and resides in the current directory, and that the
+updating task is to be run at 00:00. Also, it creates an updating task named
+`GeoIPUpdate`, which resides in the task folder `\` and has the description
+`GeoIP database updater`. You can change any of these parameters via
+command-line options to the script:
+
+```powershell
+PS C:\pgsqlpot\data> ..\geoipupdtask.ps1 -TaskName "My GeoIP Database Updater" -TaskPath "\MyTasks" -TaskDescription "Updates the GeoIP database" -RunTime "03:00:00" -geoipupdate "C:\Program File\geoipupdate\geoipupdate.exe" -geoipconfig "C:\pgsqlpot-workdir\data\geoip.cfg"
+```
+
+If you already have the MaxMind geolocation databases installed and updated on
+your machine in some other place, use their respective paths in the
+`[output_sqlite]` section of the file `honeypot.cfg`, as mentioned below.
+
+Finally, return to the working directory:
+
+```powershell
+PS C:\pgsqlpot-workdir\data> cd ..
+```
+
+## SQLite3 Database Creation
+
+First, create a database named `pgsqlpot.db`, residing in the `data` directory
+and based on the schema `C:\pgsqlpot-workdir\docs\sqlite3\sqlite3.sql`:
+
+```powershell
+PS C:\pgsqlpot-workdir> sqlite3 C:\pgsqlpot-workdir\data\pgsqlpot.db < C:\pgsqlpot-workdir\docs\sqlite3\sqlite3.sql
+```
+
+If you have opted on keeping the database elsewhere, use its proper path
+instead of `C:\pgsqlpot-workdir\data\pgsqlpot.db`.
+
+## Honeypot Configuration
+
+Add the following entries to the file `C:\pgsqlpot-workdir\etc\honeypot.cfg`
+
+```honeypot.cfg
+[output_sqlite]
+enabled = true
+debug = false
+db_file = data/pgsqlpot.db
+# Whether to store geolocation data in the database
+geoip = true
+# Location of the databases used for geolocation
+geoip_citydb = data/GeoLite2-City.mmdb
+geoip_asndb = data/GeoLite2-ASN.mmdb
+```
+
+Make sure the options `geoip_citydb` and `geoip_asndb` point to the correct
+paths of the two MaxMind geolocation databases. Also, if you prefer to keep
+the SQLite3 database elsewhere, make sure that you specify its correct path
+with the `db_file` option.
+
+## Restart the honeypot
+
+```powershell
+PS C:\pgsqlpot-workdir> C:\pgsqlpot-env\scripts\activate.ps1
+(pgsqlpot-env) PS C:\pgsqlpot-workdir> pgsqlpot restart
+```

pgsqlpot/data/docs/sqlite3/sqlite3.sql

@@ -0,0 +1,69 @@
+CREATE TABLE IF NOT EXISTS `connections` (
+  `id` INTEGER PRIMARY KEY,
+  `session` VARCHAR(32) NOT NULL,
+  `timestamp` DATETIME DEFAULT NULL,
+  `ip` VARCHAR(15) DEFAULT NULL,
+  `remote_port` INT(11) DEFAULT NULL,
+  `operation` INT(4) DEFAULT NULL,
+  `local_host` VARCHAR(15) DEFAULT NULL,
+  `local_port` INT(11) DEFAULT NULL,
+  `sensor` INT(4) DEFAULT NULL
+);
+
+CREATE INDEX IF NOT EXISTS `time_idx` ON `connections` (`timestamp`);
+CREATE INDEX IF NOT EXISTS `ip_idx` ON `connections` (`ip`);
+CREATE INDEX IF NOT EXISTS `ip2_idx` ON `connections` (`timestamp`, `ip`);
+
+CREATE TABLE IF NOT EXISTS `operations` (
+  `id` INTEGER PRIMARY KEY,
+  `op_name` VARCHAR(20) NOT NULL UNIQUE
+);
+
+CREATE TABLE IF NOT EXISTS `credentials` (
+  `id` INTEGER PRIMARY KEY,
+  `session` VARCHAR(32) NOT NULL,
+  `username` INT(4) DEFAULT NULL,
+  `password` INT(4) DEFAULT NULL
+);
+
+CREATE TABLE IF NOT EXISTS `usernames` (
+  `id` INTEGER PRIMARY KEY,
+  `username` VARCHAR(255) DEFAULT NULL UNIQUE
+);
+
+CREATE TABLE IF NOT EXISTS `passwords` (
+  `id` INTEGER PRIMARY KEY,
+  `password` VARCHAR(255) DEFAULT NULL UNIQUE
+);
+
+CREATE TABLE IF NOT EXISTS `variables` (
+  `id` INTEGER PRIMARY KEY,
+  `session` VARCHAR(32) NOT NULL,
+  `var` INT(4) DEFAULT NULL,
+  `val` INT(4) DEFAULT NULL
+);
+
+CREATE TABLE IF NOT EXISTS `vars` (
+  `id` INTEGER PRIMARY KEY,
+  `var_name` VARCHAR(20) NOT NULL UNIQUE
+);
+
+CREATE TABLE IF NOT EXISTS `var_values` (
+  `id` INTEGER PRIMARY KEY,
+  `var_value` VARCHAR(255) DEFAULT NULL UNIQUE
+);
+
+CREATE TABLE IF NOT EXISTS `sensors` (
+  `id` INTEGER PRIMARY KEY,
+  `name` VARCHAR(255) DEFAULT NULL UNIQUE
+);
+
+CREATE TABLE IF NOT EXISTS `geolocation` (
+  `id` INTEGER PRIMARY KEY,
+  `ip` VARCHAR(15) DEFAULT NULL UNIQUE,
+  `country_name` VARCHAR(45) DEFAULT '',
+  `country_iso_code` VARCHAR(2) DEFAULT '',
+  `city_name` VARCHAR(128) DEFAULT '',
+  `org` VARCHAR(128) DEFAULT '',
+  `org_asn` INT(11) DEFAULT NULL
+);

pgsqlpot/data/docs/telegram/README.md

@@ -0,0 +1,103 @@
+# Sending the output of the honeypot to a Telegram channel
+
+- [Sending the output of the honeypot to a Telegram channel](#sending-the-output-of-the-honeypot-to-a-telegram-channel)
+  - [Prerequisites](#prerequisites)
+  - [Create a Telegram bot and get its token](#create-a-telegram-bot-and-get-its-token)
+  - [Get the chat ID of a channel](#get-the-chat-id-of-a-channel)
+  - [Configure the honeypot](#configure-the-honeypot)
+
+## Prerequisites
+
+- Working honeypot installation
+- The Telegram app installed on a mobile device
+- A Telegram bot and its token
+- A Telegram channel and its channel ID
+
+## Create a Telegram bot and get its token
+
+1. Install the Telegram app on a mobile device and register a phone number
+there. It *has* to be a mobile phone number (a landline won't do) and you
+*have* to have control of it. You must be able to receive voice calls and SMS
+messages on it. Keep in mind that if you lose control of that phone number,
+somebody else who gets control of it will be able to take over your Telegram
+account. If, when registering your phone number, you get a message that an
+internal error has occurred, wait a day or two and try again.
+1. Open the Telegram application then search for `@BotFather`. Make sure that
+it is labeled as "Bot", or might might be some malicious Telegram user trying
+to masquerade as it.
+1. Click Start
+1. Click Menu and select /newbot or type `/newbot` and hit Send
+1. Follow the instructions until you get message like this
+
+```@BotFather
+    Done! Congratulations on your new bot. You will find it at t.me/new_bot.
+    You can now add a description.....
+
+    Use this token to access the HTTP API:
+    63xxxxxx71:AAFoxxxxn0hwA-2TVSxxxNf4c
+    Keep your token secure and store it safely, it can be used by anyone to control your bot.
+
+    For a description of the Bot API, see this page: https://core.telegram.org/bots/api
+```
+
+<!-- markdownlint-disable MD029 -->
+6. Optionally, edit your bot's properties - permissions, screen name, etc.
+1. Your bot token is `63xxxxxx71:AAFoxxxxn0hwA-2TVSxxxNf4c`. Make sure to keep it
+confidential because anyone who has it can take full control of the bot.
+<!-- markdownlint-enable MD029 -->
+
+## Get the chat ID of a channel
+
+1. Create a Telegram channel and add the Telegram bot to it.
+1. Send a message to the channel. These two steps are important - if you
+don't do them, you won't be getting meaningful information from the bot.
+1. Open this URL from a web browser `https://api.telegram.org/bot{your_bot_token}/getUpdates`.
+Make sure to replace `{your_bot_token}` with the actual token for your bot
+that was obtained in the previous section.
+1. You'll see a JSON response like
+
+```json
+    {
+      "ok": true,
+      "result": [
+        {
+          "update_id": 838xxxx36,
+          "channel_post": {...},
+            "chat": {
+              "id": -1001xxxxxx062,
+              "title": "....",
+              "type": "channel"
+            },
+            "date": 1703065989,
+            "text": "test"
+          }
+        }
+      ]
+    }
+```
+
+<!-- markdownlint-disable MD029 -->
+5. Check the value of `result[0]["channel_post"]["chat"]["id"]` - it contains
+the channel ID: `-1001xxxxxx062`
+1. Try sending a test message to the channel. Use your browser to access the
+URL `https://api.telegram.org/bot{your_bot_token}/sendMessage?chat_id={your_channel_ID}&text=test123`.
+Make sure to replace `{your_bot_token}` with the bot token obtained in the
+first section and `{your_channel_id}` with the channel ID obtained in the
+previous point.
+1. If the bot token and the chat ID are specified correctly, the message
+`test123` will be displayed in the Telegram channel.
+<!-- markdownlint-enable MD029 -->
+
+## Configure the honeypot
+
+- Stop the honeypot, if it is running.
+- Open the file `etc/honeypot.cfg` and uncomment the `[output_telegram]`
+section in it.
+- Set the variables `bot_token` and `chat_id` to the bot token and the channel
+ID that you have obtained in the previous sections.
+- Optionally, set the variable `delay` to something different than the default
+value of `2.0`. This is the delay, in seconds, between any two messages sent
+to the bot. Note that if this number is smaller than `1.0`, Telegram's rate
+limiting will cause it to return `429 Too many requests` errors.
+- Set the variable `enabled` to `true`.
+- Launch the honeypot.

pgsqlpot/data/etc/honeypot.cfg

@@ -0,0 +1,415 @@
+# DO NOT EDIT THIS FILE!
+# Changes to default files will be lost on update and are difficult to
+# manage and support.
+#
+# Please make any changes to system defaults by overriding them in
+# honeypot.cfg
+#
+# To override a specific setting, copy the name of the stanza and
+# setting to the file where you wish to override it.
+
+# ============================================================================
+# General Honeypot Options
+# ============================================================================
+[honeypot]
+
+# Sensor name is used to identify this honeypot instance. Used by the database
+# logging modules such as JSON.
+#
+# If not specified, the logging modules will instead use the host name of the
+# server as the sensor name.
+#
+# (default: the name of the local machine)
+#sensor_name = myhostname
+
+# MongoDB version to simulate. Default: 8.0.9
+#version = 8.0.9
+
+# Directory where to save log files in.
+# Log files are named <log_filename>.YYYY-MM-DD in that directory
+#
+# (default: log)
+log_path = log
+
+# Log file name
+#
+# (default: stdout)
+#log_filename =
+
+# ============================================================================
+# Network Specific Options
+# ============================================================================
+
+# Port to listen for incoming connections.
+#
+# (default: 27017)
+#listen_port = 27017
+
+# Site to query for one's public IP address
+#
+# (default: https://ident.me)
+#public_ip_url = https://ident.me
+
+# Enable to log the public IP of the honeypot (useful if listening on 127.0.0.1)
+# IP address is obtained by querying public_ip_url
+#
+# (default: false)
+#report_public_ip = false
+
+# A comma-separated list of networks, connection from whose IPs won't be logged
+#
+# (default: 127.0.0.1,192.168.0.0/16)
+#blacklist=127.0.0.1,192.168.0.0/16
+blacklist=
+
+
+# ============================================================================
+# Output Plugins
+# These provide an extensible mechanism to send audit log entries to third
+# parties. The audit entries contain information on clients connecting to
+# the honeypot.
+#
+# Output entries need to start with 'output_' and have the 'enabled' entry.
+# ============================================================================
+
+# CouchDB logging module
+#
+#[output_couch]
+#enabled = false
+#host = localhost
+#port = 5984
+#username = pgsqlpot
+#password = secret
+#database = pgsqlpot
+#geoip = true
+# Location of the databases used for geolocation
+#geoip_citydb = data/GeoLite2-City.mmdb
+#geoip_asndb = data/GeoLite2-ASN.mmdb
+
+# Datadog output module
+# sends JSON directly to Datadog
+# mandatory field: api_key
+# optional fields (fallback configured in module): ddsource, ddtags, service
+# For more information on fields https://docs.datadoghq.com/api/latest/logs/#send-logs
+#
+#[output_datadog]
+#enabled = false
+#url = https://http-intake.logs.datadoghq.com/api/v2/logs
+#api_key = abcdef1234567890fedcba0987654321
+#ddsource = pgsqlpot
+#ddtags = env:dev
+#service = honeypot
+# Host from which the logs are connected, default - current hostname
+#hostname = pandora.nlcv.bas.bg
+
+# Send output to a Discord webhook
+#
+#[output_discord]
+#enabled = false
+# Delay between messages (for rate limiting)
+#delay = 2.0
+#url = https://discord.com/api/webhooks/id/token
+
+# Elasticsearch logging module
+#
+#[output_elastic]
+#enabled = false
+#host = localhost
+#port = 9200
+#index = pgsqlpot
+#
+# set pipeline = geoip to map src_ip to
+# geo location data. You can use a custom
+# pipeline but you must ensure it exists
+# in elasticsearch.
+#
+#pipeline = geoip
+#
+# Authentication. When x-pack.security is enabled
+# in ES, default users have been created and requests
+# must be authenticated.
+#
+# Credentials
+#
+#username = pgsqlpot
+#password = secret
+#
+# TLS encryption. Communications between the client (pgsqlpot) 
+# and the ES server should naturally be protected by encryption
+# if requests are authenticated (to prevent from man-in-the-middle 
+# attacks). The following options are then paramount
+# if username and password are provided.
+#
+# use ssl/tls
+#ssl = true
+# verify SSL certificates
+#verify_certs = true
+# Path to trusted CA certs on disk
+#ca_certs = /path/to/cert/file/elastic_ca.crt
+
+# HPFeeds
+#
+# Note the lack of "s" at the end:
+#[output_hpfeed]
+#enabled = false
+#server = hpfeeds.mysite.org
+#tlscert = /path/to/tls/cert/file
+#port = 10000
+#identifier = abc123
+#secret = secret
+#channel = pgsqlpot
+
+# InfluxDB 2.0 logging module
+#
+#[output_influx2]
+#enabled = false
+#host = hostname
+#token = token
+#org = organization
+#bucket = pgsqlpot
+
+# JSON based logging module
+#
+[output_jsonlog]
+enabled = true
+logfile = log/pgsqlpot.json
+epoch_timestamp = true
+
+# Kafka logging module
+#
+#[output_kafka]
+#enabled = false
+#host = 127.0.0.1
+#port = 9092
+#topic = pgsqlpot
+#username =
+#password =
+#debug = false
+
+# MongoDB logging module
+#
+#[output_mongodb]
+#enabled = false
+#host = 127.0.0.1
+#username = pgsqlpot
+#password = secret
+#database = pgsqlpot
+# Note: .format(username, password, host) is done on the following string,
+#  so make sure that there are exactly 3 placeholders ({}) in it
+#connection_string = mongodb+srv://{}:{}@{}/?retryWrites=true&w=majority&appName=Cluster0
+# Whether to store geolocation data in the database
+#geoip = true
+# Location of the databases used for geolocation
+#geoip_citydb = data/GeoLite2-City.mmdb
+#geoip_asndb = data/GeoLite2-ASN.mmdb
+
+# MySQL logging module
+# Database structure for this module is supplied in docs/sql/mysql.sql
+#
+# MySQL logging requires extra software: sudo apt-get install libmysqlclient-dev
+# MySQL logging requires an extra Python module: pip install mysql-python
+#
+#[output_mysql]
+#enabled = false
+#host = localhost
+#database = pgsqlpot
+#username = pgsqlpot
+#password = secret
+#port = 3306
+#debug = false
+# Whether to store geolocation data in the database
+#geoip = true
+# Location of the databases used for geolocation
+#geoip_citydb = data/GeoLite2-City.mmdb
+#geoip_asndb = data/GeoLite2-ASN.mmdb
+
+# NLCV-BAS honeypot data aggregation API
+#
+#[output_nlcvapi]
+#enabled = false
+#host = https://api.nlcv.bas.bg/v1.0/honeypot
+# Whether to store geolocation data in the database
+#geoip = true
+# Location of the databases used for geolocation
+#geoip_citydb = data/GeoLite2-City.mmdb
+#geoip_asndb = data/GeoLite2-ASN.mmdb
+
+# PostgreSQL logging module
+#
+#[output_postgres]
+#enabled = false
+#host = hostname
+#username = pgsqlpot
+#password = secret
+#port = 5432
+#database = pgsqlpot
+#debug = false
+# Whether to store geolocation data in the database
+#geoip = true
+# Location of the databases used for geolocation
+#geoip_citydb = data/GeoLite2-City.mmdb
+#geoip_asndb = data/GeoLite2-ASN.mmdb
+
+# RedisDB logging module
+#
+#[output_redisdb]
+#enabled = false
+#debug = true
+#host = 127.0.0.1
+#port = 27017
+# DB of the redis server. Defaults to 0
+#db = 0
+# Password of the redis server. Defaults to None
+#password = secret
+# Name of the list to push to or the channel to publish to. Required
+#keyname = pgsqlpot
+# Method to use when sending data to redis.
+# Can be one of [lpush, rpush, publish]. Defaults to lpush
+#send_method = lpush
+
+# Rethinkdb output module
+#
+#[output_rethinkdblog]
+#enabled = false
+#host = 127.0.0.1
+#port = 28015
+#table = events
+#db = pgsqlpot
+#user = admin
+#password =
+
+# Slack logging module
+# This will produce a _lot_ of messages - you have been warned....
+#
+#[output_slack]
+#enabled = false
+#channel = channel_that_events_should_be_posted_in
+#token = slack_token_for_your_bot
+# Delay between messages (for rate limiting)
+#delay = 1.2
+
+# Socket logging module
+#
+#[output_socketlog]
+#enabled = false
+#address = 127.0.0.1:9000
+#timeout = 5
+
+# SQLite3 logging module
+#
+# Logging to SQLite3 database. To init the database, use the script
+# docs/sql/sqlite3.sql:
+#     sqlite3 <db_file> < docs/sql/sqlite3.sql
+#
+#[output_sqlite]
+#enabled = false
+#debug = false
+#db_file = data/pgsqlpot.db
+# Whether to store geolocation data in the database
+#geoip = true
+# Location of the databases used for geolocation
+#geoip_citydb = data/GeoLite2-City.mmdb
+#geoip_asndb = data/GeoLite2-ASN.mmdb
+
+# Local Syslog output module
+#
+# This sends log messages to the local syslog daemon.
+#
+#[output_localsyslog]
+#enabled = false
+# Facility can be:
+# KERN, USER, MAIL, DAEMON, AUTH, LPR, NEWS, UUCP, CRON, SYSLOG and LOCAL0 to LOCAL7.
+#
+# default: USER
+#facility = USER
+
+# Send message using Telegram bot
+# 1. Create a bot following https://core.telegram.org/bots#6-botfather to get token.
+# 2. Send message to your bot, then use https://api.telegram.org/bot{bot_token}/getUpdates to find chat_id.
+#
+#[output_telegram]
+#enabled = false
+#bot_token = 123456789:AbCDEfGhiJkLmnOpQRstUVWxYZ
+#chat_id = 987654321
+# Delay between messages (for rate limiting)
+#delay = 2.0
+
+# Text output
+# This writes audit log entries to a text file
+#
+#[output_textlog]
+#enabled = false
+#logfile = log/pgsqlpot.txt
+
+# XMPP logging module
+#
+#[output_xmpp]
+#enabled=false
+#server = conference.pgsqlpot.local
+#user = pgsqlpot@pgsqlpot.local
+#password = secret
+#muc = hacker_room
+
+
+# TODO:
+
+# Send login attemp information to SANS DShield
+# See https://isc.sans.edu/ssh.html
+# You must signup for an api key.
+# Once registered, find your details at: https://isc.sans.edu/myaccount.html
+#
+#[output_dshield]
+#enabled = false
+#userid = userid_here
+#auth_key = auth_key_here
+#batch_size = 100
+
+# Graylog logging module for GELF http input
+#
+#[output_graylog]
+#enabled = false
+#url = http://graylog.example.com:122011/gelf
+
+# InfluxDB logging module
+#
+#[output_influx]
+#enabled = false
+#host = 127.0.0.1
+#port = 8086
+#database_name = pgsqlpot
+#retention_policy_duration = 30d
+
+# Oracle Cloud custom logs output module
+# sends JSON directly to Oracle Cloud custom logs
+# mandatory field: authtype, log_ocid
+# optional fields (to be set if user_principals is selected as authtype): user_ocid, fingerprint, tenancy_ocid, region, keyfile
+# For more information on Oracle Cloud custom logs: https://docs.oracle.com/en-us/iaas/Content/Logging/Concepts/custom_logs.htm
+# For more information on Oracle Cloud user principal authentication method: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/apisigningkey.htm#five
+# For more information on Oracle Cloud instance principal authentication method: https://blogs.oracle.com/developers/post/accessing-the-oracle-cloud-infrastructure-api-using-instance-principals
+#
+#[output_oraclecloud]
+#enabled = false
+# authtype must be set either to user_principals or to instance_principals
+#authtype = instance_principals
+# following parameters must be set in case user_principals is used. keyfile is the absolute path to your API pem key file.
+#log_ocid = ocid1.log.oc1.eu-stockholm-1.xxx
+#user_ocid = ocid1.user.oc1..xxx
+#fingerprint = 77:9c:4xxxxx
+#tenancy_ocid = ocid1.tenancy.oc1..xxx
+#region = eu-stockholm-1
+#keyfile = /home/xx/key.pem
+
+# Splunk HTTP Event Collector (HEC) output module
+# sends JSON directly to Splunk over HTTP or HTTPS
+# Use 'https' if your HEC is encrypted, else 'http'
+# mandatory fields: url, token
+# optional fields: index, source, sourcetype, host
+#
+#[output_splunk]
+#enabled = false
+#url = https://localhost:8088/services/collector/event
+#token = 6A0EA6C6-8006-4E39-FC44-C35FF6E561A8
+#index = pgsqlpot
+#sourcetype = pgsqlpot
+#source = pgsqlpot
+