LogCraft Manual

Appearance

Network Configuration

Network Binding

By default, LogCraft listens on all network interfaces of the server (0.0.0.0) and uses TCP port 443.

These settings can be adjusted to match your environment by editing LOGCRAFT_HOME/etc/logcraft.conf

toml
[listen]
address = "0.0.0.0"
port = 443

After making changes, restart LogCraft:

bash
systemctl restart logcraft

netstat -atnp

To verify the address and port on which LogCraft is listening, run:

netstat -atnp | grep -i logcraft

Note: the netstat utility is usually provided by the package net-tools.

Proxy

LogCraft communicates with remote security systems through their REST APIs over HTTP/HTTPS. If your environment requires an HTTP/S proxy, follow the steps below.

Configure a Proxy

To enable proxy support, define the proxy settings in LOGCRAFT_HOME/etc/logcraft.conf

toml
[proxy]
http = "http://proxy.mycorp.local:3128"
https = "http://proxy.mycorp.local:3128"

With this configuration, all outgoing HTTP and HTTPS requests from LogCraft are routed through proxy.mycorp.local.

No Proxy Exceptions

In some cases, certain destinations should bypass the proxy. Use the no_proxy directive to specify exceptions:

toml
[proxy]
http = "http://proxy.mycorp.local:3128"
https = "http://proxy.mycorp.local:3128"
# Optional: per-domain bypass list (comma-separated)
no_proxy = ["localhost", "127.0.0.1", ".mycorp.local"]

In the preceding example, requests to localhost, 127.0.0.1, or any host ending with .mycorp.local are made directly, while all others pass through the proxy.

Proxy Authentication

In some environments, the proxy requires authentication.

First, request a dedicated service account for LogCraft from your network team to ensure requests are performed as the LogCraft service, not as an individual user.

For example, if the proxy credentials are svclgc:drowssap-terces, store the password securely in a dedicated file:

bash
% echo "drowssap-terces" > /opt/logcraft/etc/proxy_password

Restrict file access to the LogCraft service account:

bash
chmod 400 /opt/logcraft/etc/proxy_password

If the previous operations were made as root, change the ownership of the password file:

bash
chown logcraft:logcraft /opt/logcraft/etc/proxy_password

Then update LOGCRAFT_HOME/etc/logcraft.conf to reference the credentials:

toml
[proxy]
http = "http://proxy.mycorp.local:3128"
https = "http://proxy.mycorp.local:3128"

# If auth is required, use a separate secret file:
username = "svclgc"
password_file = "/opt/logcraft/etc/proxy_password"

Finally, restart LogCraft:

bash
systemctl restart logcraft
Validate Proxy with cURL

To verify connectivity through the proxy before restarting LogCraft, you can test with curl:

bash
curl -v --proxy http://proxy.mycorp.local:3128 https://example.com

If authentication is required, test with:

bash
curl -v --proxy-user "svclgc:drowssap-terces" --proxy http://proxy.mycorp.local:3128 https://example.com

This helps confirm that the proxy is reachable and the credentials are valid.

Copyright © 2023-present LogCraft, SAS