# PowerDMARC Integration This document outlines the steps for integrating PowerDMARC with BluSapphire Log collection platform. ## #Pre-requisites: Before proceeding, request the following details from your client: • API Address: The URL for Power DMARC's API endpoint. • API Key/Token: The authentication token required to access the Power DMARC API. **Verify the data using CURL command** curl -X GET \-H 'Authorization: Token \' ## #Backend Configuration: 1. **Pipeline Configuration** a. Edit the pipelines.yml file located at /opt/lc/conf/collector/gateway-client/pipelines.yml. b. Add the following configuration snippet to define a new pipeline named proxy-mail-powerdmarc: **YAML** * pipeline.id: proxy-mail-powerdmarc pipeline.workers: 4 # Number of worker threads for the pipeline (default: 1) pipeline.batch.size: 300 # Number of events processed per batch (default: 100) pipeline.batch.delay: 50 # Delay (in milliseconds) between batches (default: 10) path.config: "/opt/lc/pipelines/processors/proxy/mail/powerdmarc/\*.conf" # Path to processor configuration files 2. **Input Configuration** a. Navigate to the directory containing processor configurations: cd /opt/lc/pipelines/processors/proxy/mail b. Copy an existing processor directory (e.g., \) and rename it to powerdmarc: cp -r \ powerdmarc cd powerdmarc c. Rename the file 01-input-tcp.conf to 01-input-http.conf as Power DMARC uses an HTTP API. d. Edit 01-input-http.conf with the following content, replacing placeholders with the obtained client details: input { http\_poller { urls => { power\_dmarc=> { method => get url => "${POWER\_API\_URL}" headers => { "Authorization" => "${POWER\_AUTH\_TOKEN}" } } } request\_timeout => 60 schedule => { cron => "\* \* \* \* \* UTC"} codec => "json" } } **3. Filter Configuration** Edit the file 02-metadata-filter.conf with the following content: filter { mutate { add\_field => { "\[@metadata]\[debug]" => "${DEBUG\_PROXY\_MAIL\_POWERDMARC:False}" } } mutate { add\_field => { "\[@metadata]\[prefix\_path]" => "${PREFIX\_PATH:logs}" } } mutate { add\_field => { "\[@metadata]\[log\_type]" => "${LOG\_PROXY\_MAIL\_POWERDMARC:proxy-mail-powerdmarc}" } } mutate { add\_field => { "\[@metadata]\[client\_id]" => "${CLIENT\_ID}" } } mutate { add\_field => { "\[@metadata]\[sensor\_id]" => "${SENSOR\_ID}" } } } 4. **Blucluster Configuration** a. Edit the main configuration file /opt/lc/conf/blucluster.conf. b. Set the following environment variables: • DEBUG\_PROXY\_MAIL\_POWERDMARC=False (or desired value) • LOG\_PROXY\_MAIL\_POWERDMARC=proxy-mail-powerdmarc c. Add the following section under a designated area (e.g., PowerDMARC configuration): \#PowerDMARC configuration ``` POWER_API_URL="https://cn.powerdmarc.com/api/v1/audit-logs" POWER_AUTH_TOKEN="Bearer " ``` **Important**: Replace POWER\_API\_URL and POWER\_AUTH\_TOKEN with the values obtained from the client. **5. Restart Service Restart the Log collector service:** sudo systemctl restart blu\_gc.service 6. Verification • Check the temporary directory (/optllc/te --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.blusapphire.io/log-forwarding/03_log-forwarding-guide/log-forward/powerdmarc/powerdmarc-integration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.