Skip to content

Instantly share code, notes, and snippets.

@justintime
Created March 12, 2018 19:56
Show Gist options
  • Save justintime/dd1c500d3a959fe3b6911c2edf0a4364 to your computer and use it in GitHub Desktop.
Save justintime/dd1c500d3a959fe3b6911c2edf0a4364 to your computer and use it in GitHub Desktop.
CrowdStrike Falcon SIEM Collector systemd service
[Unit]
Description=CrowdStrike Falcon Host SIEM Connector
ConditionPathExists=/opt/crowdstrike/etc/cs.falconhoseclient.cfg
[Service]
User=daemon
UMask=022
LimitNOFILE=10000
TimeoutStopSec=90
WorkingDirectory=/opt/crowdstrike/bin
Environment="LOGGER_NAME=FALCON-SIEM-CONNECTOR"
Restart=on-failure
RestartSec=5
StartLimitInterval=60
StartLimitBurst=5
StartLimitAction=none
StandardOutput=null
StandardError=null
ExecStart=/opt/crowdstrike/bin/cs.falconhoseclient -nodaemon -config=/opt/crowdstrike/etc/cs.falconhoseclient.cfg 2>&1 | logger -t FALCON-SIEM-CONNECTOR[WARN] -i
[Install]
WantedBy=multi-user.target
@justintime
Copy link
Author

Drop this file in /etc/systemd/system/.

To start it:

systemctl start cs.falconhoseclientd

To check the status of it:

systemctl status cs.falconhoseclientd

To enable it to start automatically at each boot:

systemctl enable  cs.falconhoseclientd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment