Printers

Configure output destinations for detection events. Printers determine where security events are sent.

Configuration

printers:
  - stdout     # Standard output
  - varlog     # File output
  # - void     # Discard (testing only)
  # - garnet   # Garnet cloud platform

printer_options:
  stdout:
    # Pretty-printed JSON format (default).
    raw: false
  varlog:
    # Raw JSON format (for log collectors).
    raw: true
    # Output file path.
    file: /var/log/jibril.out
  garnet:
    # Error logging rate limit.
    error_log_rate: 2m

stdout Printer

Prints events to standard output (captured by docker/systemd).

printers:
  - stdout

printer_options:
  stdout:
    # Pretty-printed JSON format (default).
    raw: false

Use cases

• Docker containers
• Systemd services
• Container orchestration platforms (Kubernetes)
• Log aggregation systems (ELK, Splunk)

varlog Printer

Writes events to a file on disk.

printers:
  - varlog

printer_options:
  varlog:
    # Raw JSON format (for log collectors).
    raw: true
    # Output file path.
    file: /var/log/jibril.out

Use cases

• Persistent logging
• File-based log collectors
• Custom log rotation
• Offline analysis

File permissions

Ensure Jibril has write permissions to the output directory:

# Create log directory
sudo mkdir -p /var/log

# Set permissions (if running as jibril user)
sudo touch /var/log/jibril.out
sudo chown jibril:jibril /var/log/jibril.out

Log rotation

Configure logrotate to manage file size:

# /etc/logrotate.d/jibril
/var/log/jibril.out {
    daily
    rotate 7
    compress
    delaycompress
    missingok
    notifempty
    create 0644 jibril jibril
}

void Printer

Discards all events. Used for testing only.

Configuration

printers:
  - void

Use cases

• Full execution path testing
• Configuration validation
• Feature testing without output

garnet Printer

Sends security events to Garnet Dashboard for centralized monitoring and analysis.

printers:
  - garnet

printer_options:
  garnet:
    # Error logging rate limit.
    error_log_rate: 2m

Requirements

• Valid Garnet API configuration
• Network connectivity to Garnet API
• Project with dashboard access

Use cases

• Centralized security monitoring
• Threat intelligence correlation
• Compliance reporting
• Multi-agent deployments

Dashboard features

• Real-time event streaming and visualization
• Advanced search and filtering capabilities
• Security analytics and trend analysis
• Alert management and notifications
• AI-powered threat analysis

API Token vs Garnet Printer

• API Token - Agent registration and authentication
• Garnet Printer - Event forwarding to Garnet dashboard

The API token is always needed for agent registration and authentication. Garnet printer is not mandatory, unless events need to be forwarded to the Garnet dashboard.

Warning: Do not use in production. Events will be lost.

Multiple Printers

You can enable multiple printers simultaneously:

printers:
  - stdout
  - varlog
  - garnet

printer_options:
  stdout:
    raw: false
  varlog:
    raw: true
    file: /var/log/jibril.out
  garnet:
    error_log_rate: 2m

Common combinations:

Local + Cloud:

printers:
  - stdout     # For local monitoring
  - garnet     # For centralized dashboard

File + Cloud:

printers:
  - varlog     # For local persistence
  - garnet     # For centralized analysis

All outputs:

printers:
  - stdout     # For container logs
  - varlog     # For file-based logging
  - garnet     # For dashboard