2019-10-24 02:20:38 +02:00
|
|
|
# https://github.com/suzuki-shunsuke/go-graylog/tree/master/terraform
|
2019-12-20 05:54:26 +01:00
|
|
|
{ pgks, lib, ... }: {
|
2019-10-24 02:20:38 +02:00
|
|
|
|
|
|
|
imports = [
|
|
|
|
./modules
|
|
|
|
./config/elasticsearch.nix
|
|
|
|
./config/gogs.nix
|
|
|
|
./config/home-assistant.nix
|
|
|
|
./config/kernel.nix
|
|
|
|
#./config/nginx.nix
|
|
|
|
./config/sshd.nix
|
|
|
|
./config/sslh.nix
|
|
|
|
./config/sshguard.nix
|
|
|
|
./config/tinc.nix
|
|
|
|
];
|
|
|
|
|
|
|
|
# ---- [ default ]
|
|
|
|
|
|
|
|
data."graylog_index_set".default.index_prefix = "graylog";
|
|
|
|
|
|
|
|
# ---- [ junk ]
|
|
|
|
|
|
|
|
resource."graylog_index_set".junk = {
|
|
|
|
title = "junk index";
|
|
|
|
index_prefix = "trash";
|
|
|
|
|
|
|
|
# https://godoc.org/github.com/suzuki-shunsuke/go-graylog#pkg-constants
|
2019-12-20 05:54:26 +01:00
|
|
|
rotation_strategy_class =
|
|
|
|
"org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategy";
|
2019-10-24 02:20:38 +02:00
|
|
|
rotation_strategy = {
|
2019-12-20 05:54:26 +01:00
|
|
|
type =
|
|
|
|
"org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategyConfig";
|
2019-10-24 02:20:38 +02:00
|
|
|
max_size = 1024 * 1024 * 10;
|
|
|
|
};
|
|
|
|
|
2019-12-20 05:54:26 +01:00
|
|
|
retention_strategy_class =
|
|
|
|
"org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy";
|
2019-10-24 02:20:38 +02:00
|
|
|
retention_strategy = {
|
2019-12-20 05:54:26 +01:00
|
|
|
type =
|
|
|
|
"org.graylog2.indexer.retention.strategies.DeletionRetentionStrategyConfig";
|
|
|
|
max_number_of_indices = 10;
|
2019-10-24 02:20:38 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
index_analyzer = "standard";
|
|
|
|
shards = 1;
|
|
|
|
index_optimization_max_num_segments = 1;
|
|
|
|
field_type_refresh_interval = 10000;
|
|
|
|
writable = "true";
|
|
|
|
};
|
|
|
|
|
2019-12-20 05:54:26 +01:00
|
|
|
graylog.stream.junk = { index_set_id = "\${graylog_index_set.junk.id}"; };
|
2019-10-24 02:20:38 +02:00
|
|
|
|
|
|
|
# ---- [ thread ]
|
|
|
|
|
|
|
|
resource."graylog_index_set".thread = {
|
|
|
|
title = "thread";
|
|
|
|
index_prefix = "thread";
|
|
|
|
|
|
|
|
# https://godoc.org/github.com/suzuki-shunsuke/go-graylog#pkg-constants
|
2019-12-20 05:54:26 +01:00
|
|
|
rotation_strategy_class =
|
|
|
|
"org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategy";
|
2019-10-24 02:20:38 +02:00
|
|
|
rotation_strategy = {
|
2019-12-20 05:54:26 +01:00
|
|
|
type =
|
|
|
|
"org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategyConfig";
|
2019-10-24 02:20:38 +02:00
|
|
|
max_size = 1024 * 1024 * 10;
|
|
|
|
};
|
|
|
|
|
2019-12-20 05:54:26 +01:00
|
|
|
retention_strategy_class =
|
|
|
|
"org.graylog2.indexer.retention.strategies.DeletionRetentionStrategy";
|
2019-10-24 02:20:38 +02:00
|
|
|
retention_strategy = {
|
2019-12-20 05:54:26 +01:00
|
|
|
type =
|
|
|
|
"org.graylog2.indexer.retention.strategies.DeletionRetentionStrategyConfig";
|
|
|
|
max_number_of_indices = 20;
|
2019-10-24 02:20:38 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
index_analyzer = "standard";
|
|
|
|
shards = 1;
|
|
|
|
index_optimization_max_num_segments = 1;
|
|
|
|
field_type_refresh_interval = 10000;
|
|
|
|
writable = "true";
|
|
|
|
};
|
|
|
|
|
|
|
|
graylog.stream.thread = {
|
|
|
|
index_set_id = "\${graylog_index_set.thread.id}";
|
|
|
|
#pipelines = [ "\${graylog_pipeline.processThreads.id}" ];
|
|
|
|
};
|
|
|
|
|
|
|
|
#resource."graylog_stream_rule"."is_thread" = {
|
|
|
|
# field = "is_thread";
|
|
|
|
# value = "true";
|
|
|
|
# stream_id = "\${graylog_stream.thread.id}";
|
|
|
|
# description = "route everything that is a thread";
|
|
|
|
# #type = 0;
|
|
|
|
# #inverted = false;
|
|
|
|
#};
|
|
|
|
|
|
|
|
# not necessary because we have a geoip resolver
|
|
|
|
|
|
|
|
#graylog.pipeline.processThreads = {
|
|
|
|
# source = ''
|
|
|
|
# stage 0 match all
|
|
|
|
# rule "extract source_ip position";
|
|
|
|
# '';
|
|
|
|
# description = "process messages of the thread stream(TF)";
|
|
|
|
#};
|
|
|
|
|
|
|
|
#resource."graylog_pipeline_rule".extractSourceIpPosition = {
|
|
|
|
# description = "";
|
|
|
|
# source = ''
|
|
|
|
# rule "extract source_ip position"
|
|
|
|
# when
|
|
|
|
# has_field("source_ip")
|
|
|
|
# then
|
|
|
|
# let geo = lookup("geo_city_lookup", to_string($message.source_ip));
|
|
|
|
# set_field("ip_geolocation", geo["coordinates"]);
|
|
|
|
# set_field("ip_geo_country_code", geo["country"].iso_code);
|
|
|
|
# set_field("ip_geo_country_name", geo["country"].names.en);
|
|
|
|
# set_field("ip_geo_city_name", geo["city"].names.en);
|
|
|
|
# end
|
|
|
|
# '';
|
|
|
|
#};
|
|
|
|
|
|
|
|
#resource."graylog_pipeline_rule".extractRemoteIpPosition = {
|
|
|
|
# description = "";
|
|
|
|
# source = ''
|
|
|
|
# rule "extract remote_addr position"
|
|
|
|
# when
|
|
|
|
# has_field("remote_addr")
|
|
|
|
# then
|
|
|
|
# let geo = lookup("geo_city_lookup", to_string($message.remote_addr));
|
|
|
|
# set_field("ip_geolocation", geo["coordinates"]);
|
|
|
|
# set_field("ip_geo_country_code", geo["country"].iso_code);
|
|
|
|
# set_field("ip_geo_country_name", geo["country"].names.en);
|
|
|
|
# set_field("ip_geo_city_name", geo["city"].names.en);
|
|
|
|
# end
|
|
|
|
# '';
|
|
|
|
#};
|
|
|
|
|
|
|
|
#graylog.all_messages.rules = [ "extract remote_addr position" ];
|
|
|
|
|
|
|
|
}
|
|
|
|
|