diff --git a/terranix/graylog/nginx.nix b/terranix/graylog/nginx.nix index 7b180c9..45adfd5 100644 --- a/terranix/graylog/nginx.nix +++ b/terranix/graylog/nginx.nix @@ -62,5 +62,59 @@ with builtins; { }; + graylog_stream = { + nginx5xx = { + title = "nginx 5xx"; + description = "all requests answered with a 5xx response"; + index_set_id = "\${graylog_index_set.default.id}"; + disabled = false; + matching_type = "AND"; + }; + nginx4xx = { + title = "nginx 4xx"; + description = "all requests answered with a 4xx response"; + index_set_id = "\${graylog_index_set.default.id}"; + disabled = false; + matching_type = "AND"; + }; + nginx2xx = { + title = "nginx 2xx"; + description = "all requests answered with a 2xx response"; + index_set_id = "\${graylog_index_set.default.id}"; + disabled = false; + matching_type = "AND"; + }; + }; + + graylog_stream_rule = let + nq_stream_rule = field: value: stream_id: { + inherit field value stream_id; + type = 1; + inverted = true; + }; + eq_stream_rule = field: value: stream_id: { + inherit field value stream_id; + type = 1; + inverted = false; + }; + gt_stream_rule = field: value: stream_id: { + inherit field value stream_id; + type = 3; + inverted = false; + }; + lt_stream_rule = field: value: stream_id: { + inherit field value stream_id; + type = 4; + inverted = false; + }; + between = min: max: stream_id: { + "is_nginx_${min}_${max}" = (eq_stream_rule "from_nginx" true stream_id); + "nginx_above${min}" = (gt_stream_rule "response_status" min stream_id); + "nginx_below${max}" = (lt_stream_rule "response_status" max stream_id); + }; + in (between "499" "600" "\${graylog_stream.nginx5xx.id}") + // (between "399" "500" "\${graylog_stream.nginx4xx.id}") + // (between "199" "300" "\${graylog_stream.nginx2xx.id}"); + }; } diff --git a/terranix/graylog/terraform.tfstate b/terranix/graylog/terraform.tfstate index 91f7397..39445fb 100644 Binary files a/terranix/graylog/terraform.tfstate and b/terranix/graylog/terraform.tfstate differ