use graylog for journald logs

2021-07-14 13:09:08 +02:00 · 2021-07-14 13:09:08 +02:00 · c2ec6804de
parent a2002e5b2b
commit c2ec6804de
4 changed files with 29 additions and 5 deletions
--- a/terranix/graylog/config.nix
+++ b/terranix/graylog/config.nix
@ -1,6 +1,10 @@
 with builtins; {

-  imports = [ ./provider.nix ./nginx.nix ./journald.nix ];
+  imports = [
+    ./provider.nix
+    #./nginx.nix
+    ./journald.nix
+  ];

  resource.graylog_output.stdout = {
    title = "test stdout";
--- a/terranix/graylog/journald.nix
+++ b/terranix/graylog/journald.nix
@ -1,26 +1,45 @@
 with builtins; {

+  #data.graylog_index_set.default.index_prefix = "graylog";
+
  resource = {

    graylog_input.journald = {
-      title = "test journald";
+      title = "Journald Logs";
      # https://javadoc.io/doc/org.graylog2/graylog2-inputs/latest/index.html
      type = "org.graylog2.inputs.gelf.udp.GELFUDPInput";
      global = true;
      attributes = toJSON ({
        bind_address = "0.0.0.0";
        decompress_size_limit = 8388608;
-        number_worker_threads = 2;
-        port = 12211; # todo
+        number_worker_threads = 4;
+        port = 11201;
        recv_buffer_size = 262144;
      });
    };

    # todo create stream
+    graylog_stream.journald = {
+      title = "journald";
+      description = "journald processing stream";
+      #index_set_id = "\${data.graylog_index_set.default.id}";
+      index_set_id = "\${graylog_index_set.default.id}";
+      disabled = false;
+      matching_type = "AND";
+    };
+
+    graylog_stream_rule.journald = {
+      field = "from_journald";
+      value = true;
+      stream_id = "\${graylog_stream.journald.id}";
+      #description = "";
+      type = 1;
+      inverted = false;
+    };

    graylog_input_static_fields.journald = {
      input_id = "\${graylog_input.journald.id}";
-      fields = { from_systemd = true; };
+      fields = { from_journald = true; };
    };

    graylog_pipeline.systemd_loglevel_fix.source = ''
--- a/terranix/graylog/shell.nix
+++ b/terranix/graylog/shell.nix
@ -4,6 +4,7 @@ let pass_access_token_path = "development/graylog/access_token";
 in pkgs.mkShell {

  buildInputs = with pkgs; [
+    git-crypt
    terranix
    (writers.writeBashBin "terraform" ''
      export GRAYLOG_AUTH_NAME=`${pkgs.pass}/bin/pass show ${pass_access_token_path}`
--- a/terranix/graylog/terraform.tfstate
+++ b/terranix/graylog/terraform.tfstate