From c2ec6804de62506ede6eef1d3476a72d8b98c5c2 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Wed, 14 Jul 2021 13:09:08 +0200 Subject: [PATCH] use graylog for journald logs --- terranix/graylog/config.nix | 6 +++++- terranix/graylog/journald.nix | 27 +++++++++++++++++++++++---- terranix/graylog/shell.nix | 1 + terranix/graylog/terraform.tfstate | Bin 179 -> 7533 bytes 4 files changed, 29 insertions(+), 5 deletions(-) diff --git a/terranix/graylog/config.nix b/terranix/graylog/config.nix index cb9746f..c6141cd 100644 --- a/terranix/graylog/config.nix +++ b/terranix/graylog/config.nix @@ -1,6 +1,10 @@ with builtins; { - imports = [ ./provider.nix ./nginx.nix ./journald.nix ]; + imports = [ + ./provider.nix + #./nginx.nix + ./journald.nix + ]; resource.graylog_output.stdout = { title = "test stdout"; diff --git a/terranix/graylog/journald.nix b/terranix/graylog/journald.nix index fed4d68..17670a2 100644 --- a/terranix/graylog/journald.nix +++ b/terranix/graylog/journald.nix @@ -1,26 +1,45 @@ with builtins; { + #data.graylog_index_set.default.index_prefix = "graylog"; + resource = { graylog_input.journald = { - title = "test journald"; + title = "Journald Logs"; # https://javadoc.io/doc/org.graylog2/graylog2-inputs/latest/index.html type = "org.graylog2.inputs.gelf.udp.GELFUDPInput"; global = true; attributes = toJSON ({ bind_address = "0.0.0.0"; decompress_size_limit = 8388608; - number_worker_threads = 2; - port = 12211; # todo + number_worker_threads = 4; + port = 11201; recv_buffer_size = 262144; }); }; # todo create stream + graylog_stream.journald = { + title = "journald"; + description = "journald processing stream"; + #index_set_id = "\${data.graylog_index_set.default.id}"; + index_set_id = "\${graylog_index_set.default.id}"; + disabled = false; + matching_type = "AND"; + }; + + graylog_stream_rule.journald = { + field = "from_journald"; + value = true; + stream_id = "\${graylog_stream.journald.id}"; + #description = ""; + type = 1; + inverted = false; + }; graylog_input_static_fields.journald = { input_id = "\${graylog_input.journald.id}"; - fields = { from_systemd = true; }; + fields = { from_journald = true; }; }; graylog_pipeline.systemd_loglevel_fix.source = '' diff --git a/terranix/graylog/shell.nix b/terranix/graylog/shell.nix index 6f20869..0f9857f 100644 --- a/terranix/graylog/shell.nix +++ b/terranix/graylog/shell.nix @@ -4,6 +4,7 @@ let pass_access_token_path = "development/graylog/access_token"; in pkgs.mkShell { buildInputs = with pkgs; [ + git-crypt terranix (writers.writeBashBin "terraform" '' export GRAYLOG_AUTH_NAME=`${pkgs.pass}/bin/pass show ${pass_access_token_path}` diff --git a/terranix/graylog/terraform.tfstate b/terranix/graylog/terraform.tfstate index 32949ba94cd4c1e9e2c287b5953b34529812d710..51b6ee46ff089b6dc9ef6a136a722f6053b30988 100644 GIT binary patch literal 7533 zcmV-z9g^YzM@dveQdv+`03>WM`nc%ur0B;6b`vXRWQ2Rna7_-hf@BAV0%lLlV}`Hx zoyg@lbVfj3D@a@CiMvOCGR3VWCsU^Kdj77eHj+cV;~|px+hKk8gJ0FQnBxX;lXiRf;^HOzbPSv<&m-&f&&>GP!1 zAET^sep%}LIw<-~S6fn9JX4yrz()#Q^77vD!+|bDE5UV+!0dvHrEf4Gru*Np-(c$^iIXb@ zol;&1gpIPQi2y1T>_kaZe?|6|xRy0oPl1!$Z=)ln6@CI7K6Ck{8~ehBi}YK0X6ZC1 zb9t|z#qht~7RK0i*-;cR1Fi9}UFAOO6mMqF&gKos;mpB<>)2z`V<;BNtxe)Q%>cwF zaS}U{z_yQt1341@j_FBi_oJr<3F_|RyW{)<+uhIQxsF`uVv^`<8_%n++fg7|a(X#2@hUDG!p{4N;gc)bXwI1z(#<9oHh z+gRbWIFS1+1vc@<+qWp*3tc9Cag@1+IGbN)C8Y}27w6Z zYDEA4u$9-hv8vwwZ5Ieb;|j!RkXNy8AKKw%(Xh2Wcu0TvjxV%9Pq;~t_+>2PX<`=U zE@jBY-}T**k@M+sr4nK(H;#kfn70IfCWuJ%`S$_{iBXIoyW5hBj~SptlpyKehWtMo zpg@_%8)T%rq}RO}_sqd#uKf#*N}P<{nT_M0?(%J-GD_5Ov)sTPsLcMyJqN2ptq+t> z4lxa}q)h=!0w8R&{$>n9J8O~vEcBtN=EXy%%A+t_yd2ltBEh18cq8ExOO$E^Hh;e;+fW4* zJ5`f9@%iZ%Scm0zYS#TpbB20vwgOobI+15<)Pw{Z_7-Z@qh4!Vk)!}D6_a4Ajc9#D zT+zQTi>gRIDKvV-`+jx719x;4uho zPs9<+xpMoK&7_#!k}FCi-N6|L<#?poU*pcIe=H|F`^WHcHxhexSK{#CXKev?Pa_Te zW<;2ypxg6ZKJ$Asa`dX5pfSM?TcbHHky3$)6X~r&P45aG_K;%=W>iiv6Jy zjrN!=7C;STr(1i|F^;mQLr1B$+e9XKS%A(VNf?c+6GU?M9-dGPxC^5}LdqRdBy+z%M>740vK>d3QlWtuZ5vN1)-8CWw${sZT;1wYnZDCy z4D|Qxff`|$qI$OB+5HrMT6m%#=we-~o*#;oKe8PrH(0z>zFy!?A6L6=r>_P~H$ksZ z-#ux?+E0F?sIN@&;2tjw|Ksf6BEK*Hhvod*Ba`jCD#3TZr;Zsc6+60XA^w`rTdq+9 zQCW9KBk(iJQXoK=7GL@!hJiN;YMHkEHRLA}UyUxxy9%)oe=kEx^8CK?OWS5qTr01$ zoJ@8Yf(yV<=44h5`C|Gn7;2E%O!elolYmKtCv(k>W5{NtuD+Ljpol%`lNAIZ?H2cK znvjs_pZH%xC<_m*kQ&rRQRqO&7x`SZnVZ!SVAkR#eXxH?r3 zeOC#Lr@Kv%Vw8y{ks^lpSpt9oMq?n+R4V$3(hD><>dNq7$10s8RF4xN_P1dWNX8!C zU}{03e%<8{LgZCU&lmX>p*2<{Ix2Sko&BW59v>>5ia`(k&sYD3)ncpFS}BLBsZ@!d8*VgjATDNIWZYSXVyC47^Aiy z7Dw^MfQ^z(N$YoBeR$So5QI_T6*?l8K|pP@;z^0e{)7&0nGK=9&I;kDrbfhdJne=lH@PbA2Z8rwq0`|Mff8Mv7 zc(kU@{`2%IZD$Htx%KobSe2zk6Bf!cw>abNBiv*pHlvQySORxx)}{ldsFwd@g4wa#id- zPYqi+C_19dn4wi?kUowJz+`X(7|*9%^$|EMg|&Xf7rfQBSF-IbAD)d==axtJ3eiH| zf&8;*wm^zPbGo`!lf%S6=AXnq=slmX)&ze7%$QhqOvNdum9ng>kc)JXq1vXG{@MBN z2V4uwBwM=&=*EpWD-GLff~G8GmU;)eGM`0*?5Ih=TN$~b#^`p;qzRBh{>oD-i)y)V z@JmSz+^k9#Ag@JpT;l%<@PyirhHqtt)#_(+G}tQ zVP6)1;6a>o;Uyk@G*vr&xX%?x<{^i!jiT}4NR?ORx%1e}BFrGUDc=uV!rOJ#2c1Is zpe;5fAg#Aa0Q^)}ZKY(S7$B{Xbc7&~_5$yI0(rh|WPM`^;ICvL!4!Ey$Gi2vji|5U zAh-;KI-Xdv`$q^a@vqKYG%-T=Ug`ueVz5(al$DFrOqet43J>>*tBWkNKzZd*)I=jz{!t&bR{MXH;QEo zI3-Wo*$GxIg`Qd){)N6M_u^p_O;X?C;hr<~iY_%D{n_ON)<7e_aY_jsA%;>425r-R zLa%k9{YU*h@Mf^>jVFIm8=1jQL4*X7&Gz?J5H5UDq%-xK>B6P5$5~O`;6z#D`*2)q zo%FpO{O%lzb!D9Z-=B8E;TWeQ!tjzZvkl$Fve%1E{i!g-jo-Oy%+Co!1E z=*TEQGx4%_JQ_foZF^BlXuG9gs$UzYwQ3mRTD;dr z{+h9u<~Cs%hylchc--c|%Wlna>q5`7RAlI24dsO$>U zbk~MfpT407t4?x)kz<>AMHzlM>K*!U7Hni%>#}@b?FlLCVEz_-K?m{xrr4oTRIWDy zRBwmcGVzx71xKs#Iss2h<>z4sEl8c7n%@Q_dm}IA?%{H?RY*!n)JySHG!Iw&Q#IjVO1Z{_JIctXk-Fe#c$tplpiQ~ z!1*GD>WWxMD1Qoe41jp$n6f1 zWj_Uj$gVe)2a0F0GaF1~o0-e!DkXqpp`Sgo^sAik*>+bgWXe!1-3-iz=%aqO<_!Vv zpoWwA5|C|;1tr~xr)j%IPiuiMF51kk!A>Fzc4BsnAk+OMwH^z@MGu40lzQ~?@Z@xA zSr9P+(WD{P|7V~FTkNHi;y0&Zvq0=hs^PuTZ)vu$ACe4V|II&!ljg8eZvdaOTxn? zUF~c-Z~$07Xs;-|LT=7L2Ld80BBt3igY}%a!-~Q?lZJa+cCjfXQVs=&u0*GQ+*UJ; z|Hix#3-!zgTluaV)!8F%==vyy;%9=-*jSYHC5xG&mX8k+Jc#~9Ip$}OhZ!mvlo+E* zT9Q#=NEFkxt{4ysxlF6cI2bU~HShFro&jWC+Ifm{tA!4a{}tNUFy1Ax0Rym^&{Ssb zoFGne1rh=DkYl}vb(a9#B@9-V56I+QaBs9cDBNPq3Poxt1qV-2YI~@Tr#HbT_a4c? zRH@0HB^sY!h&!ciJ2(FJoxUZwR@3x(H?8p}T9v$R^z|KqZR92f+ zSh%x4MPH4_B7&|WRE#K(zH%+yKBMNfJ#U5#ps0@43|0JH!TUXP(Y50QUFyCD(Zseb z6I>XsMg|N=*h*~$61@gLOaIhDY|8zOfg!SR1Ynyz$ogw@4Z_P&gVb_Wq6A1WW$$;G z*3Ko6H-<#r$tfWQQ-+;r$4V3_+Y<50@4+D$LAIMtsK^ODc~v$Aw94>Z#h}bcI3ge; zR`MLA_+;qfcb4s%C%B&9Jk9B;*#x7`Sp(;cT48p$y}nh{win8W^$kMTG?Wkf0oW(BZpze_ca>AHk5Na!*_ZM-DLSsr#@wpeeKD)Jo z@UjG?xTemvq4_M*3K{n*A!jLuZ?qe|CvY;%OCz)?)RQHvl9U%R3lf9%)gHInNbf8~9`U2qvH@K$3@o_)cuC zO}uBxw4P2g{kLFwLI5NByu4twFbHpMr`}M`*YeLm7$bnb)hdczrZ1BbwuOzB{edqV z0rQfg%LXSHs{ak{vqhh$7(llQAJk?KE#%3#n(>_V~OvdPALBc&<4#oNR>3uwCa8gY8~&&58sIJT2@;?4&L0TI;* zX(SkTLf1FY501lO81}PnO}31JBP8hQpUj&v3hAe9m&cNk_H zLKzpRRGMMU@=p>?0*8I_xR-ZYkv<4@jr)ytT2CHri6%srPs!Sbv-8KjaAY_uiY)YO zyMZ?ak;nI~{1i>}Nyge_XZP1LlM)wk!s`Z{G|_%v7+U)5g-B}4;fdA|>rLy+LeA;G z&)Epfg_@%LtLeLNmy3k$#JbeLiKli0iJhHuh(e>)?5cT4l)6jVUo7EaIrp#J|JaFv ztO~`p*ng>^>y;VE4W6pWa1+O}SYGd%*c~{y>tEMO3YR8Xpyc&jSX%<{aCFybu`9na`n+l~l<;0aua)xLA z!LiFLck7PzByu&-D zjEFM==@35MQU8>AOFSOjZCDM8r}C95^vM;W+FSfZr=Ze7OEdLh4`wsf{s;hQ7cFR+ zJ(2Ps8^AK^yGgenF3xZ-y>cuH(F-)qM)N6T!@yrsOj(j79IXkzlsabu~B2t}1pI&AcbXY53Fekn~et)SgAhX)-B4JK3 zDriqMiAP?0hBYqd+m4~h&mhFK7XS^B)DfTpEQYQUP!5F{`g|UTmb$m@)~Z0z@W={s zH(r}1j)_I|Du6|v6BInlf9~Q2=JAL1$pMqmI^LQ8z9efaUCfAY`GX=qqzgmITmZb$ZgdEO+*ov{juxBy~DFK%|LN%~>Q#^NZtfsEU^ zHAlMI^6+CCK7Ve;O~`1eXwE-m8hbTrO4wl4i(OXTD!1p4Q1oay1C@$2b5E+VmI2+@ z$rAbSMYl*jdz%#?N=lp z3Z3XKyT}OaIxH9DR{!}~Ot#uo)z&JlTR~|P0paAYTW7b;;|b0ECLFXNxt|s>f?NdUs7RKpHexKOem_w zbXoq$J^^^dR9hI6oTGy6+!TML9gYa@?cJI9;)fo0uYMJgxWbEy0gOB7r@1uVkn6$5 zgdy*0ng6Kk;|_KPVf&<7w$CA&m4t1hJ^$uA&lrE~g^LJITIm_|0lvmY7%U zFRRWR{5al}yRJA{^v*#x8>f3W1rKlwJCvZnMEK>8DQRMIEg7RN#2zs(K#}|3r>Ej* z!;79b(^R{YE2h;+)-4nlH}i7M9*Bj)kWP*0cUSo5E5QCjn|Kkk=WY&T5qnOMo)FXF zrdT93?Vuj`n}BlIn~^}9$XMk1eCrNZVbOrocNk45|HR)Wv#@eaBqHOMrqWZ!gF{nB z_-q_TTs742vixn$ZKP@o-`Iy9ER4RSYgycB~ zbu9aA*TtvEsI~$`--tjnxN&@kwQoy+4~3pe%=IX}DJ1jFmyC~d&E@U;RfdIksP#>O zbcLlXFTkr~fu2>Tt;#<=8ov$NzC|IGFhkg>akd D-#ngP literal 179 zcmV;k08IY?M@dveQdv+`0INRxdbOHMM-tyqZwbhLKr5SH?#WLu7h1a#K}C%TrL0r