update graylog terranix setup

This commit is contained in:
Ingolf Wagner 2021-07-14 12:12:36 +02:00
parent 5f373a2148
commit ed5871b592
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
2 changed files with 68 additions and 10 deletions

View file

@ -1,6 +1,6 @@
with builtins; { with builtins; {
imports = [ ./provider.nix ./nginx.nix ]; imports = [ ./provider.nix ./nginx.nix ./journald.nix ];
resource.graylog_output.stdout = { resource.graylog_output.stdout = {
title = "test stdout"; title = "test stdout";
@ -9,19 +9,19 @@ with builtins; {
}; };
# create default index # create default index
resource.graylog_index_set.default = resource.graylog_index_set.default = let
let
maxIndexSize = 200; maxIndexSize = 200;
maxIndexCount = 20; maxIndexCount = 20;
isDefault = false; isDefault = false;
in in {
{
title = "default"; title = "default";
description = '' description = ''
This is the default index set, where everything ends up which is This is the default index set, where everything ends up which is
not specifically send to another index. not specifically send to another index.
Be aware this index can only hold ${toString (maxIndexCount * maxIndexSize)}MB of logs! Be aware this index can only hold ${
toString (maxIndexCount * maxIndexSize)
}MB of logs!
''; '';
default = isDefault; default = isDefault;
index_prefix = "test-graylog"; index_prefix = "test-graylog";
@ -46,7 +46,8 @@ with builtins; {
rotation_strategy = toJSON ({ rotation_strategy = toJSON ({
#max_docs_per_index = 30000000; #max_docs_per_index = 30000000;
max_size = maxIndexSize * 1024 * 1024; max_size = maxIndexSize * 1024 * 1024;
type = "org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategyConfig"; type =
"org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategyConfig";
}); });
}; };
} }

View file

@ -0,0 +1,57 @@
with builtins; {
resource = {
graylog_input.journald = {
title = "test journald";
# https://javadoc.io/doc/org.graylog2/graylog2-inputs/latest/index.html
type = "org.graylog2.inputs.gelf.udp.GELFUDPInput";
global = true;
attributes = toJSON ({
bind_address = "0.0.0.0";
decompress_size_limit = 8388608;
number_worker_threads = 2;
port = 12211; # todo
recv_buffer_size = 262144;
});
};
# todo create stream
graylog_input_static_fields.journald = {
input_id = "\${graylog_input.journald.id}";
fields = { from_systemd = true; };
};
graylog_pipeline.systemd_loglevel_fix.source = ''
pipeline "journald : log level fix"
stage 0 match either
rule "journald : lookup log level"
stage 1 match either
rule "journald : replace log level"
end
'';
graylog_pipeline_rule = {
lookup.source = ''
rule "journald : lookup log level"
when
has_field("level")
then
let lookup = lookup_value("systemd-log-level-reverse",$message.level);
set_field("level_fix",lookup);
end
'';
replace.source = ''
rule "journald : replace log level"
when
has_field("level_fix")
then
set_field("level",$message.level_fix);
end
'';
};
};
}