update graylog terranix setup
This commit is contained in:
parent
5f373a2148
commit
ed5871b592
2 changed files with 68 additions and 10 deletions
|
@ -1,6 +1,6 @@
|
||||||
with builtins; {
|
with builtins; {
|
||||||
|
|
||||||
imports = [ ./provider.nix ./nginx.nix ];
|
imports = [ ./provider.nix ./nginx.nix ./journald.nix ];
|
||||||
|
|
||||||
resource.graylog_output.stdout = {
|
resource.graylog_output.stdout = {
|
||||||
title = "test stdout";
|
title = "test stdout";
|
||||||
|
@ -9,19 +9,19 @@ with builtins; {
|
||||||
};
|
};
|
||||||
|
|
||||||
# create default index
|
# create default index
|
||||||
resource.graylog_index_set.default =
|
resource.graylog_index_set.default = let
|
||||||
let
|
|
||||||
maxIndexSize = 200;
|
maxIndexSize = 200;
|
||||||
maxIndexCount = 20;
|
maxIndexCount = 20;
|
||||||
isDefault = false;
|
isDefault = false;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
title = "default";
|
title = "default";
|
||||||
description = ''
|
description = ''
|
||||||
This is the default index set, where everything ends up which is
|
This is the default index set, where everything ends up which is
|
||||||
not specifically send to another index.
|
not specifically send to another index.
|
||||||
|
|
||||||
Be aware this index can only hold ${toString (maxIndexCount * maxIndexSize)}MB of logs!
|
Be aware this index can only hold ${
|
||||||
|
toString (maxIndexCount * maxIndexSize)
|
||||||
|
}MB of logs!
|
||||||
'';
|
'';
|
||||||
default = isDefault;
|
default = isDefault;
|
||||||
index_prefix = "test-graylog";
|
index_prefix = "test-graylog";
|
||||||
|
@ -46,7 +46,8 @@ with builtins; {
|
||||||
rotation_strategy = toJSON ({
|
rotation_strategy = toJSON ({
|
||||||
#max_docs_per_index = 30000000;
|
#max_docs_per_index = 30000000;
|
||||||
max_size = maxIndexSize * 1024 * 1024;
|
max_size = maxIndexSize * 1024 * 1024;
|
||||||
type = "org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategyConfig";
|
type =
|
||||||
|
"org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategyConfig";
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
57
terranix/graylog/journald.nix
Normal file
57
terranix/graylog/journald.nix
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
with builtins; {
|
||||||
|
|
||||||
|
resource = {
|
||||||
|
|
||||||
|
graylog_input.journald = {
|
||||||
|
title = "test journald";
|
||||||
|
# https://javadoc.io/doc/org.graylog2/graylog2-inputs/latest/index.html
|
||||||
|
type = "org.graylog2.inputs.gelf.udp.GELFUDPInput";
|
||||||
|
global = true;
|
||||||
|
attributes = toJSON ({
|
||||||
|
bind_address = "0.0.0.0";
|
||||||
|
decompress_size_limit = 8388608;
|
||||||
|
number_worker_threads = 2;
|
||||||
|
port = 12211; # todo
|
||||||
|
recv_buffer_size = 262144;
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
# todo create stream
|
||||||
|
|
||||||
|
graylog_input_static_fields.journald = {
|
||||||
|
input_id = "\${graylog_input.journald.id}";
|
||||||
|
fields = { from_systemd = true; };
|
||||||
|
};
|
||||||
|
|
||||||
|
graylog_pipeline.systemd_loglevel_fix.source = ''
|
||||||
|
pipeline "journald : log level fix"
|
||||||
|
stage 0 match either
|
||||||
|
rule "journald : lookup log level"
|
||||||
|
stage 1 match either
|
||||||
|
rule "journald : replace log level"
|
||||||
|
end
|
||||||
|
'';
|
||||||
|
|
||||||
|
graylog_pipeline_rule = {
|
||||||
|
lookup.source = ''
|
||||||
|
rule "journald : lookup log level"
|
||||||
|
when
|
||||||
|
has_field("level")
|
||||||
|
then
|
||||||
|
let lookup = lookup_value("systemd-log-level-reverse",$message.level);
|
||||||
|
set_field("level_fix",lookup);
|
||||||
|
end
|
||||||
|
'';
|
||||||
|
replace.source = ''
|
||||||
|
rule "journald : replace log level"
|
||||||
|
when
|
||||||
|
has_field("level_fix")
|
||||||
|
then
|
||||||
|
set_field("level",$message.level_fix);
|
||||||
|
end
|
||||||
|
'';
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in a new issue