update graylog terranix setup

2021-07-14 12:12:36 +02:00 · 2021-07-14 12:12:36 +02:00 · ed5871b592
commit ed5871b592
parent 5f373a2148
2 changed files with 68 additions and 10 deletions
--- a/terranix/graylog/config.nix
+++ b/terranix/graylog/config.nix
@ -1,6 +1,6 @@
 with builtins; {

-  imports = [ ./provider.nix ./nginx.nix ];
+  imports = [ ./provider.nix ./nginx.nix ./journald.nix ];

  resource.graylog_output.stdout = {
    title = "test stdout";
@ -9,19 +9,19 @@ with builtins; {
  };

  # create default index
-  resource.graylog_index_set.default =
-    let
-      maxIndexSize = 200;
-      maxIndexCount = 20;
-      isDefault = false;
-    in
-    {
+  resource.graylog_index_set.default = let
+    maxIndexSize = 200;
+    maxIndexCount = 20;
+    isDefault = false;
+  in {
    title = "default";
    description = ''
      This is the default index set, where everything ends up which is
      not specifically send to another index.

-      Be aware this index can only hold ${toString (maxIndexCount * maxIndexSize)}MB of logs!
+      Be aware this index can only hold ${
+        toString (maxIndexCount * maxIndexSize)
+      }MB of logs!
    '';
    default = isDefault;
    index_prefix = "test-graylog";
@ -46,7 +46,8 @@ with builtins; {
    rotation_strategy = toJSON ({
      #max_docs_per_index = 30000000;
      max_size = maxIndexSize * 1024 * 1024;
-      type = "org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategyConfig";
+      type =
+        "org.graylog2.indexer.rotation.strategies.SizeBasedRotationStrategyConfig";
    });
  };
 }
--- a/terranix/graylog/journald.nix
+++ b/terranix/graylog/journald.nix
@ -0,0 +1,57 @@
+with builtins; {
+
+  resource = {
+
+    graylog_input.journald = {
+      title = "test journald";
+      # https://javadoc.io/doc/org.graylog2/graylog2-inputs/latest/index.html
+      type = "org.graylog2.inputs.gelf.udp.GELFUDPInput";
+      global = true;
+      attributes = toJSON ({
+        bind_address = "0.0.0.0";
+        decompress_size_limit = 8388608;
+        number_worker_threads = 2;
+        port = 12211; # todo
+        recv_buffer_size = 262144;
+      });
+    };
+
+    # todo create stream
+
+    graylog_input_static_fields.journald = {
+      input_id = "\${graylog_input.journald.id}";
+      fields = { from_systemd = true; };
+    };
+
+    graylog_pipeline.systemd_loglevel_fix.source = ''
+      pipeline "journald : log level fix"
+        stage 0 match either
+          rule "journald : lookup log level"
+        stage 1 match either
+          rule "journald : replace log level"
+      end
+    '';
+
+    graylog_pipeline_rule = {
+      lookup.source = ''
+        rule "journald : lookup log level"
+        when
+          has_field("level")
+        then
+          let lookup = lookup_value("systemd-log-level-reverse",$message.level);
+          set_field("level_fix",lookup);
+        end
+      '';
+      replace.source = ''
+        rule "journald : replace log level"
+        when
+          has_field("level_fix")
+        then
+          set_field("level",$message.level_fix);
+        end
+      '';
+
+    };
+  };
+
+}