diff options
| author | makefu <github@syntax-fehler.de> | 2023-07-28 22:24:15 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2023-07-28 22:24:15 +0200 |
| commit | 060a8f28fa1fc648bdf66afb31a5d1efac868837 (patch) | |
| tree | 2b354eacc7897365ee45244fe7a51720e0d0333f /makefu/2configs/logging/server.nix | |
| parent | cbfcc890e3b76d942b927809bf981a5fa7289e6a (diff) | |
makefu: move out to own repo, add vacation-note
Diffstat (limited to 'makefu/2configs/logging/server.nix')
| -rw-r--r-- | makefu/2configs/logging/server.nix | 140 |
1 files changed, 0 insertions, 140 deletions
diff --git a/makefu/2configs/logging/server.nix b/makefu/2configs/logging/server.nix deleted file mode 100644 index f2fccec25..000000000 --- a/makefu/2configs/logging/server.nix +++ /dev/null @@ -1,140 +0,0 @@ -{pkgs, config, ...}: - -let - es-port = 9200; - kibana-port = 5601; - primaryName = "log.${config.krebs.build.host.name}"; - serverAliases = [ "${primaryName}.r" "${primaryName}.lan" ]; -in { - - services.nginx.virtualHosts.${primaryName} = { - inherit serverAliases; - locations."/" = { - proxyPass = "http://localhost:5601/"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; - }; - }; - services.elasticsearch = { - enable = true; - port = es-port; - }; - services.kibana = { - enable = true; - port = kibana-port; - }; - - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport ${toString es-port} -j ACCEPT - iptables -A INPUT -i retiolum -p tcp --dport ${toString kibana-port} -j ACCEPT - ''; - - # send logs directly to elasticsearch - services.journalbeat = { - enable = true; - package = pkgs.journalbeat7; - extraConfig = '' - logging: - to_syslog: true - level: info - metrics.enabled: false - template.enabled: false - output.logstash: - hosts: [ "127.0.0.1:5044" ] - template.enabled: false - index: journalbeat - journalbeat.inputs: - - paths: [] - seek: cursor - ''; - }; - - services.logstash = { - enable = true; - # package = pkgs.logstash5; - # plugins = [ pkgs.logstash-contrib ]; - inputConfig = - '' - syslog { - timezone => "Etc/UTC" - } - beats { - port => 5044 - } - ''; - filterConfig = - '' - # Assume Beats - if [syslog] { - mutate { - add_field => { "program" => "%{[syslog][identifier]}" } - } - } - '' + - '' - if ![program] { - mutate { - add_field => { "program" => "unknown" } - } - } - '' + - '' - if ([program] == "logstash") { - drop {} - } - '' + - '' - if ( [program] == "dnsmasq") { - grok { - patterns_dir => ["${./patterns}"] - match => { - "message" => [ - "^%{DNSID:dnsid} %{IP:client}/%{PORT} %{DNSRESPONSE:dnstype}\[[\w]+\] %{DOMAIN:domain} from %{IP}" - , "^%{DNSID:dnsid} %{IP:client}/%{PORT} %{DNSRESPONSE:dnstype} %{DOMAIN:domain} is %{IPORWORD:resolved_ip}" - , "^%{DNSID:dnsid} %{IP:client}/%{PORT} %{DNSRESPONSE:dnstype} %{DOMAIN:domain} to %{IP:upstream_dns}" - ] - } - } - if [resolved_ip] { - geoip { - source => "resolved_ip" - } - } - mutate { - rename => { "host" => "syslog_host" } - } - # Target is to parse the the first and second significant part of the domain - grok { - patterns_dir => ["${./patterns}"] - match => { "domain" => [ "%{PUBLIC_SUFFIX:dns_suffix}$" ] } - } - if [client] { - mutate { copy => { "client" => "clientip" } } - dns { - reverse => [ "client"] - action => "replace" - hostsfile => [ "/etc/hosts" ] - hit_cache_ttl => 1600 - failed_cache_ttl => 60 - } - } - } - '' + '' - if ( [program] == "proftpd") { - kv { - field_split => " " - } - } - ''; - outputConfig = - '' - #stdout { - # codec => rubydebug - #} - elasticsearch { } - ''; - }; -} |