kazu634
/
itamae
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
itamae/cookbooks/promtail/templates/etc/promtail/base.yaml

391 lines
9.7 KiB
YAML
Raw Blame History

server:
disable: true
positions:
filename: /var/opt/promtail/promtail_base_position.yaml
clients:
- url: http://<%= @LOKIENDPOINT %>/loki/api/v1/push
scrape_configs:
- job_name: apt
static_configs:
- targets:
- localhost
labels:
job: apt
hostname: <%= @HOSTNAME %>
level: notice
__path__: /var/log/apt/history.log
- job_name: sudo
static_configs:
- targets:
- localhost
labels:
job: sudo
hostname: <%= @HOSTNAME %>
__path__: /var/log/auth.log
pipeline_stages:
- match:
selector: '{job="sudo"} |~ "(CRON|sshd|session|securetty|systemd-logind|/bin/sh)"'
action: drop
- match:
selector: '{job="sudo"} !~ "/bin/sh"'
stages:
- regex:
expression: '^(?P<timestamp>\w+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+) [^ ]+ sudo: +(?P<user>[^ ]+) : TTY=(?P<tty>[^ ]+) ; PWD=(?P<pwd>[^ ]+) ; USER=(?P<foo>[^ ]+) ; COMMAND=(?P<cmd>.+)$'
- timestamp:
source: timestamp
format: Jan 2 15:04:05
location: Asia/Tokyo
- template:
source: message
template: 'USER={{ .user }} PWD={{ .pwd }} CMD={{ .cmd }}'
- template:
source: level
template: 'notice'
- labels:
level:
- output:
source: message
- job_name: sshd
static_configs:
- targets:
- localhost
labels:
job: sshd
hostname: <%= @HOSTNAME %>
level: info
__path__: /var/log/auth.log
pipeline_stages:
- match:
selector: '{job="sshd"} |~ "(CRON|sudo|session)"'
action: drop
- match:
selector: '{job="sshd"}'
stages:
- regex:
expression: '^(?P<timestamp>\w+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+) [^:]+: (?P<message>.+)$'
- timestamp:
source: timestamp
format: Jan 2 15:04:05
location: Asia/Tokyo
- output:
source: message
- job_name: supervisord
static_configs:
- targets:
- localhost
labels:
job: supervisord
hostname: <%= @HOSTNAME %>
level: notice
__path__: /var/log/supervisor/supervisord.log
pipeline_stages:
- match:
selector: '{job="supervisord"}'
stages:
- regex:
expression: '^(?P<timestamp>[0-9]+\-[0-9]+\-[0-9]+ [0-9]+:[0-9]+:[0-9]+),[0-9]+ (?P<level>[^ ]+) (?P<message>.+)$'
- timestamp:
source: timestamp
format: 2006-01-02 15:04:05
location: Asia/Tokyo
- template:
source: level
template: '{{ ToLower .level }}'
- template:
source: level
template: '{{ regexReplaceAllLiteral "warn" .Value "warning" }}'
- template:
source: level
template: '{{ regexReplaceAllLiteral "crit" .Value "critical" }}'
- labels:
level:
- output:
source: message
- job_name: fail2ban
static_configs:
- targets:
- localhost
labels:
job: fail2ban
hostname: <%= @HOSTNAME %>
level: info
__path__: /var/log/fail2ban.log
pipeline_stages:
- match:
selector: '{job="fail2ban"} !~ "already banned"'
stages:
- regex:
expression: '^(?P<timestamp>[0-9]+\-[0-9]+\-[0-9]+ [0-9]+:[0-9]+:[0-9]+),[0-9]+ [^:]+: (?P<level>[^ ]+)[^\[]+(?P<message>.+)$'
- timestamp:
source: timestamp
format: 2006-01-02 15:04:05
location: Asia/Tokyo
- template:
source: level
template: '{{ ToLower .level }}'
- labels:
level:
- output:
source: message
- match:
selector: '{job="fail2ban"} |~ "already banned"'
stages:
- regex:
expression: '^(?P<timestamp>[0-9]+\-[0-9]+\-[0-9]+ [0-9]+:[0-9]+:[0-9]+),[0-9]+ [^:]+: (?P<level>[^ ]+)[^\[]+(?P<message>.+)$'
- timestamp:
source: timestamp
format: 2006-01-02 15:04:05
location: Asia/Tokyo
- output:
source: message
- job_name: promtail
static_configs:
- targets:
- localhost
labels:
job: promtail
hostname: <%= @HOSTNAME %>
__path__: /var/log/promtail.log
pipeline_stages:
- match:
selector: '{job="promtail"}'
stages:
- drop:
expression: 'entry out of order'
- regex:
expression: '^[^ ]+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+ [^ ]+ promtail[^ ]+ .*ts=(?P<timestamp>[^ ]+) (?P<message>.+)$'
- timestamp:
source: timestamp
format: 2006-01-02T15:04:05.999999999Z
location: Etc/GMT
- regex:
expression: '^[^ ]+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+ [^ ]+ promtail[^ ]+ .*level=(?P<level>[^\\" ]+).*$'
- template:
source: level
template: '{{ regexReplaceAllLiteral "warn" .Value "warning" }}'
- labels:
level:
- output:
source: message
- job_name: login
journal:
json: false
max_age: 12h
path: /var/log/journal
labels:
job: login
level: notice
hostname: <%= @HOSTNAME %>
relabel_configs:
- action: keep
regex: 'systemd-logind.service'
source_labels:
- __journal__systemd_unit
- job_name: init
journal:
json: false
max_age: 12h
path: /var/log/journal
labels:
job: init
hostname: <%= @HOSTNAME %>
pipeline_stages:
- match:
selector: '{job="init"} |~ "(apt|Message of the Day|motd-news|Temporary Directories|man-db|fwupd|Firmware update daemon|systemd-tmpfiles-clean.service|Rotate log files|logrotate.service|[Pp]ackage[Kk]it|/run/dbus/system_bus_socket|[Ss]nap|lxd|Reloading|Mount unit|ext4 Metadata|e2scrub_all.service|docker|tmp-sanity|libcontainer container)"'
stages:
- template:
source: level
template: 'info'
- labels:
level:
- match:
selector: '{job="init"} !~ "(apt|Message of the Day|motd-news|Temporary Directories|man-db|fwupd|Firmware update daemon|systemd-tmpfiles-clean.service|Rotate log files|logrotate.service|[Pp]ackage[Kk]it|/run/dbus/system_bus_socket|[Ss]nap|lxd|Reloading|Mount unit|ext4 Metadata|e2scrub_all.service|docker|tmp-sanity|libcontainer container)"'
stages:
- template:
source: level
template: 'notice'
- labels:
level:
relabel_configs:
- action: keep
regex: 'init\.scope'
source_labels:
- __journal__systemd_unit
- job_name: systemd
journal:
json: false
max_age: 12h
path: /var/log/journal
labels:
job: systemd
level: info
hostname: <%= @HOSTNAME %>
pipeline_stages:
- match:
selector: '{job="systemd"} !~ "(temperature|nf_conntrack)"'
stages:
- drop:
expression: (CMD|UFW|session|TTY)
- match:
selector: '{job="systemd"} |~ "nf_conntrack"'
stages:
- template:
source: level
template: 'error'
- labels:
level:
- match:
selector: '{job="systemd"} |~ "temperature"'
stages:
- regex:
expression: '^(?P<message>.+)$'
- template:
source: level
template: '{{ .message }}'
- template:
source: level
template: '{{ regexReplaceAllLiteral ".*normal.*" .Value "notice" }}'
- template:
source: level
template: '{{ regexReplaceAllLiteral ".*temperature.*" .Value "error" }}'
- labels:
level:
- output:
source: message
relabel_configs:
- source_labels: ['__journal__systemd_unit']
target_label: 'unit'
- action: drop
regex: '.*(cron|supervisor|ssh|promtail|local|grafana|motd|dnsmasq|snapd|logind|init|session|loki|monit|consul).*'
source_labels:
- __journal__systemd_unit
- job_name: consul
static_configs:
- targets:
- localhost
labels:
job: consul
hostname: <%= @HOSTNAME %>
level: info
__path__: /var/log/consul/consul-*.log
pipeline_stages:
- match:
selector: '{job="consul"}'
stages:
- regex:
expression: '^(?P<timestamp>\d+-\d+-[^T]+T\d+:\d+:\d+\.\d+\+\d+) \[(?P<level>[^\]]+)\] *(?P<message>.+)$'
- timestamp:
source: timestamp
format: 2006-01-02T15:04:05.000-0700
- template:
source: level
template: '{{ ToLower .level }}'
- template:
source: level
template: '{{ regexReplaceAllLiteral "warn" .Value "warning" }}'
- template:
source: level
template: '{{ regexReplaceAllLiteral "crit" .Value "critical" }}'
- labels:
level:
- output:
source: message
- job_name: unattended-upgrades
static_configs:
- targets:
- localhost
labels:
job: unattended-upgrades
hostname: <%= @HOSTNAME %>
level: notice
__path__: /var/log/unattended-upgrades/unattended-upgrades.log
pipeline_stages:
- match:
selector: '{job="unattended-upgrades"}'
stages:
- regex:
expression: '^(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}),\d{3} (?P<level>[^ ]+) (?P<message>.+)$'
- timestamp:
source: timestamp
format: 2006-01-02 15:04:05
location: Asia/Tokyo
- output:
source: message
Reference in New Issue View Git Blame Copy Permalink