diff --git a/cluster/apps/monitoring/loki-stack/helm-release.yaml b/cluster/apps/monitoring/loki-stack/helm-release.yaml index 6811385c8..1d1a5abe4 100644 --- a/cluster/apps/monitoring/loki-stack/helm-release.yaml +++ b/cluster/apps/monitoring/loki-stack/helm-release.yaml @@ -51,9 +51,9 @@ spec: # ingester and querier components. join_members: - loki-headless.monitoring.svc.cluster.local.:7946 - # max_join_backoff: 1m - # max_join_retries: 10 - # min_join_backoff: 1s + # max_join_backoff: 1m + # max_join_retries: 10 + # min_join_backoff: 1s schema_config: configs: - from: "2020-10-24" @@ -96,62 +96,87 @@ spec: serviceMonitor: enabled: true extraScrapeConfigs: - pipeline_stages: - - job_name: pfsense + - job_name: syslog syslog: listen_address: 0.0.0.0:1514 - idle_timeout: 60s - label_structured_data: false + label_structured_data: true labels: job: "syslog" - host: pfsense relabel_configs: - - source_labels: ["__syslog_message_severity"] - target_label: "severity" - #- source_labels: ['__syslog_message_facility'] - # target_label: 'facility' - - source_labels: ["__syslog_message_app_name"] - target_label: "app_name" - pipeline_stages: - - match: - selector: '{app_name="filterlog"}' - stages: - - regex: - expression: '(?P\d*?),(?P\d*?),(?P\d*?),(?P\d*?),(?Pigb.{1,5}?),(?P\w*?),(?P\w*?),(?P\w*?),(?P4{1}?),(?P\w*?),(?P\w*?),(?P\w*?),(?P\w*?),(?P\w*?),(?P\w*?),(?P\d*?),(?P\w*?),(?P\d*?),(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}?),(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}?),(?P\d+?),(?P\d+?),(?P\d+?)' - # ipv6 // ,(?P6{1}?),(?P\w*?),(?P\w*?),(?P\w*?),(?P\w*?),(?P\d*?), - - labels: - pfsense_fw_rule: "" - #pfsense_fw_subrule: '' - #pfsense_fw_anchor: '' - pfsense_fw_tracker: "" - pfsense_fw_interface: "" - pfsense_fw_reason: "" - pfsense_fw_action: "" - pfsense_fw_direction: "" - #pfsense_fw_ip_version: '' - #pfsense_fw_tos: '' - #pfsense_fw_ecn: '' - #pfsense_fw_ttl: '' - #pfsense_fw_id: '' - #pfsense_fw_offset: '' - #pfsense_fw_flag: '' - pfsense_fw_protocol_id: "" - pfsense_fw_protocol_text: "" - #pfsense_fw_length: '' - pfsense_fw_source_address: "" - pfsense_fw_destination_address: "" - pfsense_fw_source_port: "" - pfsense_fw_destination_port: "" - #pfsense_fw_data_length: '' - # - metrics: - # lines_total: - # type: Counter - # description: "pfsense firewall : total number of log lines" - # prefix: pfsense_firewall_ - # match_all: true - # count_entry_bytes: true - # config: - # action: add + - source_labels: ['__syslog_connection_ip_address'] + target_label: 'ip_address' + - source_labels: ['__syslog_message_severity'] + target_label: 'severity' + - source_labels: ['__syslog_message_facility'] + target_label: 'facility' + - source_labels: ['__syslog_message_hostname'] + target_label: 'host' + - source_labels: ['__syslog_message_app_name'] + target_label: 'app' + - source_labels: ['__syslog_message_SRC'] + target_label: 'source_ip' + - source_labels: ['__syslog_message_SPT'] + target_label: 'source_port' + - source_labels: ['__syslog_message_DPT'] + target_label: 'destination_port' + - source_labels: ['__syslog_message_DST'] + target_label: 'destination_ip' + pipeline_stages: + # - job_name: pfsense + # syslog: + # listen_address: 0.0.0.0:1514 + # idle_timeout: 60s + # label_structured_data: false + # labels: + # job: "syslog" + # host: pfsense + # relabel_configs: + # - source_labels: ["__syslog_message_severity"] + # target_label: "severity" + # #- source_labels: ['__syslog_message_facility'] + # # target_label: 'facility' + # - source_labels: ["__syslog_message_app_name"] + # target_label: "app_name" + # pipeline_stages: + # - match: + # selector: '{app_name="filterlog"}' + # stages: + # - regex: + # expression: '(?P\d*?),(?P\d*?),(?P\d*?),(?P\d*?),(?Pigb.{1,5}?),(?P\w*?),(?P\w*?),(?P\w*?),(?P4{1}?),(?P\w*?),(?P\w*?),(?P\w*?),(?P\w*?),(?P\w*?),(?P\w*?),(?P\d*?),(?P\w*?),(?P\d*?),(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}?),(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}?),(?P\d+?),(?P\d+?),(?P\d+?)' + # # ipv6 // ,(?P6{1}?),(?P\w*?),(?P\w*?),(?P\w*?),(?P\w*?),(?P\d*?), + # - labels: + # pfsense_fw_rule: "" + # #pfsense_fw_subrule: '' + # #pfsense_fw_anchor: '' + # pfsense_fw_tracker: "" + # pfsense_fw_interface: "" + # pfsense_fw_reason: "" + # pfsense_fw_action: "" + # pfsense_fw_direction: "" + # #pfsense_fw_ip_version: '' + # #pfsense_fw_tos: '' + # #pfsense_fw_ecn: '' + # #pfsense_fw_ttl: '' + # #pfsense_fw_id: '' + # #pfsense_fw_offset: '' + # #pfsense_fw_flag: '' + # pfsense_fw_protocol_id: "" + # pfsense_fw_protocol_text: "" + # #pfsense_fw_length: '' + # pfsense_fw_source_address: "" + # pfsense_fw_destination_address: "" + # pfsense_fw_source_port: "" + # pfsense_fw_destination_port: "" + # #pfsense_fw_data_length: '' + # # - metrics: + # # lines_total: + # # type: Counter + # # description: "pfsense firewall : total number of log lines" + # # prefix: pfsense_firewall_ + # # match_all: true + # # count_entry_bytes: true + # # config: + # # action: add syslogService: enabled: true type: LoadBalancer