nix-config/modules/logging.nix

{ hostRegistry, config, pkgs, lib, ... }:

let

  nginxGlobalLogging = ''
    log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
                     '"remote_addr": "$remote_addr", '
                     '"body_bytes_sent": $body_bytes_sent, '
                     '"request_time": $request_time, '
                     '"response_status": $status, '
                     '"request": "$request", '
                     '"request_method": "$request_method", '
                     '"host": "$host",'
                     '"upstream_cache_status": "$upstream_cache_status",'
                     '"upstream_addr": "$upstream_addr",'
                     '"http_x_forwarded_for": "$http_x_forwarded_for",'
                     '"http_referrer": "$http_referer", '
                     '"http_user_agent": "$http_user_agent" }';

    # replace the hostnames with the IP or hostname of your Graylog2 server
    access_log syslog:server=graylog.server.org:12301 graylog2_json;
    error_log syslog:server=graylog.server.org:12302;
  '';

in {
  # add central logging
  services.journalbeat = {
    enable = false;
    extraConfig = ''
      journalbeat.inputs:
        # Paths that should be crawled and fetched. Possible values files and directories.
        # When setting a directory, all journals under it are merged.
        # When empty starts to read from local journal.
      - paths: []

      journalbeat:
        seek_position: cursor
        cursor_seek_fallback: tail
        write_cursor_state: true
        cursor_flush_period: 5s
        clean_field_names: true
        convert_to_numbers: false
        move_metadata_to_field: journal
        default_type: journal
        kernel: true
      output.logstash:
        # Boolean flag to enable or disable the output module.
        enabled: true
        hosts: ["${config.c3d2.hosts.logging.ip4}:5044"]
    '';
  };

  services.prometheus.exporters.node = lib.mkIf (pkgs.system != "riscv64-linux") {
    enable = true;
    openFirewall = true;
  };
}
journalbeat: set logging host 2021-10-06 19:12:32 +02:00			`{ hostRegistry, config, pkgs, lib, ... }:`
add prometheus host unify logging into lib/logging cleanup registry 2019-07-06 02:10:46 +02:00
			`let`

			`nginxGlobalLogging = ''`
			`log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '`
			`'"remote_addr": "$remote_addr", '`
			`'"body_bytes_sent": $body_bytes_sent, '`
			`'"request_time": $request_time, '`
			`'"response_status": $status, '`
			`'"request": "$request", '`
			`'"request_method": "$request_method", '`
			`'"host": "$host",'`
			`'"upstream_cache_status": "$upstream_cache_status",'`
			`'"upstream_addr": "$upstream_addr",'`
			`'"http_x_forwarded_for": "$http_x_forwarded_for",'`
			`'"http_referrer": "$http_referer", '`
			`'"http_user_agent": "$http_user_agent" }';`

			`# replace the hostnames with the IP or hostname of your Graylog2 server`
			`access_log syslog:server=graylog.server.org:12301 graylog2_json;`
			`error_log syslog:server=graylog.server.org:12302;`
Nixfmt everything 2021-02-22 11:45:12 +01:00			`'';`

			`in {`
add prometheus host unify logging into lib/logging cleanup registry 2019-07-06 02:10:46 +02:00			`# add central logging`
			`services.journalbeat = {`
config: killall broken journalbeat config 2022-06-01 22:35:51 +02:00			`enable = false;`
add prometheus host unify logging into lib/logging cleanup registry 2019-07-06 02:10:46 +02:00			`extraConfig = ''`
fix beats logging and storage-ng 2019-11-05 18:44:39 +01:00			`journalbeat.inputs:`
			`# Paths that should be crawled and fetched. Possible values files and directories.`
			`# When setting a directory, all journals under it are merged.`
			`# When empty starts to read from local journal.`
			`- paths: []`

add prometheus host unify logging into lib/logging cleanup registry 2019-07-06 02:10:46 +02:00			`journalbeat:`
			`seek_position: cursor`
			`cursor_seek_fallback: tail`
			`write_cursor_state: true`
			`cursor_flush_period: 5s`
			`clean_field_names: true`
			`convert_to_numbers: false`
			`move_metadata_to_field: journal`
			`default_type: journal`
			`kernel: true`
			`output.logstash:`
			`# Boolean flag to enable or disable the output module.`
			`enabled: true`
Refactor host registry 2022-01-16 13:26:37 +01:00			`hosts: ["${config.c3d2.hosts.logging.ip4}:5044"]`
journalbeat: set logging host 2021-10-06 19:12:32 +02:00			`'';`
add prometheus host unify logging into lib/logging cleanup registry 2019-07-06 02:10:46 +02:00			`};`

config/logging: don't enable on riscv64-linux (broken) 2022-06-22 00:46:02 +02:00			`services.prometheus.exporters.node = lib.mkIf (pkgs.system != "riscv64-linux") {`
add prometheus host unify logging into lib/logging cleanup registry 2019-07-06 02:10:46 +02:00			`enable = true;`
			`openFirewall = true;`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`};`
add prometheus host unify logging into lib/logging cleanup registry 2019-07-06 02:10:46 +02:00			`}`