Created
December 27, 2021 07:47
-
-
Save proffalken/b9d9fd3852201af604a141a21bde4601 to your computer and use it in GitHub Desktop.
Vector, Loki, and Prometheus
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Be sure to follow the instructions at | |
| // https://grafana.com/docs/loki/latest/clients/docker-driver/ | |
| // otherwise this will not work! | |
| // | |
| // Also, remember to remove these comments because JSON doesn't support them! | |
| { | |
| "data-root": "/mnt/docker", | |
| "metrics-addr" : "10.231.1.21:9323", | |
| "experimental" : true, | |
| "log-driver": "loki", | |
| "log-opts": { | |
| "loki-url": "https://loki.service.wallace.network/loki/api/v1/push", | |
| "loki-batch-size": "400", | |
| "loki-external-labels": "job=container_logs,container_name={{.Name}},container_image={{.ImageName}}" | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - job_name: 'vector' | |
| scrape_interval: 30s | |
| static_configs: | |
| - targets: ['vector:9598'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Set global options | |
| data_dir: "/var/lib/vector" | |
| # Vector's API (disabled by default) | |
| # Enable and try it out with the `vector top` command | |
| api: | |
| enabled: false | |
| # address: "127.0.0.1:8686" | |
| sources: | |
| traefik: | |
| type: file | |
| ignore_older_secs: 600 | |
| include: | |
| - "/var/log/traefik/traefik.log" | |
| read_from: "beginning" | |
| traefik_access: | |
| type: file | |
| ignore_older_secs: 600 | |
| include: | |
| - "/var/log/traefik/access.log" | |
| read_from: "beginning" | |
| unifi_syslog: | |
| type: syslog | |
| address: 0.0.0.0:1514 | |
| mode: udp | |
| transforms: | |
| tr_traefik: | |
| type: remap | |
| inputs: | |
| - traefik | |
| - traefik_access | |
| source: |- | |
| . = parse_json!(.message) | |
| re_unifi: | |
| type: remap | |
| inputs: | |
| - unifi_syslog | |
| source: >- | |
| newmsg, err = parse_regex(.message, r'IN=(?P<source_interface>(\S+|\s?)) OUT=(?P<forward_interface>(\S+|\s?)) MAC=(?P<source_mac>(\S+|\s?)) SRC=(?P<source_ip>(?:([0-9]{1,3}\.){3}[0-9]{1,3})) DST=(?P<destination_ip>(?:([0-9]{1,3}\.){3}[0-9]{1,3})) LEN=(?P<pkt_len>\d+) TOS=(?P<pkt_tos>[\dx\d]+) PREC=(?P<pkt_prec>[\dx\d]+) TTL=(?P<pkt_ttl>\d+) ID=(?P<pkt_id>\d+)\s?(?P<pk_frg>[A-Z\s].?)\s?PROTO=(?P<pkt_protocol>[\w\d]+) SPT=(?P<source_port>\d+) DPT=(?P<dest_port>\d+) (LEN=(?P<pkt_length>\d+))?(WINDOW=(?P<pkt_window>\d+) RES=(?P<pkt_res>[\dx\d]+)? (?P<pkt_type>(\S+))?\s?(URGP=(?P<pkt_urgency>\d))?)?') | |
| if err != null { | |
| log(err, level: "error") | |
| . = .message | |
| } else { | |
| . = merge(., newmsg) | |
| } | |
| unifi_to_geoip: | |
| type: geoip | |
| inputs: | |
| - re_unifi | |
| database: /etc/fluent-bit/GeoLite2-City.mmdb | |
| source: source_ip | |
| target: geoip | |
| ugeoip_extract: | |
| type: remap | |
| inputs: | |
| - unifi_to_geoip | |
| source: >- | |
| geodata = parse_json!(.message.geoip) | |
| .source_ip = .source_ip | |
| ., err = merge(geodata, .source_ip) | |
| log(., level: "error") | |
| unifi_metrics: | |
| type: log_to_metric | |
| inputs: | |
| - ugeoip_extract | |
| metrics: | |
| - field: source_ip | |
| name: inbound_connections | |
| type: counter | |
| tags: | |
| source: "{{ source_ip }}" | |
| target_port: "{{ dest_port }}" | |
| latitude: "{{ geoip.latitude }}" | |
| longitude: "{{ geoip.longitude }}" | |
| city_name: "{{ geoip.city_name }}" | |
| country_code: "{{ geoip.country_code }}" | |
| continent_code: "{{ geoip.continent_code }}" | |
| sinks: | |
| syslog_loki: | |
| type: "loki" | |
| inputs: | |
| - unifi_to_geoip | |
| endpoint: https://loki/ | |
| encoding: | |
| codec: json | |
| labels: | |
| job: "vector" | |
| host: "{{ host }}" | |
| service: "unifi" | |
| traefik_provider: "{{ providerName }}" | |
| healthcheck: false | |
| dropped_loki: | |
| type: "loki" | |
| inputs: | |
| - re_unifi.dropped | |
| endpoint: https://loki/ | |
| encoding: | |
| codec: json | |
| labels: | |
| job: "vector" | |
| host: "{{ host }}" | |
| service: "unifi.dropped" | |
| dropped: "True" | |
| traefik_provider: "{{ providerName }}" | |
| healthcheck: false | |
| traefik_loki: | |
| type: "loki" | |
| inputs: | |
| - tr_traefik | |
| endpoint: https://loki/ | |
| encoding: | |
| codec: json | |
| labels: | |
| job: "vector" | |
| host: "{{ host }}" | |
| service: "traefik" | |
| traefik_provider: "{{ providerName }}" | |
| healthcheck: false | |
| prom_remote_write: | |
| type: prometheus_exporter | |
| inputs: | |
| - unifi_metrics | |
| healthcheck: false |
@spacecomet - Loki, Prometheus, and vector will work, but you won't get any of the IP to country stuff without changing lines 51-69.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@proffalken If I don't have a unifi router this is not going to work right?