91 lines
2.8 KiB
Plaintext
91 lines
2.8 KiB
Plaintext
// Grafana Alloy configuration
|
|
// Collects:
|
|
// 1. Syslog over UDP/TCP port 514 — for MikroTik RB5009 and other network gear
|
|
// 2. Docker container logs — for all containers on this host
|
|
// Forwards everything to Loki.
|
|
|
|
// ── 1. SYSLOG RECEIVER ────────────────────────────────────────────────────────
|
|
// Listens on 514 UDP and TCP. Point your MikroTik logging action at this host.
|
|
|
|
loki.source.syslog "network_devices" {
|
|
listener {
|
|
address = "0.0.0.0:514"
|
|
protocol = "udp"
|
|
labels = {
|
|
job = "syslog",
|
|
source = "network",
|
|
}
|
|
}
|
|
listener {
|
|
address = "0.0.0.0:514"
|
|
protocol = "tcp"
|
|
labels = {
|
|
job = "syslog",
|
|
source = "network",
|
|
}
|
|
}
|
|
|
|
// Forward to the relabeling stage below
|
|
forward_to = [loki.process.syslog_relabel.receiver]
|
|
}
|
|
|
|
// Relabel syslog: promote the hostname field (sent by RouterOS) to a label
|
|
// so you can filter by device in Grafana with {host="RB5009"} etc.
|
|
loki.process "syslog_relabel" {
|
|
stage.labels {
|
|
values = {
|
|
host = "__syslog_message_hostname",
|
|
severity = "__syslog_message_severity",
|
|
facility = "__syslog_message_facility",
|
|
app = "__syslog_message_app_name",
|
|
}
|
|
}
|
|
forward_to = [loki.write.default.receiver]
|
|
}
|
|
|
|
|
|
// ── 2. DOCKER CONTAINER LOGS ─────────────────────────────────────────────────
|
|
// Tails logs from all Docker containers on this host.
|
|
// Adds container_name and image as labels for easy filtering.
|
|
|
|
discovery.docker "containers" {
|
|
host = "unix:///var/run/docker.sock"
|
|
}
|
|
|
|
// Relabel Docker metadata into useful Loki labels
|
|
discovery.relabel "docker_labels" {
|
|
targets = discovery.docker.containers.targets
|
|
|
|
rule {
|
|
source_labels = ["__meta_docker_container_name"]
|
|
regex = "/(.*)"
|
|
target_label = "container"
|
|
}
|
|
rule {
|
|
source_labels = ["__meta_docker_container_log_stream"]
|
|
target_label = "stream"
|
|
}
|
|
rule {
|
|
source_labels = ["__meta_docker_image_name"]
|
|
target_label = "image"
|
|
}
|
|
}
|
|
|
|
loki.source.docker "docker_logs" {
|
|
host = "unix:///var/run/docker.sock"
|
|
targets = discovery.relabel.docker_labels.output
|
|
labels = { job = "docker" }
|
|
forward_to = [loki.write.default.receiver]
|
|
relabel_rules = discovery.relabel.docker_labels.rules
|
|
}
|
|
|
|
|
|
// ── 3. LOKI WRITE TARGET ──────────────────────────────────────────────────────
|
|
// All sources above forward here.
|
|
|
|
loki.write "default" {
|
|
endpoint {
|
|
url = "http://loki:3100/loki/api/v1/push"
|
|
}
|
|
}
|