cjones/containers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
22efffdbe77b11502a285423f2e3da7bb23bbf36
containers/loki/config/alloy.original
cjones 22efffdbe7 fix alloy configuration
2026-03-20 14:51:42 -04:00

99 lines
3.0 KiB
Plaintext
Raw Blame History

// Alloy configuration
// Collects: (1) Docker container logs, (2) Syslog from network devices (MikroTik etc.)
// Pushes everything to local Loki instance.
// ── Loki destination ──────────────────────────────────────────────────────────
loki.write "local_loki" {
endpoint {
url = "http://loki:3100/loki/api/v1/push"
}
}
// ── Docker container log collection ──────────────────────────────────────────
// Discovers all running containers and tails their logs automatically.
// New containers are picked up without restarting Alloy.
discovery.docker "containers" {
host = "unix:///var/run/docker.sock"
}
discovery.relabel "docker_labels" {
targets = discovery.docker.containers.targets
// Use container name as the job label (strips the leading slash Docker adds)
rule {
source_labels = ["__meta_docker_container_name"]
regex = "/(.*)"
target_label = "container"
}
// Carry through the Docker Compose service name if present
rule {
source_labels = ["__meta_docker_container_label_com_docker_compose_service"]
target_label = "service"
}
// Carry through the Docker Compose project name if present
rule {
source_labels = ["__meta_docker_container_label_com_docker_compose_project"]
target_label = "compose_project"
}
rule {
target_label = "source"
replacement = "docker"
}
}
loki.source.docker "docker_logs" {
host = "unix:///var/run/docker.sock"
targets = discovery.relabel.docker_labels.output
forward_to = [loki.write.local_loki.receiver]
relabeling {
source_labels = ["__meta_docker_container_name"]
regex = "/(.*)"
target_label = "container"
}
}
// ── Syslog receiver (MikroTik RB5009 and other network devices) ──────────────
// Listens on UDP 514 and TCP 514.
// On your RB5009, set the remote logging action to point at this host's IP.
loki.source.syslog "network_syslog" {
listener {
address = "0.0.0.0:514"
protocol = "udp"
labels = {
source = "syslog",
job = "network_devices",
}
}
listener {
address = "0.0.0.0:514"
protocol = "tcp"
labels = {
source = "syslog",
job = "network_devices",
}
}
forward_to = [loki.process.syslog_relabel.receiver]
}
// Enrich syslog entries with a hostname label extracted from the syslog message
loki.process "syslog_relabel" {
forward_to = [loki.write.local_loki.receiver]
stage.syslog {} // Parses RFC3164/RFC5424 syslog and extracts hostname, app, facility, severity
stage.labels {
values = {
hostname = "hostname", // Extracted by stage.syslog
app = "app_name", // e.g. "dhcp", "firewall", "interface" on RouterOS
severity = "severity",
facility = "facility",
}
}
}
Reference in New Issue View Git Blame Copy Permalink