lux4rd0 / grafana-loki-syslog-aio Goto Github PK

View Code? Open in Web Editor NEW

160.0 7.0 50.0 704 KB

Grafana Loki Syslog All In One Syslog Deployable Stack

Home Page: https://labs.lux4rd0.com/2021/01/oldskool-syslog-meets-newskool-loki/

License: Apache License 2.0

Dockerfile 13.82% Shell 86.18%

grafana loki syslog-ng promtail prometheus node-exporter minio syslog cadvisor docker

grafana-loki-syslog-aio's People

Contributors

Stargazers

Watchers

Forkers

wrongkitchen jijeesh hotromaytinhit tainguyenbp jholee somsakc pcanham alexarmstrong bossjones joyshmitz peddamat fungible-systems codehead tekh arnaudmut simoncaron nag94 xmlgrg djedu fgravato maunicmer kinekt4 theflighteur fraccie k2gremlin zervin ssanj callaghangroup zaywalker ilsme sailingbo zfrkrc andrewglass3 johshea ss278 plceng cisco-emea-cx-cto marciogsm edgar-matias elijahlynn cswilsnetex eoloo therealodineye ofthomas76 luke-williams9 xiaoqin00 techcrazi megamattzilla pteiber yannguillou

grafana-loki-syslog-aio's Issues

no incoming data

First of thanks for taking the time to put this project together. I am sure I am missing something fairly obvious. I have a my device pointed to the IP of the VM where g-l-s-a is running and I am not seeing any data hitting being reflected in the dashboard.
my syslog-ng.conf file is as follows
axiom@ranch-a1:~/container/Grafana-Influxdb_2.x-Syslog-server/syslog$ cat syslog-ng.conf
@Version: 3.35
@include "scl.conf"

/etc/syslog-ng/syslog-ng.conf

source s_sys {
udp(ip(0.0.0.0) port(514));
};
destination telegraf_local {
syslog("telegraf" port(6514));
};
#filter f_default { level(info..emerg));
#};
log { source(s_sys); filter(f_default); destination(telegraf_local); };

any pointers would be greatly appreciated

adding a source to the existing syslog-ng.conf

I am a super newbie when it comes to syslog-ng but I am here asking for help. I think what i need help with is understanding how I can modify the existing syslog-ng.conf -the default one provided by the stack - to have it receive from a truenas installation and also send logs to Splunk. I would appreciate any input, thanks

Cannot Create Alerts

Is there a reason the "New Alert" button does not show up after a fresh build. I cannot create alerts because of this.

Dashborad does not show logs in grafana 8.1.1

Launched a new instance and did not see the logs. Checking the dump showed that the logs are coming. I changed the tag to 7.5.10 for grafana and everything began to be displayed. The problem with the latest tagged container

[Error] TypeError: HTTPConnection.request() got an unexpected keyword argument 'chunked'

Distributor ID: Ubuntu
Description: Ubuntu 24.04 LTS
Release: 24.04
Codename: noble
Docker: 26.1.1, build 4cf5afa
Docker-Compose: 1.29.2, build unknown

Error:

:~/grafana-loki-syslog-aio-main$ sudo docker-compose -f ./docker-compose.yml up -d
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/docker/api/client.py", line 214, in _retrieve_server_version
    return self.version(api_version=False)["ApiVersion"]
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/docker/api/daemon.py", line 181, in version
    return self._result(self._get(url), json=True)
                        ^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/docker/utils/decorators.py", line 46, in inner
    return f(self, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/docker/api/client.py", line 237, in _get
    return self.get(url, **self._set_request_timeout(kwargs))
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 602, in get
    return self.request("GET", url, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 589, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 703, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 486, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 791, in urlopen
    response = self._make_request(
               ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 497, in _make_request
    conn.request(
TypeError: HTTPConnection.request() got an unexpected keyword argument 'chunked'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/docker-compose", line 33, in <module>
    sys.exit(load_entry_point('docker-compose==1.29.2', 'console_scripts', 'docker-compose')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/compose/cli/main.py", line 81, in main
    command_func()
  File "/usr/lib/python3/dist-packages/compose/cli/main.py", line 200, in perform_command
    project = project_from_options('.', options)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/compose/cli/command.py", line 60, in project_from_options
    return get_project(
           ^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/compose/cli/command.py", line 152, in get_project
    client = get_client(
             ^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/compose/cli/docker_client.py", line 41, in get_client
    client = docker_client(
             ^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/compose/cli/docker_client.py", line 170, in docker_client
    client = APIClient(use_ssh_client=not use_paramiko_ssh, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/docker/api/client.py", line 197, in __init__
    self._version = self._retrieve_server_version()
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/docker/api/client.py", line 221, in _retrieve_server_version
    raise DockerException(
docker.errors.DockerException: Error while fetching server API version: HTTPConnection.request() got an unexpected keyword argument 'chunked'

disk full

Would like to know how to prevent the container for syslog-ng from filling up fast. Is it possible to logrotate it? thanks!

what license the repository has

Host value showing docker ingress network

Hi lux4rd0

First, thanks for such a great write up and example project. I've used your compose and config files to setup promtail and syslog-ng.

I have a 3 node docker swarm and this is working well for devices that send RFC 5424 messages, but I have an issue with RFC 3164. The hostname populated in the host label is an IP from the docker ingress network. In my case, 10.0.0.3. There is no way to differentiate between hosts as all RFC 3164 messages are recorded as 10.0.0.3 in Loki.

I have tested this with pfSense, it has an option to switch between RFC standards. When set to RFC 5424 the host value in Loki is correct.

Another example is Ubiquiti EdgeSwitchOS uses RFS 3164.

Do you know how to fix this so I can properly see the source host of the logs?

M2 Mac: ! syslog-ng The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested

Rubber ducking here:

Possibly related to #8

docker-compose -f ./docker-compose.yml up -d
...
 ! syslog-ng The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested 0.0s
Error response from daemon: path / is mounted on / but it is not a shared or slave mount

Dashboard Browse Section Missing in Grafana UI

Hi - really like this project, thanks for your hard work.

I have an issue though - using the default docker-compose.yml, it spins up my stack great - however when I click the left panel in the grafana web ui, click the four small squares there is no browse option in the resulting menu that appears.

When I check the Amazon managed grafana dashboard at work (seperate to this project) which is on Grafana v8.4.0 it is there.

Example - this aio stack on version 8.1.2

As you can see there is no browse menu option when clicked.

Compared to my work Grafana on v 8.4.0

Do you know how to enable this option? Or is this just a case of we need a newer version of Grafana to enable this?

Thanks for your help :)

Persitant saving of data and customized dashboards

Good evening Lux4rd0,

First of all let me start off by saying that this stack you have put together here is really awesome out of the box. I have been messing around with this over the last week or so and it seems like all of my attempts to make custom dashboards have been failing. Every time I try to make changes, the either don't persist or just tell me that unique id already exists etc. I have tried making new dashboards from scratch but as soon as the stack restarts for whatever reason, the new dashboards do not seem to persist.

I am running this on docker and creating the stack using portainer. The only modifications I have made are changing the external directories from .config to something like /home/docker/syslog/.

I have tried changing the mounts on the grafana container to RW, and that doesn't seem to be solving my issue. Is there a way you could recommend for changes I need to make so that I can create customizable dashboards? I really like the dashboards you have included here but would like to mix/match some of the data they are all providing into a dashboard more tailored to my home environment. Again, love the work you have done with this :)

error getting credentials - err: exec: "docker-credential-desktop": executable file not found in $PATH, out:

Rubber ducking this here:

 docker-compose -f ./docker-compose.yml up -d
[+] Running 1/8
 ⠴ loki Pulling                                                                                                5.6s
 ✘ cadvisor Error                                                                                              5.6s
 ⠴ minio Pulling                                                                                               5.6s
 ⠴ node-exporter Pulling                                                                                       5.6s
 ⠴ prometheus Pulling                                                                                          5.6s
 ⠴ promtail Pulling                                                                                            5.6s
 ⠴ syslog-ng Pulling                                                                                           5.6s
 ⠴ grafana Pulling                                                                                             5.6s
error getting credentials - err: exec: "docker-credential-desktop": executable file not found in $PATH, out:

Problem running on the Mac

Mac OS: Version 11.6

I get the following error when run the command: docker-compose -f ./docker-compose.yml up -d

ERROR: for node-exporter Cannot start service node-exporter: path / is mounted on / but it is not a shared or slave mount