lux4rd0 / grafana-loki-syslog-aio Goto Github PK
View Code? Open in Web Editor NEWGrafana Loki Syslog All In One Syslog Deployable Stack
Home Page: https://labs.lux4rd0.com/2021/01/oldskool-syslog-meets-newskool-loki/
License: Apache License 2.0
Grafana Loki Syslog All In One Syslog Deployable Stack
Home Page: https://labs.lux4rd0.com/2021/01/oldskool-syslog-meets-newskool-loki/
License: Apache License 2.0
First of thanks for taking the time to put this project together. I am sure I am missing something fairly obvious. I have a my device pointed to the IP of the VM where g-l-s-a is running and I am not seeing any data hitting being reflected in the dashboard.
my syslog-ng.conf file is as follows
axiom@ranch-a1:~/container/Grafana-Influxdb_2.x-Syslog-server/syslog$ cat syslog-ng.conf
@Version: 3.35
@include "scl.conf"
source s_sys {
udp(ip(0.0.0.0) port(514));
};
destination telegraf_local {
syslog("telegraf" port(6514));
};
#filter f_default { level(info..emerg));
#};
log { source(s_sys); filter(f_default); destination(telegraf_local); };
any pointers would be greatly appreciated
I am a super newbie when it comes to syslog-ng but I am here asking for help. I think what i need help with is understanding how I can modify the existing syslog-ng.conf -the default one provided by the stack - to have it receive from a truenas installation and also send logs to Splunk. I would appreciate any input, thanks
Is there a reason the "New Alert" button does not show up after a fresh build. I cannot create alerts because of this.
Error:
:~/grafana-loki-syslog-aio-main$ sudo docker-compose -f ./docker-compose.yml up -d
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/docker/api/client.py", line 214, in _retrieve_server_version
return self.version(api_version=False)["ApiVersion"]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/docker/api/daemon.py", line 181, in version
return self._result(self._get(url), json=True)
^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/docker/utils/decorators.py", line 46, in inner
return f(self, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/docker/api/client.py", line 237, in _get
return self.get(url, **self._set_request_timeout(kwargs))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 602, in get
return self.request("GET", url, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 486, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 791, in urlopen
response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 497, in _make_request
conn.request(
TypeError: HTTPConnection.request() got an unexpected keyword argument 'chunked'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/bin/docker-compose", line 33, in <module>
sys.exit(load_entry_point('docker-compose==1.29.2', 'console_scripts', 'docker-compose')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/compose/cli/main.py", line 81, in main
command_func()
File "/usr/lib/python3/dist-packages/compose/cli/main.py", line 200, in perform_command
project = project_from_options('.', options)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/compose/cli/command.py", line 60, in project_from_options
return get_project(
^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/compose/cli/command.py", line 152, in get_project
client = get_client(
^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/compose/cli/docker_client.py", line 41, in get_client
client = docker_client(
^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/compose/cli/docker_client.py", line 170, in docker_client
client = APIClient(use_ssh_client=not use_paramiko_ssh, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/docker/api/client.py", line 197, in __init__
self._version = self._retrieve_server_version()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/docker/api/client.py", line 221, in _retrieve_server_version
raise DockerException(
docker.errors.DockerException: Error while fetching server API version: HTTPConnection.request() got an unexpected keyword argument 'chunked'
Would like to know how to prevent the container for syslog-ng from filling up fast. Is it possible to logrotate it? thanks!
Hi lux4rd0
First, thanks for such a great write up and example project. I've used your compose and config files to setup promtail and syslog-ng.
I have a 3 node docker swarm and this is working well for devices that send RFC 5424 messages, but I have an issue with RFC 3164. The hostname populated in the host label is an IP from the docker ingress network. In my case, 10.0.0.3. There is no way to differentiate between hosts as all RFC 3164 messages are recorded as 10.0.0.3 in Loki.
I have tested this with pfSense, it has an option to switch between RFC standards. When set to RFC 5424 the host value in Loki is correct.
Another example is Ubiquiti EdgeSwitchOS uses RFS 3164.
Do you know how to fix this so I can properly see the source host of the logs?
Rubber ducking here:
Possibly related to #8
docker-compose -f ./docker-compose.yml up -d
...
! syslog-ng The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested 0.0s
Error response from daemon: path / is mounted on / but it is not a shared or slave mount
Hi - really like this project, thanks for your hard work.
I have an issue though - using the default docker-compose.yml, it spins up my stack great - however when I click the left panel in the grafana web ui, click the four small squares there is no browse option in the resulting menu that appears.
When I check the Amazon managed grafana dashboard at work (seperate to this project) which is on Grafana v8.4.0 it is there.
Example - this aio stack on version 8.1.2
As you can see there is no browse menu option when clicked.
Compared to my work Grafana on v 8.4.0
Do you know how to enable this option? Or is this just a case of we need a newer version of Grafana to enable this?
Thanks for your help :)
Good evening Lux4rd0,
First of all let me start off by saying that this stack you have put together here is really awesome out of the box. I have been messing around with this over the last week or so and it seems like all of my attempts to make custom dashboards have been failing. Every time I try to make changes, the either don't persist or just tell me that unique id already exists etc. I have tried making new dashboards from scratch but as soon as the stack restarts for whatever reason, the new dashboards do not seem to persist.
I am running this on docker and creating the stack using portainer. The only modifications I have made are changing the external directories from .config to something like /home/docker/syslog/.
I have tried changing the mounts on the grafana container to RW, and that doesn't seem to be solving my issue. Is there a way you could recommend for changes I need to make so that I can create customizable dashboards? I really like the dashboards you have included here but would like to mix/match some of the data they are all providing into a dashboard more tailored to my home environment. Again, love the work you have done with this :)
Rubber ducking this here:
docker-compose -f ./docker-compose.yml up -d
[+] Running 1/8
⠴ loki Pulling 5.6s
✘ cadvisor Error 5.6s
⠴ minio Pulling 5.6s
⠴ node-exporter Pulling 5.6s
⠴ prometheus Pulling 5.6s
⠴ promtail Pulling 5.6s
⠴ syslog-ng Pulling 5.6s
⠴ grafana Pulling 5.6s
error getting credentials - err: exec: "docker-credential-desktop": executable file not found in $PATH, out:
Mac OS: Version 11.6
I get the following error when run the command: docker-compose -f ./docker-compose.yml up -d
ERROR: for node-exporter Cannot start service node-exporter: path / is mounted on / but it is not a shared or slave mount
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.