Enrich logs with alloy

Hi, I’m building log server to collect from network equipment syslog events, like Cisco, Juniper, Huawei and Nokia.

I want to enrich this events with more information like: based in hostname add static lables like: vendor name, software version, model.

Or in cases where one event like ldp peer down, add hostname of peer ip. Link down interfaces events add description information of physical interface.

Brief: I want to have lookups files and Alloy pipeline stage load this files or reload when file is updated.

Alloy and Loki is a good option for this?

1. I may be biased, but personally I like Loki quite a lot as a log storage platform. However whether this works for you and your organization or not is really a question only you can answer. I’d say spin up a single binary Loki instance in Docker (very quick and easy to do) and do a POC and see if you like it or not.
2. I don’t personally use Alloy as a syslog receiver, but I think it’ll be serviceable. Note that you don’t have to use Alloy as logging agent if you don’t want to. You can always go with solutions like fluentd if Alloy doesn’t fit your needs, as long as they are able to write to Loki.

i go straight to pushing syslog to Loki via api using python

Thanks for the answers friends.
I thought about using alloy because looking at it I saw that pipelines can be created (I understood that it looks like logstash).
I thought about doing something in GoLang.

Well, I’ll test it first with Docker and see how it performs.

Hey all, there is a work in progress in Alloy that might cover your use case: Add loki.enrich component by v-zhuravlev · Pull Request #2882 · grafana/alloy · GitHub