Exporting limited log information to a 3rd party tool via url/port?

Greetings. We are setting up Loki and we adore it… one catch, can’t figure out how to export from it as it ingests. We have a 3rd party tool that provides security monitoring by watching logs from our infrastructure for signs of a security incident taking place, and then alerts us/blocks IPs/etc (actually has humans sitting and watching it all day/night who decide how to deal with it). We are trying to figure out how to get our logs from Loki to them… continuously. So far my only though has been to write a piece of middleware that regularly polls the API and then sends up the results… but that feels less than elegant…

The 3rd party can take json on a port, or in a file system path… along the lines of something like Splunk/etc.

Any other ideas would be super appreciated, thanks!

And can I just say… post number LLEEET!

I think writing your own middleware is probably the way to go.

The middleware has to exist somewhere. Either the vendor does it, or you do. Given that Loki isn’t arguably mainstream yet, you’d probably have better luck just writing your own middleware.

You can use OpenTelemetry collector in front of Loki. You will configure log pipeline with 2 exporters: one loki exporter for your Loki and second (maybe syslog exporter) for that 3rd party destination URL

1 Like

Thanks for this, I believe that’s likely the direction we’ll go… man do I love OTel!