This is extremely confusing. So I’ve got Grafana/Loki up and running in a Docker container and I can see the hosts /var/logs, but I’m also trying to set it up to receive syslog streams from other devices on my network but in Grafana it’s not seeing the syslog job. I’m using Promtail 2.4.1 and Loki version 2.7.1 Here is the promtail config:
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: http://loki:3100/loki/api/v1/push
scrape_configs:
- job_name: system
static_configs:
- targets:
- localhost
labels:
job: varlogs
__path__: /var/log/*log
- job_name: syslog
syslog:
listen_address: 0.0.0.0:1514
idle_timeout: 60s
label_structured_data: yes
labels:
job: "syslog"
relabel_configs:
- source_labels: ['__syslog_message_hostname']
target_label: 'host'
Here is the docker compose file:
version: "3"
networks:
loki:
services:
loki:
image: grafana/loki:2.6.1
ports:
- "3100:3100"
command: -config.file=/etc/loki/local-config.yaml
networks:
- loki
promtail:
image: grafana/promtail:2.6.1
volumes:
- /var/log:/var/logi
- /home/user/Docker/promtail-config.yaml:/etc/promtail/config.yaml
command: -config.file=/etc/promtail/config.yml
networks:
- loki
grafana:
image: grafana/grafana:latest
ports:
- "3000:3000"
networks:
- loki
So from what I understand, Promtail runs as a server that ingests logs and forwards them to Loki, and I read that I should just be able to simply point syslog configs to the Promtail service and it should forward them to Loki. So doesn’t this mean that there needs to be an exposed port in the docker container if Promtail is supposed to accept syslog pushes from other devices on the network? I haven’t found anywhere that mentions needing to setup ports for the Promtail container so I’m really confused on how this is supposed to work.
Edit: So I came across this Scraping | Grafana Loki documentation and it says I should be able to use “listen_protocol: udp” to specify the protocol (as the syslog message I’m trying to receive are UDP), but this results in the error
Unable to parse config: config-promtail.yml: yaml: unmarshal errors:
line 20: field listen_protocol not found in type scrapeconfig.SyslogTargetConfig
Here is what the updated config file looks like:
positions:
filename: /tmp/positions.yaml
clients:
- url: "http://loki:3100/loki/api/v1/push"
scrape_configs:
- job_name: "system"
static_configs:
- targets: ["localhost"]
labels:
job: "varlogs"
__path__: "/var/log/*log"
- job_name: syslog
syslog:
listen_address: "0.0.0.0:514"
listen_protocol: "udp"
idle_timeout: 60s
label_structured_data: yes
labels:
job: "syslog"
relabel_configs:
- source_labels: ['__syslog_message_hostname']
target_label: 'host'
- source_labels: ["__syslog_program__"]
target_label: "program"
- source_labels: ["__syslog_message__"]
target_label: "message"
How is it that the documentation clearly states that “listen_protocol” is an option, but I still get this error saying it’s unrecognized?