Hello All,
I started to validate Grafana stack as our security log inspection , i am using docker compose env, we have started Loki & Promtail and Grafana, i configured promtail
scrape job to listen for syslog receiver , also listen on docker compose , both shows they are listen to syslog port.
The issue is that on grafana there is no syslog job nor logs from syslog source.
Below i will share both my docker-compose and promtail config , i probably missed something
Please advice
Thank you
docker compose config
version: "3.8"
networks:
loki:
volumes:
prometheus:
grafana:
alertmanager-data:
services:
# Since the Loki containers are running as user 10001 and the mounted data volume is owned by root,
# Loki would not have permissions to create the directories.
# Therefore the init container changes permissions of the mounted directory.
init:
image: grafana/loki:latest
user: root
entrypoint:
- "chown"
- "10001:10001"
- "/loki"
volumes:
- ./loki:/loki
networks:
- loki
grafana:
image: grafana/grafana:latest
ports:
- "3000:3000"
environment:
GF_AUTH_ANONYMOUS_ENABLED: "true"
GF_AUTH_DISABLE_LOGIN_FORM: "true"
GF_AUTH_ANONYMOUS_ORG_ROLE: "Admin"
volumes:
- ./config/datasources.yaml:/etc/grafana/provisioning/datasources/datasources.yml
- grafana:/var/lib/grafana
networks:
- loki
prometheus:
image: prom/prometheus:latest
ports:
- 9090:9090
volumes:
- ./config/prometheus.yaml:/etc/prometheus/prometheus.yml
- prometheus:/prometheus
command:
[
'--log.level=debug',
'--config.file=/etc/prometheus/prometheus.yml',
'--query.lookback-delta=30s'
]
networks:
- loki
# for testing purposes only, disable in production
log-generator:
image: mingrammer/flog
command:
- --loop
- --format=json
- --number=10 # number of log lines to generate per second
- --delay=100ms # delay between log lines
- --output=/var/log/generated-logs.txt
- --overwrite
- --type=log
volumes:
- ./loki/:/var/log/
promtail:
image: grafana/promtail:latest
volumes:
- ./loki/:/var/log/
- ./config:/etc/promtail/
ports:
- "9080:9080"
- "1518:1514/udp"
command: -config.file=/etc/promtail/promtail.yaml
networks:
- loki
minio:
image: minio/minio
entrypoint:
- sh
- -euc
- |
mkdir -p /data/loki-data && \
mkdir -p /data/loki-ruler &&
minio server /data
environment:
- MINIO_ACCESS_KEY=loki
- MINIO_SECRET_KEY=supersecret
- MINIO_PROMETHEUS_AUTH_TYPE=public
- MINIO_UPDATE=off
ports:
- "9002:9000"
volumes:
- ./.data/minio:/data
networks:
- loki
loki-gateway:
image: nginx:latest
volumes:
- ./config/nginx.conf:/etc/nginx/nginx.conf
ports:
- "8080:80"
- "3100"
networks:
- loki
loki-frontend:
image: grafana/loki:latest
volumes:
- ./config:/etc/loki/
ports:
- "3100"
command: "-config.file=/etc/loki/loki.yaml -target=query-frontend -frontend.downstream-url=http://loki-read:3100"
networks:
- loki
deploy:
mode: replicated
replicas: 2
loki-read:
image: grafana/loki:latest
volumes:
- ./config:/etc/loki/
ports:
- "3100"
- "7946"
# uncomment to use interactive debugging
# - "40000-40002:40000" # # makes the replicas available on ports 40000, 40001, 40002
#cap_add:
# - SYS_PTRACE
#security_opt:
# - apparmor=unconfined
command: "-config.file=/etc/loki/loki.yaml -target=read"
networks:
- loki
restart: always
deploy:
mode: replicated
replicas: 3
# only needed for interactive debugging with dlv
loki-write:
image: grafana/loki:latest
volumes:
- ./config:/etc/loki/
ports:
- "3100"
- "7946"
# uncomment to use interactive debugging
# - "50000-50002:40000" # makes the replicas available on ports 50000, 50001, 50002
# cap_add:
# - SYS_PTRACE
# security_opt:
# - apparmor=unconfined
command: "-config.file=/etc/loki/loki.yaml -target=write"
networks:
- loki
restart: always
deploy:
mode: replicated
replicas: 3
# alertmanager to enable receiving alerts
alertmanager:
image: prom/alertmanager:latest
restart: unless-stopped
ports:
- "9093:9093"
volumes:
- "./config:/config"
- alertmanager-data:/data
command: --config.file=/config/alertmanager.yml --log.level=debug
networks:
- loki
promtail config
server:
http_listen_port: 9080
grpc_listen_port: 0
log_level: "info"
positions:
filename: /tmp/positions.yaml
clients:
- url: http://loki-gateway:80/loki/api/v1/push
tenant_id: docker
scrape_configs:
- job_name: generated-logs
static_configs:
- targets:
- localhost
labels:
job: generated-logs
__path__: /var/log/generated-logs.txt
pipeline_stages:
- json:
expressions:
http_method: 'method'
http_status: "status"
- labels:
http_method:
http_status:
- job_name: syslog
syslog:
listen_address: 0.0.0.0:1514
listen_protocol: udp
idle_timeout: 60s
label_structured_data: yes
labels:
job: "syslog"
relabel_configs:
- source_labels: ['__syslog_message_hostname']
target_label: 'host'