GoLogD is a logging daemon for the GoLogging system
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
JojiiOfficial d689e81f12
Merge pull request #6 from JojiiOfficial/dependabot/go_modules/github.com/mkideal/cli-0.0.5
1 year ago
.gitignore added config 2 years ago
AddLogfile.go added parse custom logfile 2 years ago
Config.go added custom log format 2 years ago
Data.go fixed logging loop 2 years ago
HTTP.go removed unneccessary httpclient options 2 years ago
Install.go improved logging 2 years ago
LICENSE Initial commit 2 years ago
Logfile.go changed fileChange lib 2 years ago
Logger.go save date+time in logs 2 years ago
Parser.go updated logging performance 2 years ago
Push.go updated logging performance 2 years ago
README.md Update README.md 2 years ago
Start.go moved logging from syslog to file 2 years ago
Stop.go moved logging from syslog to file 2 years ago
Structs.go push hostname 2 years ago
UIOtools.go added command modify config from cli 2 years ago
go.mod Bump github.com/mkideal/cli from 0.0.3 to 0.0.5 1 year ago
go.sum Bump github.com/mkideal/cli from 0.0.3 to 0.0.5 1 year ago
main.go added parse custom logfile 2 years ago
update.sh added update script 2 years ago

README.md

GoLogD

GoLogD is a logging daemon for the gologging centralized logging system. It parses logs and pushes them to the GoLogServer

Logtypes

Currently following logs are supported:

  • systemd (syslog/authlog/etc...)
  • every file starting with a timestamp in each row (custom logfiles)

Install

Install go 1.13, clone this repository. Then run

go get
go build -o goLogD

to compile it. Then run

 ./goLogD push

to let the daemon automatically create a config file. You need to change following options:
host The host of the GoLogServer token The token for the daemon (24bytes!)(Need to be added in the 'User' table from the server)

You can run ./goLogD push again if you want to check if the config is filled correctly. If the daemon keeps running everything is ok. If not have a look at /var/log/gologger.log
Note: You can run ./goLogD install to create a systemd service automatically.

Config

You can add/edit a logfile in the config using ./goLogD addFile -f /var/log/auth.log. But using this tool you can only set a few options. Here are all config options:

Global

ignoreCert (bool) ignore invalid TLS certificates
termsToIgnore (string array) Don't push a log if it contains at least one of the given keywords (globally)
LogFiles (logfile array) Contains options for the files to parse:

Logfiles

file (string) The logfile (eg /var/log/syslog)
logType (string) The type of log (see Logtypes. The keywords for the config are bold)
filterMode ("and"/"or") to specify if the given filter must match completely or only a partialy
hostnameFilter (string array) filter by hostname(s). Takes a regex.
messageFilter (string array) filter by a message(s). Takes a regex.
tagFilter (string array) filter by tag(s). Takes a regex.
logLevesFilter (int array) filter by loglevels(s).
termsToIgnore (string array) don't push logentries containing one (or multiple) keys sourceFilter (string array) filter by sources(s). Takes a regex.
parseSource (bool) use second word in custom log as 'source'. You can filter by the source later on.
customTag (string) overwrite or set logTag for

Special options

These options only work for the given logtype:
Syslog:

  • Hostname
  • Tag

Custom:

  • Source
  • ParseSource

Example config

{
	"token": "abcdefghijklmnopqrstuvwxyz",
	"host": "http://192.168.3.11:8081",
	"ignoreCert": false,
	"termsToIgnore": [],
	"LogFiles": [
		{
			"logfile": "/var/log/syslog",
			"logType": "syslog",
			"filterMode": "or",
			"tagFilter": [
				"(?i)(cron|systemd|certbot)"
			],
			"termsToIgnore": [
				"success"
			],
		},
		{
			"logfile": "/var/log/auth.log",
			"logType": "syslog",
			"filterMode": "or",
			"tagFilter": [
				"(?i)(ssh|sudo)"
			],
			"termsToIgnore": [
				"success"
			]
		},
		{
			"logfile": "/var/log/nginx/access.log",
			"logType": "custom",
			"filterMode": "or",
			"parseSource":true,
			"customTag":"revproxy",
		}
	]
}

  1. Pushes logs from the syslog if the tag says 'cron','systemd' or 'certbot' and the line doesn't contain 'success'.
  2. Pushes logs from the auth.log if the tag says 'ssh' or 'sudo' and the line doesn't contain 'success'.
  3. Pushes all logs from the access.log (nginx) parsing the second word as src (the IP) and 'revproxy' as a custom tag.