############################################################################### ### LogWisp Configuration ### Default location: ~/.config/logwisp/logwisp.toml ### Configuration Precedence: CLI flags > Environment > File > Defaults ### Default values shown - uncommented lines represent active configuration ############################################################################### ############################################################################### ### Global Settings ############################################################################### background = false # Run as daemon quiet = false # Suppress console output disable_status_reporter = false # Disable periodic status logging config_auto_reload = false # Reload config on file change ############################################################################### ### Logging Configuration (LogWisp's internal operational logging) ############################################################################### [logging] output = "stdout" # file|stdout|stderr|split|all|none level = "info" # debug|info|warn|error # [logging.file] # directory = "./log" # Log directory path # name = "logwisp" # Base filename # max_size_mb = 100 # Rotation threshold # max_total_size_mb = 1000 # Total size limit # retention_hours = 168.0 # Delete logs older than (7 days) [logging.console] target = "stdout" # stdout|stderr|split format = "txt" # txt|json ############################################################################### ### Pipeline Configuration ### Each pipeline: sources -> rate_limit -> filters -> format -> sinks ############################################################################### [[pipelines]] name = "default" # Pipeline identifier ###============================================================================ ### Rate Limiting (Pipeline-level) ###============================================================================ # [pipelines.rate_limit] # rate = 1000.0 # Entries per second (0=disabled) # burst = 2000.0 # Burst capacity (defaults to rate) # policy = "drop" # pass|drop # max_entry_size_bytes = 0 # Max entry size (0=unlimited) ###============================================================================ ### Filters (Sequential pattern matching) ###============================================================================ ### ⚠️ Example: Include only ERROR and WARN logs ## [[pipelines.filters]] ## type = "include" # include|exclude ## logic = "or" # or|and ## patterns = [".*ERROR.*", ".*WARN.*"] ### ⚠️ Example: Exclude debug logs ## [[pipelines.filters]] ## type = "exclude" ## patterns = [".*DEBUG.*"] ###============================================================================ ### Format (Log transformation) ###============================================================================ # [pipelines.format] # type = "raw" # raw|json|txt ## JSON formatting # [pipelines.format.json] # pretty = false # Pretty-print JSON # timestamp_field = "timestamp" # Field name for timestamp # level_field = "level" # Field name for log level # message_field = "message" # Field name for message # source_field = "source" # Field name for source ## Text templating # [pipelines.format.txt] # template = "{{.Timestamp | FmtTime}} [{{.Level}}] {{.Message}}" # timestamp_format = "2006-01-02 15:04:05" ## Raw templating # [pipelines.format.raw] # add_new_line = true # Preserve new line delimiter between log entries ###============================================================================ ### SOURCES (Inputs) ### Architecture: Pipeline can have multiple sources ###============================================================================ ###---------------------------------------------------------------------------- ### File Source (File monitoring) [[pipelines.sources]] type = "file" [pipelines.sources.file] directory = "./" # Directory to monitor pattern = "*.log" # Glob pattern check_interval_ms = 100 # File check interval recursive = false # Recursive monitoring (TODO) ###---------------------------------------------------------------------------- ### Console Source # [[pipelines.sources]] # type = "console" # [pipelines.sources.console] # buffer_size = 1000 ###---------------------------------------------------------------------------- ### HTTP Source (Server mode - receives logs via HTTP POST) # [[pipelines.sources]] # type = "http" # [pipelines.sources.http] # host = "0.0.0.0" # Listen interface # port = 8081 # Listen port # ingest_path = "/ingest" # Ingestion endpoint # buffer_size = 1000 # max_body_size = 1048576 # 1MB # read_timeout_ms = 10000 # write_timeout_ms = 10000 ### Network access control # [pipelines.sources.http.acl] # enabled = false # max_connections_per_ip = 10 # Max simultaneous connections from a single IP # max_connections_total = 100 # Max simultaneous connections for this component # requests_per_second = 100.0 # Per-IP request rate limit # burst_size = 200 # Per-IP request burst limit # response_message = "Rate limit exceeded" # response_code = 429 # ip_whitelist = ["192.168.1.0/24"] # ip_blacklist = ["10.0.0.100"] ### TLS configuration (mTLS support) # [pipelines.sources.http.tls] # enabled = false # cert_file = "/path/to/server.pem" # Server certificate # key_file = "/path/to/server.key" # Server private key # client_auth = false # Enable mTLS # client_ca_file = "/path/to/ca.pem" # CA for client verification # verify_client_cert = true # Verify client certificates # min_version = "TLS1.2" # TLS1.0|TLS1.1|TLS1.2|TLS1.3 # max_version = "TLS1.3" # cipher_suites = "" # Comma-separated cipher list ###---------------------------------------------------------------------------- ### TCP Source (Server mode - receives logs via TCP) # [[pipelines.sources]] # type = "tcp" # [pipelines.sources.tcp] # host = "0.0.0.0" # port = 9091 # buffer_size = 1000 # read_timeout_ms = 10000 # keep_alive = true # keep_alive_period_ms = 30000 ### Network access control # [pipelines.sources.tcp.acl] # enabled = false # max_connections_per_ip = 10 # Max simultaneous connections from a single IP # max_connections_total = 100 # Max simultaneous connections for this component # requests_per_second = 100.0 # Per-IP request rate limit # burst_size = 200 # Per-IP request burst limit # response_message = "Rate limit exceeded" # response_code = 429 # ip_whitelist = ["192.168.1.0/24"] # ip_blacklist = ["10.0.0.100"] ### ⚠️ IMPORTANT: TCP does NOT support TLS/mTLS (gnet limitation) ### Use HTTP Source with TLS for encrypted transport ###============================================================================ ### SINKS (Outputs) ### Architecture: Pipeline can have multiple sinks (fan-out) ###============================================================================ ###---------------------------------------------------------------------------- ### Console Sink # [[pipelines.sinks]] # type = "console" # [pipelines.sinks.console] # target = "stdout" # stdout|stderr|split # colorize = false # Colorized output # buffer_size = 100 ###---------------------------------------------------------------------------- ### File Sink (Rotating logs) # [[pipelines.sinks]] # type = "file" # [pipelines.sinks.file] # directory = "./logs" # name = "output" # max_size_mb = 100 # max_total_size_mb = 1000 # min_disk_free_mb = 100 # retention_hours = 168.0 # 7 days # buffer_size = 1000 # flush_interval_ms = 1000 ###---------------------------------------------------------------------------- ### HTTP Sink (Server mode - SSE streaming for clients) [[pipelines.sinks]] type = "http" [pipelines.sinks.http] host = "0.0.0.0" port = 8080 stream_path = "/stream" # SSE streaming endpoint status_path = "/status" # Status endpoint buffer_size = 1000 write_timeout_ms = 10000 ### Heartbeat configuration (keep connections alive) [pipelines.sinks.http.heartbeat] enabled = true interval_ms = 30000 # 30 seconds include_timestamp = true include_stats = false format = "comment" # comment|event|json ### Network access control # [pipelines.sinks.http.acl] # enabled = false # max_connections_per_ip = 10 # Max simultaneous connections from a single IP # max_connections_total = 100 # Max simultaneous connections for this component # requests_per_second = 100.0 # Per-IP request rate limit # burst_size = 200 # Per-IP request burst limit # response_message = "Rate limit exceeded" # response_code = 429 # ip_whitelist = ["192.168.1.0/24"] # ip_blacklist = ["10.0.0.100"] ### TLS configuration (mTLS support) # [pipelines.sinks.http.tls] # enabled = false # cert_file = "/path/to/server.pem" # Server certificate # key_file = "/path/to/server.key" # Server private key # client_auth = false # Enable mTLS # client_ca_file = "/path/to/ca.pem" # CA for client verification # verify_client_cert = true # Verify client certificates # min_version = "TLS1.2" # TLS1.0|TLS1.1|TLS1.2|TLS1.3 # max_version = "TLS1.3" # cipher_suites = "" # Comma-separated cipher list ###---------------------------------------------------------------------------- ### TCP Sink (Server mode - TCP streaming for clients) # [[pipelines.sinks]] # type = "tcp" # [pipelines.sinks.tcp] # host = "0.0.0.0" # port = 9090 # buffer_size = 1000 # write_timeout_ms = 10000 # keep_alive = true # keep_alive_period_ms = 30000 ### Heartbeat configuration # [pipelines.sinks.tcp.heartbeat] # enabled = false # interval_ms = 30000 # include_timestamp = true # include_stats = false # format = "json" # json|txt ### Network access control # [pipelines.sinks.tcp.acl] # enabled = false # max_connections_per_ip = 10 # Max simultaneous connections from a single IP # max_connections_total = 100 # Max simultaneous connections for this component # requests_per_second = 100.0 # Per-IP request rate limit # burst_size = 200 # Per-IP request burst limit # response_message = "Rate limit exceeded" # response_code = 429 # ip_whitelist = ["192.168.1.0/24"] # ip_blacklist = ["10.0.0.100"] ### ⚠️ IMPORTANT: TCP does NOT support TLS/mTLS (gnet limitation) ### Use HTTP Sink with TLS for encrypted transport ###---------------------------------------------------------------------------- ### HTTP Client Sink (Forward to remote HTTP endpoint) # [[pipelines.sinks]] # type = "http_client" # [pipelines.sinks.http_client] # url = "https://logs.example.com/ingest" # buffer_size = 1000 # batch_size = 100 # Entries per batch # batch_delay_ms = 1000 # Max wait before sending # timeout_seconds = 30 # max_retries = 3 # retry_delay_ms = 1000 # retry_backoff = 2.0 # Exponential backoff multiplier # insecure_skip_verify = false # Skip TLS verification ### TLS configuration for client # [pipelines.sinks.http_client.tls] # enabled = false # Enable TLS for the outgoing connection # server_ca_file = "/path/to/ca.pem" # CA for verifying the remote server's certificate # server_name = "logs.example.com" # For server certificate validation (SNI) # insecure_skip_verify = false # Skip server verification, use with caution # client_cert_file = "/path/to/client.pem" # Client's certificate to present to the server for mTLS # client_key_file = "/path/to/client.key" # Client's private key for mTLS # min_version = "TLS1.2" # max_version = "TLS1.3" # cipher_suites = "" ### ⚠️ Example: HTTP Client Sink → HTTP Source with mTLS ## HTTP Source with mTLS: ## [pipelines.sources.http.tls] ## enabled = true ## cert_file = "/path/to/server.pem" ## key_file = "/path/to/server.key" ## client_auth = true # Enable client cert verification ## client_ca_file = "/path/to/ca.pem" ## verify_client_cert = true ## HTTP Client with client cert: ## [pipelines.sinks.http_client.tls] ## enabled = true ## server_ca_file = "/path/to/ca.pem" # Verify server ## client_cert_file = "/path/to/client.pem" # Client certificate ## client_key_file = "/path/to/client.key" ###---------------------------------------------------------------------------- ### TCP Client Sink (Forward to remote TCP endpoint) # [[pipelines.sinks]] # type = "tcp_client" # [pipelines.sinks.tcp_client] # host = "logs.example.com" # port = 9090 # buffer_size = 1000 # dial_timeout_seconds = 10 # Connection timeout # write_timeout_seconds = 30 # Write timeout # read_timeout_seconds = 10 # Read timeout # keep_alive_seconds = 30 # TCP keep-alive # reconnect_delay_ms = 1000 # Initial reconnect delay # max_reconnect_delay_ms = 30000 # Max reconnect delay # reconnect_backoff = 1.5 # Exponential backoff ### ⚠️ WARNING: TCP Client has NO TLS support ### Use HTTP Client with TLS for encrypted transport ############################################################################### ### Common Usage Patterns ############################################################################### ### Pattern 1: Log Aggregation (Client → Server) ### - HTTP Client Sink → HTTP Source (with optional TLS/mTLS) ### - TCP Client Sink → TCP Source (unencrypted only) ### Pattern 2: Live Monitoring ### - HTTP Sink: Browser-based SSE streaming (https://host:8080/stream) ### - TCP Sink: Debug interface (telnet/netcat to port 9090) ### Pattern 3: Log Collection & Distribution ### - File Source → Multiple Sinks (fan-out) ### - Multiple Sources → Single Pipeline → Multiple Sinks