############################################################################### ### LogWisp Configuration ### Default location: ~/.config/logwisp/logwisp.toml ### Configuration Precedence: CLI flags > Environment > File > Defaults ### Default values shown - uncommented lines represent active configuration ############################################################################### ############################################################################### ### Global Settings ############################################################################### background = false # Run as daemon quiet = false # Suppress console output disable_status_reporter = false # Disable periodic status logging config_auto_reload = false # Reload config on file change ############################################################################### ### Logging Configuration ############################################################################### [logging] output = "stdout" # file|stdout|stderr|split|all|none level = "info" # debug|info|warn|error # [logging.file] # directory = "./log" # Log directory path # name = "logwisp" # Base filename # max_size_mb = 100 # Rotation threshold # max_total_size_mb = 1000 # Total size limit # retention_hours = 168.0 # Delete logs older than (7 days) [logging.console] target = "stdout" # stdout|stderr|split format = "txt" # txt|json ############################################################################### ### Pipeline Configuration ############################################################################### [[pipelines]] name = "default" # Pipeline identifier ###============================================================================ ### Rate Limiting (Pipeline-level) ###============================================================================ # [pipelines.rate_limit] # rate = 1000.0 # Entries per second (0=disabled) # burst = 2000.0 # Burst capacity (defaults to rate) # policy = "drop" # pass|drop # max_entry_size_bytes = 0 # Max entry size (0=unlimited) ###============================================================================ ### Filters ###============================================================================ ### ⚠️ Example: Include only ERROR and WARN logs ## [[pipelines.filters]] ## type = "include" # include|exclude ## logic = "or" # or|and ## patterns = [".*ERROR.*", ".*WARN.*"] ### ⚠️ Example: Exclude debug logs ## [[pipelines.filters]] ## type = "exclude" ## patterns = [".*DEBUG.*"] ###============================================================================ ### Format Configuration ###============================================================================ # [pipelines.format] # type = "raw" # json|txt|raw ### Raw formatter options (default) # [pipelines.format.raw] # add_new_line = true # Add newline to messages ### JSON formatter options # [pipelines.format.json] # pretty = false # Pretty print JSON # timestamp_field = "timestamp" # Field name for timestamp # level_field = "level" # Field name for log level # message_field = "message" # Field name for message # source_field = "source" # Field name for source ### Text formatter options # [pipelines.format.txt] # template = "[{{.Timestamp | FmtTime}}] [{{.Level | ToUpper}}] {{.Source}} - {{.Message}}" # timestamp_format = "2006-01-02T15:04:05.000Z07:00" # Go time format string ###============================================================================ ### Sources (Input Sources) ###============================================================================ ###---------------------------------------------------------------------------- ### Directory Source (Active Default) [[pipelines.sources]] type = "directory" [pipelines.sources.directory] path = "./" # Watch directory pattern = "*.log" # File pattern (glob) check_interval_ms = 100 # Poll interval recursive = false # Scan subdirectories ###---------------------------------------------------------------------------- ### Stdin Source # [[pipelines.sources]] # type = "stdin" # [pipelines.sources.stdin] # buffer_size = 1000 # Internal buffer size ###---------------------------------------------------------------------------- ### HTTP Source (Receives via POST) # [[pipelines.sources]] # type = "http" # [pipelines.sources.http] # host = "0.0.0.0" # Listen address # port = 8081 # Listen port # ingest_path = "/ingest" # Ingest endpoint # buffer_size = 1000 # Internal buffer size # max_body_size = 1048576 # Max request body (1MB) # read_timeout_ms = 10000 # Read timeout # write_timeout_ms = 10000 # Write timeout ### TLS configuration # [pipelines.sources.http.tls] # enabled = false # cert_file = "/path/to/cert.pem" # key_file = "/path/to/key.pem" # ca_file = "/path/to/ca.pem" # min_version = "TLS1.2" # TLS1.2|TLS1.3 # client_auth = false # Require client certs # client_ca_file = "/path/to/ca.pem" # CA to validate client certs # verify_client_cert = true # Require valid client cert ### ⚠️ Example: TLS configuration to enable auth) ## [pipelines.sources.http.tls] ## enabled = true # MUST be true for auth ## cert_file = "/path/to/server.pem" ## key_file = "/path/to/server.key" ### Network limiting (access control) # [pipelines.sources.http.net_limit] # enabled = false # max_connections_per_ip = 10 # max_connections_total = 100 # requests_per_second = 100.0 # Rate limit per client # burst_size = 200 # Token bucket burst # response_code = 429 # HTTP rate limit response code # response_message = "Rate limit exceeded" # ip_whitelist = [] # ip_blacklist = [] ### Authentication (validates clients) ### ☢ SECURITY: HTTP auth REQUIRES TLS to be enabled # [pipelines.sources.http.auth] # type = "none" # none|basic|token|mtls (NO scram) # realm = "LogWisp" # For basic auth ### Basic auth users # [[pipelines.sources.http.auth.basic.users]] # username = "admin" # password_hash = "$argon2..." # Argon2 hash ### Token auth tokens # [pipelines.sources.http.auth.token] # tokens = ["token1", "token2"] ###---------------------------------------------------------------------------- ### TCP Source (Receives logs via TCP Client Sink) # [[pipelines.sources]] # type = "tcp" # [pipelines.sources.tcp] # host = "0.0.0.0" # Listen address # port = 9091 # Listen port # buffer_size = 1000 # Internal buffer size # read_timeout_ms = 10000 # Read timeout # keep_alive = true # Enable TCP keep-alive # keep_alive_period_ms = 30000 # Keep-alive interval ### ☣ WARNING: TCP has NO TLS support (gnet limitation) ### Use HTTP with TLS for encrypted transport ### Network limiting (access control) # [pipelines.sources.tcp.net_limit] # enabled = false # max_connections_per_ip = 10 # max_connections_total = 100 # requests_per_second = 100.0 # burst_size = 200 # ip_whitelist = [] # ip_blacklist = [] ### Authentication # [pipelines.sources.tcp.auth] # type = "none" # none|scram ONLY (no basic/token/mtls) ### SCRAM auth users for TCP Source # [[pipelines.sources.tcp.auth.scram.users]] # username = "user1" # stored_key = "base64..." # Pre-computed SCRAM keys # server_key = "base64..." # salt = "base64..." # argon_time = 3 # argon_memory = 65536 # argon_threads = 4 ###============================================================================ ### Sinks (Output Destinations) ###============================================================================ ###---------------------------------------------------------------------------- ### Console Sink (Active Default) [[pipelines.sinks]] type = "console" [pipelines.sinks.console] target = "stdout" # stdout|stderr|split colorize = false # Enable colored output buffer_size = 100 # Internal buffer size ###---------------------------------------------------------------------------- ### File Sink # [[pipelines.sinks]] # type = "file" # [pipelines.sinks.file] # directory = "./logs" # Output directory # name = "output" # Base filename # max_size_mb = 100 # Rotation threshold # max_total_size_mb = 1000 # Total size limit # min_disk_free_mb = 500 # Minimum free disk space # retention_hours = 168.0 # Delete logs older than (7 days) # buffer_size = 1000 # Internal buffer size # flush_interval_ms = 1000 # Force flush interval ###---------------------------------------------------------------------------- ### HTTP Sink (SSE streaming to browser/HTTP client) # [[pipelines.sinks]] # type = "http" # [pipelines.sinks.http] # host = "0.0.0.0" # Listen address # port = 8080 # Listen port # stream_path = "/stream" # SSE stream endpoint # status_path = "/status" # Status endpoint # buffer_size = 1000 # Internal buffer size # max_connections = 100 # Max concurrent clients # read_timeout_ms = 10000 # Read timeout # write_timeout_ms = 10000 # Write timeout ### Heartbeat configuration (keeps SSE alive) # [pipelines.sinks.http.heartbeat] # enabled = true # interval_ms = 30000 # 30 seconds # include_timestamp = true # include_stats = false # format = "comment" # comment|event|json ### TLS configuration # [pipelines.sinks.http.tls] # enabled = false # cert_file = "/path/to/cert.pem" # key_file = "/path/to/key.pem" # ca_file = "/path/to/ca.pem" # min_version = "TLS1.2" # TLS1.2|TLS1.3 # client_auth = false # Require client certs ### ⚠️ Example: HTTP Client Sink → HTTP Source with mTLS ## HTTP Source with mTLS: ## [pipelines.sources.http.tls] ## enabled = true ## cert_file = "/path/to/server.pem" ## key_file = "/path/to/server.key" ## client_auth = true # Enable client cert verification ## client_ca_file = "/path/to/ca.pem" ## HTTP Client with client cert: ## [pipelines.sinks.http_client.tls] ## enabled = true ## cert_file = "/path/to/client.pem" # Client certificate ## key_file = "/path/to/client.key" ### Network limiting (access control) # [pipelines.sinks.http.net_limit] # enabled = false # max_connections_per_ip = 10 # max_connections_total = 100 # ip_whitelist = ["192.168.1.0/24"] # ip_blacklist = [] ### Authentication (for clients) ### ☢ SECURITY: HTTP auth REQUIRES TLS to be enabled # [pipelines.sinks.http.auth] # type = "none" # none|basic|bearer|mtls ###---------------------------------------------------------------------------- ### TCP Sink (Server - accepts connections from TCP clients) # [[pipelines.sinks]] # type = "tcp" # [pipelines.sinks.tcp] # host = "0.0.0.0" # Listen address # port = 9090 # Listen port # buffer_size = 1000 # Internal buffer size # max_connections = 100 # Max concurrent clients # keep_alive = true # Enable TCP keep-alive # keep_alive_period_ms = 30000 # Keep-alive interval ### Heartbeat configuration # [pipelines.sinks.tcp.heartbeat] # enabled = false # interval_ms = 30000 # include_timestamp = true # include_stats = false # format = "json" # json|txt ### ☣ WARNING: TCP has NO TLS support (gnet limitation) ### Use HTTP with TLS for encrypted transport ### Network limiting # [pipelines.sinks.tcp.net_limit] # enabled = false # max_connections_per_ip = 10 # max_connections_total = 100 # ip_whitelist = [] # ip_blacklist = [] ### ☣ WARNING: TCP Sink has NO AUTH support (aimed for debugging) ### Use HTTP with TLS for encrypted transport ###---------------------------------------------------------------------------- ### HTTP Client Sink (POST to HTTP Source endpoint) # [[pipelines.sinks]] # type = "http_client" # [pipelines.sinks.http_client] # url = "https://logs.example.com/ingest" # buffer_size = 1000 # batch_size = 100 # Logs per request # batch_delay_ms = 1000 # Max wait before sending # timeout_seconds = 30 # Request timeout # max_retries = 3 # Retry attempts # retry_delay_ms = 1000 # Initial retry delay # retry_backoff = 2.0 # Exponential backoff # insecure_skip_verify = false # Skip TLS verification ### TLS configuration # [pipelines.sinks.http_client.tls] # enabled = false # server_name = "logs.example.com" # For verification # skip_verify = false # Skip verification # cert_file = "/path/to/client.pem" # Client cert for mTLS # key_file = "/path/to/client.key" # Client key for mTLS ### ⚠️ Example: HTTP Client Sink → HTTP Source with mTLS ## HTTP Source with mTLS: ## [pipelines.sources.http.tls] ## enabled = true ## cert_file = "/path/to/server.pem" ## key_file = "/path/to/server.key" ## client_auth = true # Enable client cert verification ## client_ca_file = "/path/to/ca.pem" ## HTTP Client with client cert: ## [pipelines.sinks.http_client.tls] ## enabled = true ## cert_file = "/path/to/client.pem" # Client certificate ## key_file = "/path/to/client.key" ### Client authentication ### ☢ SECURITY: HTTP auth REQUIRES TLS to be enabled # [pipelines.sinks.http_client.auth] # type = "none" # none|basic|token|mtls (NO scram) # # token = "your-token" # For token auth # # username = "user" # For basic auth # # password = "pass" # For basic auth ###---------------------------------------------------------------------------- ### TCP Client Sink (Connect to TCP Source server) # [[pipelines.sinks]] # type = "tcp_client" ## [pipelines.sinks.tcp_client] # host = "logs.example.com" # Target host # port = 9090 # Target port # buffer_size = 1000 # Internal buffer size # dial_timeout = 10 # Connection timeout (seconds) # write_timeout = 30 # Write timeout (seconds) # read_timeout = 10 # Read timeout (seconds) # keep_alive = 30 # TCP keep-alive (seconds) # reconnect_delay_ms = 1000 # Initial reconnect delay # max_reconnect_delay_ms = 30000 # Max reconnect delay # reconnect_backoff = 1.5 # Exponential backoff ### ☣ WARNING: TCP has NO TLS support (gnet limitation) ### Use HTTP with TLS for encrypted transport ### Client authentication # [pipelines.sinks.tcp_client.auth] # type = "none" # none|scram ONLY (no basic/token/mtls) # # username = "user" # For SCRAM auth # # password = "pass" # For SCRAM auth