# LogWisp Configuration File # Default path: ~/.config/logwisp.toml # Override with: ./logwisp --config /path/to/config.toml # This is a complete configuration reference showing all available options. # Default values are uncommented, alternatives and examples are commented. # ============================================================================== # STREAM CONFIGURATION # ============================================================================== # Each [[streams]] section defines an independent log monitoring stream. # You can have multiple streams, each with its own settings. # ------------------------------------------------------------------------------ # Default Stream - Monitors current directory # ------------------------------------------------------------------------------ [[streams]] # Stream identifier used in logs, metrics, and router paths name = "default" # File monitoring configuration [streams.monitor] # How often to check for new log entries (milliseconds) # Lower = faster detection but more CPU usage check_interval_ms = 100 # Targets to monitor - can be files or directories targets = [ # Monitor all .log files in current directory { path = "./", pattern = "*.log", is_file = false }, ] # HTTP Server configuration (SSE/Server-Sent Events) [streams.httpserver] enabled = true port = 8080 buffer_size = 1000 # Per-client buffer size (messages) stream_path = "/stream" # Endpoint for SSE stream status_path = "/status" # Endpoint for statistics # Keep-alive heartbeat configuration [streams.httpserver.heartbeat] enabled = true interval_seconds = 30 # Send heartbeat every 30 seconds format = "comment" # SSE comment format (: heartbeat) include_timestamp = true # Include timestamp in heartbeat include_stats = false # Include connection stats # Rate limiting configuration (disabled by default) [streams.httpserver.rate_limit] enabled = false # requests_per_second = 10.0 # Token refill rate # burst_size = 20 # Max burst capacity # limit_by = "ip" # "ip" or "global" # response_code = 429 # HTTP Too Many Requests # response_message = "Rate limit exceeded" # max_connections_per_ip = 5 # Max SSE connections per IP # ------------------------------------------------------------------------------ # Example: Application Logs Stream # ------------------------------------------------------------------------------ # [[streams]] # name = "app" # # [streams.monitor] # check_interval_ms = 50 # Fast detection for active logs # targets = [ # # Monitor specific application log directory # { path = "/var/log/myapp", pattern = "*.log", is_file = false }, # # Also monitor specific file # { path = "/var/log/myapp/app.log", is_file = true }, # ] # # [streams.httpserver] # enabled = true # port = 8081 # Different port for each stream # buffer_size = 2000 # Larger buffer for busy logs # stream_path = "/logs" # Custom path # status_path = "/health" # Custom health endpoint # # # JSON heartbeat format for programmatic clients # [streams.httpserver.heartbeat] # enabled = true # interval_seconds = 20 # format = "json" # JSON event format # include_timestamp = true # include_stats = true # Include active client count # # # Moderate rate limiting for public access # [streams.httpserver.rate_limit] # enabled = true # requests_per_second = 25.0 # burst_size = 50 # limit_by = "ip" # max_connections_per_ip = 10 # ------------------------------------------------------------------------------ # Example: System Logs Stream (TCP + HTTP) # ------------------------------------------------------------------------------ # [[streams]] # name = "system" # # [streams.monitor] # check_interval_ms = 1000 # Check every second (system logs update slowly) # targets = [ # { path = "/var/log/syslog", is_file = true }, # { path = "/var/log/auth.log", is_file = true }, # { path = "/var/log/kern.log", is_file = true }, # ] # # # TCP Server for high-performance streaming # [streams.tcpserver] # enabled = true # port = 9090 # buffer_size = 5000 # # # TCP heartbeat (always JSON format) # [streams.tcpserver.heartbeat] # enabled = true # interval_seconds = 60 # Less frequent for TCP # include_timestamp = true # include_stats = false # # # TCP rate limiting # [streams.tcpserver.rate_limit] # enabled = true # requests_per_second = 5.0 # Limit TCP connections # burst_size = 10 # limit_by = "ip" # # # Also expose via HTTP # [streams.httpserver] # enabled = true # port = 8082 # buffer_size = 1000 # stream_path = "/stream" # status_path = "/status" # ------------------------------------------------------------------------------ # Example: High-Volume Debug Logs # ------------------------------------------------------------------------------ # [[streams]] # name = "debug" # # [streams.monitor] # check_interval_ms = 5000 # Check every 5 seconds (high volume) # targets = [ # { path = "/tmp/debug", pattern = "*.debug", is_file = false }, # ] # # [streams.httpserver] # enabled = true # port = 8083 # buffer_size = 10000 # Very large buffer # stream_path = "/debug" # status_path = "/stats" # # # Disable heartbeat for high-volume streams # [streams.httpserver.heartbeat] # enabled = false # # # Aggressive rate limiting # [streams.httpserver.rate_limit] # enabled = true # requests_per_second = 1.0 # Very restrictive # burst_size = 5 # limit_by = "ip" # max_connections_per_ip = 1 # One connection per IP # ------------------------------------------------------------------------------ # Example: Archived Logs (Slow Monitoring) # ------------------------------------------------------------------------------ # [[streams]] # name = "archive" # # [streams.monitor] # check_interval_ms = 60000 # Check once per minute # targets = [ # { path = "/var/log/archive", pattern = "*.gz", is_file = false }, # ] # # [streams.tcpserver] # enabled = true # port = 9091 # buffer_size = 500 # Small buffer for archived logs # # # Infrequent heartbeat # [streams.tcpserver.heartbeat] # enabled = true # interval_seconds = 300 # Every 5 minutes # include_timestamp = false # include_stats = false # ------------------------------------------------------------------------------ # Example: Security/Audit Logs with Strict Limits # ------------------------------------------------------------------------------ # [[streams]] # name = "security" # # [streams.monitor] # check_interval_ms = 100 # targets = [ # { path = "/var/log/audit", pattern = "audit.log*", is_file = false }, # ] # # [streams.httpserver] # enabled = true # port = 8443 # HTTPS port (for future TLS) # buffer_size = 1000 # stream_path = "/audit" # status_path = "/health" # # # Strict rate limiting for security logs # [streams.httpserver.rate_limit] # enabled = true # requests_per_second = 2.0 # Very limited access # burst_size = 3 # limit_by = "ip" # max_connections_per_ip = 1 # Single connection per IP # response_code = 403 # Forbidden instead of rate limit # response_message = "Access restricted" # # # Future: SSL/TLS configuration # # [streams.httpserver.ssl] # # enabled = true # # cert_file = "/etc/logwisp/certs/server.crt" # # key_file = "/etc/logwisp/certs/server.key" # # min_version = "TLS1.2" # # # Future: Authentication # # [streams.auth] # # type = "basic" # # [streams.auth.basic_auth] # # users_file = "/etc/logwisp/security.users" # # realm = "Security Logs" # ------------------------------------------------------------------------------ # Example: Public API Logs with Global Rate Limiting # ------------------------------------------------------------------------------ # [[streams]] # name = "api-public" # # [streams.monitor] # check_interval_ms = 100 # targets = [ # { path = "/var/log/api", pattern = "access.log*", is_file = false }, # ] # # [streams.httpserver] # enabled = true # port = 8084 # buffer_size = 2000 # # # Global rate limiting (all clients share limit) # [streams.httpserver.rate_limit] # enabled = true # requests_per_second = 100.0 # 100 req/s total # burst_size = 200 # limit_by = "global" # All clients share this limit # max_total_connections = 50 # Max 50 connections total # ============================================================================== # USAGE EXAMPLES # ============================================================================== # 1. Basic usage (single stream): # ./logwisp # - Monitors current directory for *.log files # - Access logs at: http://localhost:8080/stream # - View stats at: http://localhost:8080/status # 2. Multi-stream configuration: # - Uncomment additional [[streams]] sections above # - Each stream runs independently on its own port # - Different check intervals for different log types # 3. Router mode (consolidated access): # ./logwisp --router # - All streams accessible via paths: /streamname/stream # - Global status at: /status # - Example: http://localhost:8080/app/stream # 4. Production deployment: # - Enable rate limiting on public-facing streams # - Use TCP for internal high-volume streams # - Set appropriate check intervals (higher = less CPU) # - Configure heartbeats for long-lived connections # 5. Monitoring: # curl http://localhost:8080/status | jq . # - Check active connections # - Monitor rate limit statistics # - Track log entry counts # ============================================================================== # ENVIRONMENT VARIABLES # ============================================================================== # Configuration can be overridden via environment variables: # LOGWISP_STREAMS_0_MONITOR_CHECK_INTERVAL_MS=50 # LOGWISP_STREAMS_0_HTTPSERVER_PORT=8090 # LOGWISP_STREAMS_0_HTTPSERVER_RATE_LIMIT_ENABLED=true # ============================================================================== # NOTES # ============================================================================== # - Rate limiting is disabled by default for backward compatibility # - Each stream can have different rate limit settings # - TCP connections are silently dropped when rate limited # - HTTP returns 429 (or configured code) with JSON error # - IP tracking is cleaned up after 5 minutes of inactivity # - Token bucket algorithm provides smooth rate limiting # - Connection limits prevent resource exhaustion