# LogWisp Default Configuration and Guide # Default path: ~/.config/logwisp.toml # Override: logwisp --config /path/to/config.toml # ============================================================================ # LOGGING (LogWisp's operational logs) # ============================================================================ [logging] # Output mode: file, stdout, stderr, both, none output = "stderr" # Log level: debug, info, warn, error level = "info" # File output settings (when output includes "file") [logging.file] directory = "./logs" name = "logwisp" max_size_mb = 100 max_total_size_mb = 1000 retention_hours = 168.0 # 7 days # Console output settings [logging.console] target = "stderr" # stdout, stderr, split format = "txt" # txt, json # ============================================================================ # PIPELINE CONFIGURATION # ============================================================================ # Each [[pipelines]] defines an independent log processing pipeline # Structure: sources → filters → sinks [[pipelines]] # Unique pipeline identifier (used in router paths) name = "default" # ---------------------------------------------------------------------------- # SOURCES - Input data sources # ---------------------------------------------------------------------------- [[pipelines.sources]] # Source type: directory, file, stdin type = "directory" # Type-specific options options = { path = "./", pattern = "*.log", check_interval_ms = 100 # How often to check for new entries (10-60000) } # Additional source examples: # [[pipelines.sources]] # type = "file" # options = { path = "/var/log/app.log" } # # [[pipelines.sources]] # type = "stdin" # options = {} # ---------------------------------------------------------------------------- # FILTERS - Log entry filtering (optional) # ---------------------------------------------------------------------------- # Multiple filters are applied sequentially - all must pass # [[pipelines.filters]] # type = "include" # include (whitelist) or exclude (blacklist) # logic = "or" # or (match any) or and (match all) # patterns = [ # "ERROR", # "(?i)warn", # Case-insensitive # "\\bfatal\\b" # Word boundary # ] # ---------------------------------------------------------------------------- # SINKS - Output destinations # ---------------------------------------------------------------------------- [[pipelines.sinks]] # Sink type: http, tcp, file, stdout, stderr type = "http" # Type-specific options options = { port = 8080, buffer_size = 1000, stream_path = "/stream", status_path = "/status", # Heartbeat configuration heartbeat = { enabled = true, interval_seconds = 30, format = "comment", # comment or json include_timestamp = true, include_stats = false }, # Rate limiting (optional) rate_limit = { enabled = false, requests_per_second = 10.0, burst_size = 20, limit_by = "ip", # ip or global max_connections_per_ip = 5, max_total_connections = 100, response_code = 429, response_message = "Rate limit exceeded" } # SSL/TLS (planned) # ssl = { # enabled = false, # cert_file = "/path/to/cert.pem", # key_file = "/path/to/key.pem" # } } # Additional sink examples: # [[pipelines.sinks]] # type = "tcp" # options = { # port = 9090, # buffer_size = 5000, # heartbeat = { enabled = true, interval_seconds = 60 } # } # [[pipelines.sinks]] # type = "file" # options = { # directory = "/var/log/logwisp", # name = "app", # max_size_mb = 100, # retention_hours = 168.0 # } # [[pipelines.sinks]] # type = "stdout" # options = { buffer_size = 500 } # ---------------------------------------------------------------------------- # AUTHENTICATION (optional, applies to network sinks) # ---------------------------------------------------------------------------- # [pipelines.auth] # type = "none" # none, basic, bearer # # [pipelines.auth.basic_auth] # realm = "LogWisp" # users = [ # { username = "admin", password_hash = "$2a$10$..." } # ] # ip_whitelist = ["192.168.1.0/24"] # ============================================================================ # COMPLETE EXAMPLES # ============================================================================ # Example: Production logs with filtering and multiple outputs # [[pipelines]] # name = "production" # # [[pipelines.sources]] # type = "directory" # options = { path = "/var/log/app", pattern = "*.log", check_interval_ms = 50 } # # [[pipelines.filters]] # type = "include" # patterns = ["ERROR", "WARN", "CRITICAL"] # # [[pipelines.filters]] # type = "exclude" # patterns = ["/health", "/metrics"] # # [[pipelines.sinks]] # type = "http" # options = { # port = 8080, # rate_limit = { enabled = true, requests_per_second = 25.0 } # } # # [[pipelines.sinks]] # type = "file" # options = { directory = "/var/log/archive", name = "errors" } # Example: Multi-source aggregation # [[pipelines]] # name = "aggregated" # # [[pipelines.sources]] # type = "directory" # options = { path = "/var/log/nginx", pattern = "*.log" } # # [[pipelines.sources]] # type = "directory" # options = { path = "/var/log/app", pattern = "*.log" } # # [[pipelines.sinks]] # type = "tcp" # options = { port = 9090 } # ============================================================================ # ROUTER MODE # ============================================================================ # Run with: logwisp --router # Allows multiple pipelines to share HTTP ports via path-based routing # Access: http://localhost:8080/{pipeline_name}/stream # Global status: http://localhost:8080/status # ============================================================================ # QUICK REFERENCE # ============================================================================ # Source types: directory, file, stdin # Sink types: http, tcp, file, stdout, stderr # Filter types: include, exclude # Filter logic: or, and # # Common patterns: # "(?i)error" - Case-insensitive # "\\berror\\b" - Word boundary # "^ERROR" - Start of line # "status=[4-5]\\d{2}" - HTTP errors