373 lines
14 KiB
Plaintext
373 lines
14 KiB
Plaintext
###############################################################################
|
|
### LogWisp Configuration
|
|
### Default location: ~/.config/logwisp/logwisp.toml
|
|
### Configuration Precedence: CLI flags > Environment > File > Defaults
|
|
### Default values shown - uncommented lines represent active configuration
|
|
###############################################################################
|
|
|
|
###############################################################################
|
|
### Global Settings
|
|
###############################################################################
|
|
|
|
background = false # Run as daemon
|
|
quiet = false # Suppress console output
|
|
disable_status_reporter = false # Disable periodic status logging
|
|
config_auto_reload = false # Reload config on file change
|
|
|
|
###############################################################################
|
|
### Logging Configuration (LogWisp's internal operational logging)
|
|
###############################################################################
|
|
|
|
[logging]
|
|
output = "stdout" # file|stdout|stderr|split|all|none
|
|
level = "info" # debug|info|warn|error
|
|
|
|
# [logging.file]
|
|
# directory = "./log" # Log directory path
|
|
# name = "logwisp" # Base filename
|
|
# max_size_mb = 100 # Rotation threshold
|
|
# max_total_size_mb = 1000 # Total size limit
|
|
# retention_hours = 168.0 # Delete logs older than (7 days)
|
|
|
|
[logging.console]
|
|
target = "stdout" # stdout|stderr|split
|
|
format = "txt" # txt|json
|
|
|
|
###############################################################################
|
|
### Pipeline Configuration
|
|
### Each pipeline: sources -> rate_limit -> filters -> format -> sinks
|
|
###############################################################################
|
|
|
|
[[pipelines]]
|
|
name = "default" # Pipeline identifier
|
|
|
|
###============================================================================
|
|
### Rate Limiting (Pipeline-level)
|
|
###============================================================================
|
|
|
|
# [pipelines.rate_limit]
|
|
# rate = 1000.0 # Entries per second (0=disabled)
|
|
# burst = 2000.0 # Burst capacity (defaults to rate)
|
|
# policy = "drop" # pass|drop
|
|
# max_entry_size_bytes = 0 # Max entry size (0=unlimited)
|
|
|
|
###============================================================================
|
|
### Filters (Sequential pattern matching)
|
|
###============================================================================
|
|
|
|
### ⚠️ Example: Include only ERROR and WARN logs
|
|
## [[pipelines.filters]]
|
|
## type = "include" # include|exclude
|
|
## logic = "or" # or|and
|
|
## patterns = [".*ERROR.*", ".*WARN.*"]
|
|
|
|
### ⚠️ Example: Exclude debug logs
|
|
## [[pipelines.filters]]
|
|
## type = "exclude"
|
|
## patterns = [".*DEBUG.*"]
|
|
|
|
###============================================================================
|
|
### Format (Log transformation)
|
|
###============================================================================
|
|
|
|
# [pipelines.format]
|
|
# type = "raw" # raw|json|txt
|
|
|
|
## JSON formatting
|
|
# [pipelines.format.json]
|
|
# pretty = false # Pretty-print JSON
|
|
# timestamp_field = "timestamp" # Field name for timestamp
|
|
# level_field = "level" # Field name for log level
|
|
# message_field = "message" # Field name for message
|
|
# source_field = "source" # Field name for source
|
|
|
|
## Text templating
|
|
# [pipelines.format.txt]
|
|
# template = "{{.Timestamp | FmtTime}} [{{.Level}}] {{.Message}}"
|
|
# timestamp_format = "2006-01-02 15:04:05"
|
|
|
|
## Raw templating
|
|
# [pipelines.format.raw]
|
|
# add_new_line = true # Preserve new line delimiter between log entries
|
|
|
|
###============================================================================
|
|
### SOURCES (Inputs)
|
|
### Architecture: Pipeline can have multiple sources
|
|
###============================================================================
|
|
|
|
###----------------------------------------------------------------------------
|
|
### File Source (File monitoring)
|
|
[[pipelines.sources]]
|
|
type = "file"
|
|
|
|
[pipelines.sources.file]
|
|
directory = "./" # Directory to monitor
|
|
pattern = "*.log" # Glob pattern
|
|
check_interval_ms = 100 # File check interval
|
|
recursive = false # Recursive monitoring (TODO)
|
|
|
|
###----------------------------------------------------------------------------
|
|
### Console Source
|
|
# [[pipelines.sources]]
|
|
# type = "console"
|
|
|
|
# [pipelines.sources.console]
|
|
# buffer_size = 1000
|
|
|
|
###----------------------------------------------------------------------------
|
|
### HTTP Source (Server mode - receives logs via HTTP POST)
|
|
# [[pipelines.sources]]
|
|
# type = "http"
|
|
|
|
# [pipelines.sources.http]
|
|
# host = "0.0.0.0" # Listen interface
|
|
# port = 8081 # Listen port
|
|
# ingest_path = "/ingest" # Ingestion endpoint
|
|
# buffer_size = 1000
|
|
# max_body_size = 1048576 # 1MB
|
|
# read_timeout_ms = 10000
|
|
# write_timeout_ms = 10000
|
|
|
|
### Network access control
|
|
# [pipelines.sources.http.acl]
|
|
# enabled = false
|
|
# max_connections_per_ip = 10 # Max simultaneous connections from a single IP
|
|
# max_connections_total = 100 # Max simultaneous connections for this component
|
|
# requests_per_second = 100.0 # Per-IP request rate limit
|
|
# burst_size = 200 # Per-IP request burst limit
|
|
# response_message = "Rate limit exceeded"
|
|
# response_code = 429
|
|
# ip_whitelist = ["192.168.1.0/24"]
|
|
# ip_blacklist = ["10.0.0.100"]
|
|
|
|
### TLS configuration (mTLS support)
|
|
# [pipelines.sources.http.tls]
|
|
# enabled = false
|
|
# cert_file = "/path/to/server.pem" # Server certificate
|
|
# key_file = "/path/to/server.key" # Server private key
|
|
# client_auth = false # Enable mTLS
|
|
# client_ca_file = "/path/to/ca.pem" # CA for client verification
|
|
# verify_client_cert = true # Verify client certificates
|
|
# min_version = "TLS1.2" # TLS1.0|TLS1.1|TLS1.2|TLS1.3
|
|
# max_version = "TLS1.3"
|
|
# cipher_suites = "" # Comma-separated cipher list
|
|
|
|
###----------------------------------------------------------------------------
|
|
### TCP Source (Server mode - receives logs via TCP)
|
|
# [[pipelines.sources]]
|
|
# type = "tcp"
|
|
|
|
# [pipelines.sources.tcp]
|
|
# host = "0.0.0.0"
|
|
# port = 9091
|
|
# buffer_size = 1000
|
|
# read_timeout_ms = 10000
|
|
# keep_alive = true
|
|
# keep_alive_period_ms = 30000
|
|
|
|
### Network access control
|
|
# [pipelines.sources.tcp.acl]
|
|
# enabled = false
|
|
# max_connections_per_ip = 10 # Max simultaneous connections from a single IP
|
|
# max_connections_total = 100 # Max simultaneous connections for this component
|
|
# requests_per_second = 100.0 # Per-IP request rate limit
|
|
# burst_size = 200 # Per-IP request burst limit
|
|
# response_message = "Rate limit exceeded"
|
|
# response_code = 429
|
|
# ip_whitelist = ["192.168.1.0/24"]
|
|
# ip_blacklist = ["10.0.0.100"]
|
|
|
|
### ⚠️ IMPORTANT: TCP does NOT support TLS/mTLS (gnet limitation)
|
|
### Use HTTP Source with TLS for encrypted transport
|
|
|
|
###============================================================================
|
|
### SINKS (Outputs)
|
|
### Architecture: Pipeline can have multiple sinks (fan-out)
|
|
###============================================================================
|
|
|
|
###----------------------------------------------------------------------------
|
|
### Console Sink
|
|
# [[pipelines.sinks]]
|
|
# type = "console"
|
|
|
|
# [pipelines.sinks.console]
|
|
# target = "stdout" # stdout|stderr|split
|
|
# colorize = false # Colorized output
|
|
# buffer_size = 100
|
|
|
|
###----------------------------------------------------------------------------
|
|
### File Sink (Rotating logs)
|
|
# [[pipelines.sinks]]
|
|
# type = "file"
|
|
|
|
# [pipelines.sinks.file]
|
|
# directory = "./logs"
|
|
# name = "output"
|
|
# max_size_mb = 100
|
|
# max_total_size_mb = 1000
|
|
# min_disk_free_mb = 100
|
|
# retention_hours = 168.0 # 7 days
|
|
# buffer_size = 1000
|
|
# flush_interval_ms = 1000
|
|
|
|
###----------------------------------------------------------------------------
|
|
### HTTP Sink (Server mode - SSE streaming for clients)
|
|
[[pipelines.sinks]]
|
|
type = "http"
|
|
|
|
[pipelines.sinks.http]
|
|
host = "0.0.0.0"
|
|
port = 8080
|
|
stream_path = "/stream" # SSE streaming endpoint
|
|
status_path = "/status" # Status endpoint
|
|
buffer_size = 1000
|
|
write_timeout_ms = 10000
|
|
|
|
### Heartbeat configuration (keep connections alive)
|
|
[pipelines.sinks.http.heartbeat]
|
|
enabled = true
|
|
interval_ms = 30000 # 30 seconds
|
|
include_timestamp = true
|
|
include_stats = false
|
|
format = "comment" # comment|event|json
|
|
|
|
### Network access control
|
|
# [pipelines.sinks.http.acl]
|
|
# enabled = false
|
|
# max_connections_per_ip = 10 # Max simultaneous connections from a single IP
|
|
# max_connections_total = 100 # Max simultaneous connections for this component
|
|
# requests_per_second = 100.0 # Per-IP request rate limit
|
|
# burst_size = 200 # Per-IP request burst limit
|
|
# response_message = "Rate limit exceeded"
|
|
# response_code = 429
|
|
# ip_whitelist = ["192.168.1.0/24"]
|
|
# ip_blacklist = ["10.0.0.100"]
|
|
|
|
### TLS configuration (mTLS support)
|
|
# [pipelines.sinks.http.tls]
|
|
# enabled = false
|
|
# cert_file = "/path/to/server.pem" # Server certificate
|
|
# key_file = "/path/to/server.key" # Server private key
|
|
# client_auth = false # Enable mTLS
|
|
# client_ca_file = "/path/to/ca.pem" # CA for client verification
|
|
# verify_client_cert = true # Verify client certificates
|
|
# min_version = "TLS1.2" # TLS1.0|TLS1.1|TLS1.2|TLS1.3
|
|
# max_version = "TLS1.3"
|
|
# cipher_suites = "" # Comma-separated cipher list
|
|
|
|
###----------------------------------------------------------------------------
|
|
### TCP Sink (Server mode - TCP streaming for clients)
|
|
# [[pipelines.sinks]]
|
|
# type = "tcp"
|
|
|
|
# [pipelines.sinks.tcp]
|
|
# host = "0.0.0.0"
|
|
# port = 9090
|
|
# buffer_size = 1000
|
|
# write_timeout_ms = 10000
|
|
# keep_alive = true
|
|
# keep_alive_period_ms = 30000
|
|
|
|
### Heartbeat configuration
|
|
# [pipelines.sinks.tcp.heartbeat]
|
|
# enabled = false
|
|
# interval_ms = 30000
|
|
# include_timestamp = true
|
|
# include_stats = false
|
|
# format = "json" # json|txt
|
|
|
|
### Network access control
|
|
# [pipelines.sinks.tcp.acl]
|
|
# enabled = false
|
|
# max_connections_per_ip = 10 # Max simultaneous connections from a single IP
|
|
# max_connections_total = 100 # Max simultaneous connections for this component
|
|
# requests_per_second = 100.0 # Per-IP request rate limit
|
|
# burst_size = 200 # Per-IP request burst limit
|
|
# response_message = "Rate limit exceeded"
|
|
# response_code = 429
|
|
# ip_whitelist = ["192.168.1.0/24"]
|
|
# ip_blacklist = ["10.0.0.100"]
|
|
|
|
### ⚠️ IMPORTANT: TCP does NOT support TLS/mTLS (gnet limitation)
|
|
### Use HTTP Sink with TLS for encrypted transport
|
|
|
|
###----------------------------------------------------------------------------
|
|
### HTTP Client Sink (Forward to remote HTTP endpoint)
|
|
# [[pipelines.sinks]]
|
|
# type = "http_client"
|
|
|
|
# [pipelines.sinks.http_client]
|
|
# url = "https://logs.example.com/ingest"
|
|
# buffer_size = 1000
|
|
# batch_size = 100 # Entries per batch
|
|
# batch_delay_ms = 1000 # Max wait before sending
|
|
# timeout_seconds = 30
|
|
# max_retries = 3
|
|
# retry_delay_ms = 1000
|
|
# retry_backoff = 2.0 # Exponential backoff multiplier
|
|
# insecure_skip_verify = false # Skip TLS verification
|
|
|
|
### TLS configuration for client
|
|
# [pipelines.sinks.http_client.tls]
|
|
# enabled = false # Enable TLS for the outgoing connection
|
|
# server_ca_file = "/path/to/ca.pem" # CA for verifying the remote server's certificate
|
|
# server_name = "logs.example.com" # For server certificate validation (SNI)
|
|
# insecure_skip_verify = false # Skip server verification, use with caution
|
|
# client_cert_file = "/path/to/client.pem" # Client's certificate to present to the server for mTLS
|
|
# client_key_file = "/path/to/client.key" # Client's private key for mTLS
|
|
# min_version = "TLS1.2"
|
|
# max_version = "TLS1.3"
|
|
# cipher_suites = ""
|
|
|
|
### ⚠️ Example: HTTP Client Sink → HTTP Source with mTLS
|
|
## HTTP Source with mTLS:
|
|
## [pipelines.sources.http.tls]
|
|
## enabled = true
|
|
## cert_file = "/path/to/server.pem"
|
|
## key_file = "/path/to/server.key"
|
|
## client_auth = true # Enable client cert verification
|
|
## client_ca_file = "/path/to/ca.pem"
|
|
## verify_client_cert = true
|
|
|
|
## HTTP Client with client cert:
|
|
## [pipelines.sinks.http_client.tls]
|
|
## enabled = true
|
|
## server_ca_file = "/path/to/ca.pem" # Verify server
|
|
## client_cert_file = "/path/to/client.pem" # Client certificate
|
|
## client_key_file = "/path/to/client.key"
|
|
|
|
###----------------------------------------------------------------------------
|
|
### TCP Client Sink (Forward to remote TCP endpoint)
|
|
# [[pipelines.sinks]]
|
|
# type = "tcp_client"
|
|
|
|
# [pipelines.sinks.tcp_client]
|
|
# host = "logs.example.com"
|
|
# port = 9090
|
|
# buffer_size = 1000
|
|
# dial_timeout_seconds = 10 # Connection timeout
|
|
# write_timeout_seconds = 30 # Write timeout
|
|
# read_timeout_seconds = 10 # Read timeout
|
|
# keep_alive_seconds = 30 # TCP keep-alive
|
|
# reconnect_delay_ms = 1000 # Initial reconnect delay
|
|
# max_reconnect_delay_ms = 30000 # Max reconnect delay
|
|
# reconnect_backoff = 1.5 # Exponential backoff
|
|
|
|
### ⚠️ WARNING: TCP Client has NO TLS support
|
|
### Use HTTP Client with TLS for encrypted transport
|
|
|
|
###############################################################################
|
|
### Common Usage Patterns
|
|
###############################################################################
|
|
|
|
### Pattern 1: Log Aggregation (Client → Server)
|
|
### - HTTP Client Sink → HTTP Source (with optional TLS/mTLS)
|
|
### - TCP Client Sink → TCP Source (unencrypted only)
|
|
|
|
### Pattern 2: Live Monitoring
|
|
### - HTTP Sink: Browser-based SSE streaming (https://host:8080/stream)
|
|
### - TCP Sink: Debug interface (telnet/netcat to port 9090)
|
|
|
|
### Pattern 3: Log Collection & Distribution
|
|
### - File Source → Multiple Sinks (fan-out)
|
|
### - Multiple Sources → Single Pipeline → Multiple Sinks |