feat: all the system logs are in victoria logs now

2024-08-07 16:42:33 -04:00 · 2024-08-07 16:42:33 -04:00 · 1d2e55bd75
commit 1d2e55bd75
parent 2482182a1c
2 changed files with 54 additions and 3 deletions
--- a/nix/base-system/darwin-configuration.nix
+++ b/nix/base-system/darwin-configuration.nix
@ -245,6 +245,11 @@ in
                    "/var/log/com.apple.xpc.launchd/launchd.log"
                ];
            };
+            syslog_source = {
+                type = "exec";
+                command = ["/usr/bin/log" "stream" "--style" "ndjson"];
+                mode = "streaming";
+            };
        };
        transforms = {
            durnitisp_no_tty = {
@ -256,9 +261,56 @@ in
                  .message = strip_ansi_escape_codes(.message) ?? .message
                '';
            };
+            syslog = {
+                type = "remap";
+                inputs = [
+                    "syslog_source"
+                ];
+                source = ''
+                  .message = parse_json(.message) ?? .message
+                  del(.command)
+                  .syslog
+                  .eventType = .message.eventType
+                  .processImagePath = .message.processImagePath
+                '';
+            };
        };
        sinks = {
-            victoria = {
+            victoria_vector = {
+                type = "elasticsearch";
+                mode = "bulk";
+                endpoints = [
+                    "http://${config.services.victoria-logs.listenAddr}/insert/elasticsearch"
+                ];
+                inputs = [
+                    "vector"
+                ];
+                api_version = "v8";
+                healthcheck.enabled = false;
+                query = {
+                    _msg_field = "message";
+                    _time_field = "timestamp";
+                    _stream_fields = "host,source_type";
+                };
+            };
+            victoria_syslog = {
+                type = "elasticsearch";
+                mode = "bulk";
+                endpoints = [
+                    "http://${config.services.victoria-logs.listenAddr}/insert/elasticsearch"
+                ];
+                inputs = [
+                    "syslog"
+                ];
+                api_version = "v8";
+                healthcheck.enabled = false;
+                query = {
+                    _msg_field = "message";
+                    _time_field = "timestamp";
+                    _stream_fields = "host,processImagePath,eventType";
+                };
+            };
+            victoria_files = {
                type = "elasticsearch";
                mode = "bulk";
                endpoints = [
@ -268,7 +320,6 @@ in
                    "prometheus"
                    #"heracles"
                    "durnitisp_no_tty"
-                    "vector"
                    "victoria-logs"
                    "system"
                ];
--- a/nix/base-system/flake.nix
+++ b/nix/base-system/flake.nix
@ -331,7 +331,7 @@ EOF";
            sc-im
            #ocaml
            #opam
-            vector
+            unstablePkgs.vector
            victoriametrics
            # TODO add sonic-pi here if it supports the arch
            unstablePkgs.dbeaver-bin