diff --git a/config.go b/config.go index a11352a40..93e41b4f1 100644 --- a/config.go +++ b/config.go @@ -4,7 +4,6 @@ package main import ( "fmt" - "github.com/falcosecurity/falcosidekick/outputs/otlpmetrics" "log" "net" "os" @@ -17,6 +16,8 @@ import ( "text/template" "time" + "github.com/falcosecurity/falcosidekick/outputs/otlpmetrics" + kingpin "github.com/alecthomas/kingpin/v2" "github.com/spf13/viper" @@ -145,6 +146,7 @@ var httpOutputDefaults = map[string]map[string]any{ "APIKey": "", "MinimumPriority": "", "Tenant": "", + "Format": "text", "Endpoint": "/loki/api/v1/push", "ExtraLabels": "", }, diff --git a/config_example.yaml b/config_example.yaml index cbe728e1a..d15330f81 100644 --- a/config_example.yaml +++ b/config_example.yaml @@ -156,6 +156,7 @@ loki: # mutualtls: false # if true, checkcert flag will be ignored (server cert will always be checked) # checkcert: true # check if ssl certificate of the output is valid (default: true) # tenant: "" # Add the Tenant header + # format: "text" # Format for the log entry value: json, text (default) # endpoint: "/loki/api/v1/push" # The endpoint URL path, default is "/loki/api/v1/push" more info : https://grafana.com/docs/loki/latest/api/#post-apiprompush # extralabels: "" # comma separated list of fields to use as labels additionally to rule, source, priority, tags and custom_fields # customHeaders: # Custom headers to add in POST, useful for Authentication diff --git a/docs/outputs/loki.md b/docs/outputs/loki.md index 593862e5c..b00a30c15 100644 --- a/docs/outputs/loki.md +++ b/docs/outputs/loki.md @@ -14,18 +14,19 @@ ## Configuration -| Setting | Env var | Default value | Description | -| ---------------------- | ---------------------- | ------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | -| `loki.hostport` | `LOKI_HOSTPORT` | | http://{domain or ip}:{port}, if not empty, Loki output is **enabled** | -| `loki.user` | `LOKI_USER` | | User for Grafana Logs | -| `loki.apikey` | `LOKI_APIKEY` | | API KEy for Grafana Logs | -| `loki.tenant` | `LOKI_TENANT` | | Add the tenant header if needed | -| `loki.endpoint` | `LOKI_ENDPOINT` | `/loki/api/v1/push` | The endpoint URL path, more info : https://grafana.com/docs/loki/latest/api/#post-apiprompush | -| `loki.extralabels` | `LOKI_EXTRALABELS` | | comma separated list of fields to use as labels additionally to `rule`, `source`, `priority`, `tags` and `custom_fields` | -| `loki.customheaders` | `LOKI_CUSTOMHEADERS` | | Custom headers to add in POST, useful for Authentication | -| `loki.mutualtls` | `LOKI_MUTUALTLS` | `false` | Authenticate to the output with TLS, if true, checkcert flag will be ignored (server cert will always be checked) | -| `loki.checkcert` | `LOKI_CHECKCERT` | `/api/v1/alerts` | Check if ssl certificate of the output is valid | `mattermost.minimumpriority` | `MATTERMOST_MINIMUMPRIORITY` | `""` (= `debug`) | Minimum priority of event for using this output, order is `emergency,alert,critical,error,warning,notice,informational,debug or ""` -| `loki.minimumpriority` | `LOKI_MINIMUMPRIORITY` | `""` (= `debug`) | Minimum priority of event for using this output, order is `emergency,alert,critical,error,warning,notice,informational,debug or ""` | +| Setting | Env var | Default value | Description | | | | | +| ---------------------- | ---------------------- | ------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | ---------------------------- | ---------------- | ----------------------------------------------------------------------------------------------------------------------------------- | +| `loki.hostport` | `LOKI_HOSTPORT` | | http://{domain or ip}:{port}, if not empty, Loki output is **enabled** | | | | | +| `loki.user` | `LOKI_USER` | | User for Grafana Logs | | | | | +| `loki.apikey` | `LOKI_APIKEY` | | API KEy for Grafana Logs | | | | | +| `loki.tenant` | `LOKI_TENANT` | | Add the tenant header if needed | | | | | +| `loki.format` | `LOKI_FORMAT` | `text` | Format for the log entry value: json, text | | | | | +| `loki.endpoint` | `LOKI_ENDPOINT` | `/loki/api/v1/push` | The endpoint URL path, more info : https://grafana.com/docs/loki/latest/api/#post-apiprompush | | | | | +| `loki.extralabels` | `LOKI_EXTRALABELS` | | comma separated list of fields to use as labels additionally to `rule`, `source`, `priority`, `tags` and `custom_fields` | | | | | +| `loki.customheaders` | `LOKI_CUSTOMHEADERS` | | Custom headers to add in POST, useful for Authentication | | | | | +| `loki.mutualtls` | `LOKI_MUTUALTLS` | `false` | Authenticate to the output with TLS, if true, checkcert flag will be ignored (server cert will always be checked) | | | | | +| `loki.checkcert` | `LOKI_CHECKCERT` | `/api/v1/alerts` | Check if ssl certificate of the output is valid | `mattermost.minimumpriority` | `MATTERMOST_MINIMUMPRIORITY` | `""` (= `debug`) | Minimum priority of event for using this output, order is `emergency,alert,critical,error,warning,notice,informational,debug or ""` | +| `loki.minimumpriority` | `LOKI_MINIMUMPRIORITY` | `""` (= `debug`) | Minimum priority of event for using this output, order is `emergency,alert,critical,error,warning,notice,informational,debug or ""` | | | | | > [!NOTE] diff --git a/outputs/loki.go b/outputs/loki.go index 5f99add14..124d1fefb 100644 --- a/outputs/loki.go +++ b/outputs/loki.go @@ -73,10 +73,17 @@ func newLokiPayload(falcopayload types.FalcoPayload, config *types.Configuration s["tags"] = strings.Join(falcopayload.Tags, ",") } + var v string + if config.Loki.Format == "json" { + v = falcopayload.String() + } else { + v = falcopayload.Output + } + return lokiPayload{Streams: []lokiStream{ { Stream: s, - Values: []lokiValue{[]string{fmt.Sprintf("%v", falcopayload.Time.UnixNano()), falcopayload.Output}}, + Values: []lokiValue{[]string{fmt.Sprintf("%v", falcopayload.Time.UnixNano()), v}}, }, }} } diff --git a/types/types.go b/types/types.go index bb2d75f98..457b5ed6b 100644 --- a/types/types.go +++ b/types/types.go @@ -6,10 +6,11 @@ import ( "context" "encoding/json" "expvar" - "github.com/falcosecurity/falcosidekick/outputs/otlpmetrics" "text/template" "time" + "github.com/falcosecurity/falcosidekick/outputs/otlpmetrics" + "github.com/DataDog/datadog-go/statsd" "github.com/embano1/memlog" "github.com/prometheus/client_golang/prometheus" @@ -342,6 +343,7 @@ type LokiOutputConfig struct { APIKey string MinimumPriority string Tenant string + Format string Endpoint string ExtraLabels string ExtraLabelsList []string