First version of log-alert

2025-12-16 03:34:18 +01:00 · 2025-10-15 22:30:08 +02:00
parent dbeeefab86
commit 8385c5fb1d
5 changed files with 268 additions and 1 deletions
--- a/log-alert/config.json
+++ b/log-alert/config.json
@@ -0,0 +1,46 @@
+{
+    "log-fetcher":{
+        "type": "loki",
+        "config": {
+            "url": "http://fileserver.home:3100"
+        }
+    },
+    "alert-manager":{
+        "type": "gotify",
+        "config": {
+            "url": "https://paris.nappez.com/gotify/message",
+            "token-from-env": "{GOTIFY_TOKEN}"
+        }
+    },
+    "check-interval": 60,
+    "log-alerts": [
+        {
+            "name": "SSH outside connection",
+            "filters": {
+                "labels": {
+                    "container": "openssh-server"
+                },
+                "text": "Accepted",
+                "match": "Accepted (?P<method>\\w+) for (?P<username>\\w+) from (?P<ip>[^\\s]+)"
+            },
+            "alert": {
+                "title": "Outside SSH login",
+                "message": "New SSH login for {username} on {instance} from ip {ip} (method: {method})"
+            }
+        },
+        {
+            "name": "SSH local connection",
+            "filters": {
+                "labels": {
+                    "filename": "/var/log/host/auth.log"
+                },
+                "text": "Accepted",
+                "match": "Accepted (?P<method>\\w+) for (?P<username>\\w+) from (?P<ip>[^\\s]+)"
+            },
+            "alert": {
+                "title": "Local SSH login",
+                "message": "New SSH login for {username} on {instance} from ip {ip} (method: {method})"
+            }
+        }
+    ]
+}