{ "log-fetchers": [ { "name": "loki-fileserver", "type": "loki", "config": { "url": "http://fileserver.home:3100" } } ], "alert-managers":[ { "name": "gotify-paris", "type": "gotify", "config": { "url": "https://paris.nappez.com/gotify/message", "token-from-env": "{GOTIFY_TOKEN}" } } ], "log-alerts": [ { "name": "SSH outside connection", "check-interval": 60, "log-fetcher": { "name": "loki-fileserver", "filters": { "labels": { "container": "openssh-server" }, "text": "Accepted" } }, "filters": [ { "type": "regexp", "config": { "match": "Accepted (?P\\w+) for (?P\\w+) from (?P[^\\s]+)" } } ], "alert-manager": { "name": "gotify-paris", "title": "Outside SSH login", "message": "New SSH login for {username} on {instance} from ip {ip} (method: {method})" } }, { "name": "SSH local connection", "check-interval": 30, "log-fetcher": { "name": "loki-fileserver", "filters": { "labels": { "filename": "/var/log/host/auth.log" }, "text": "Accepted" } }, "filters": [ { "type": "regexp", "config": { "match": "Accepted (?P\\w+) for (?P\\w+) from (?P[^\\s]+)" } } ], "alert-manager": { "name": "gotify-paris", "title": "Local SSH login", "message": "New SSH login for {username} on {instance} from ip {ip} (method: {method})" } } ] }