code_public/logcorrelator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: version 1.0.6 - simplify YAML configuration
Some checks failed
Build and Test / test (push) Has been cancelled
Details
Build and Test / build (push) Has been cancelled
Details
Build and Test / docker (push) Has been cancelled
Details

Browse Source 
- Remove service.name and service.language (unused)
- Remove enabled flags on outputs (presence = enabled)
- Simplify correlation config: time_window_s (integer) instead of nested object
- Simplify orphan_policy to emit_orphans boolean
- Rename apache socket to http.socket
- Add socket_permissions option for unix sockets (default: 0660)
- Update tests for new configuration format

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
Jacquin Antoine
2026-03-01 01:59:59 +01:00
parent efeb7e455f
commit 56c2923121
10 changed files with 194 additions and 242 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
config.example.yml
View File

@ -1,47 +1,28 @@
# logcorrelator configuration file
# Format: YAML
service:
name: logcorrelator
language: go
inputs:
unix_sockets:
- name: apache_source
path: /var/run/logcorrelator/apache.sock
- name: http
path: /var/run/logcorrelator/http.socket
format: json
source_type: A # Explicit source type: "A" for Apache/HTTP, "B" for Network
- name: network_source
path: /var/run/logcorrelator/network.sock
socket_permissions: "0660" # owner + group read/write
- name: network
path: /var/run/logcorrelator/network.socket
format: json
source_type: B # If not specified, auto-detection based on header_* fields
socket_permissions: "0660"
outputs:
file:
enabled: true
path: /var/log/logcorrelator/correlated.log
clickhouse:
enabled: false
dsn: clickhouse://user:pass@localhost:9000/db
table: correlated_logs_http_network
batch_size: 500
flush_interval_ms: 200
max_buffer_size: 5000
drop_on_overflow: true
async_insert: true
timeout_ms: 1000
stdout:
enabled: false
stdout: false
correlation:
key:
- src_ip
- src_port
time_window:
value: 1
unit: s
orphan_policy:
apache_always_emit: true
network_emit: false
time_window_s: 1
emit_orphans: true # http toujours émis, network jamais seul