code_public/logcorrelator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: remove obsolete config and update documentation

Browse Source 
- Remove config.example.conf (replaced by config.example.yml)
- Update Dockerfile to use YAML config
- Update README.md with YAML configuration examples
- Remove old directive-based config documentation
- Update package paths (DEB and RPM) in README

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
Jacquin Antoine
2026-02-27 16:14:53 +01:00
parent f4d95eed41
commit 85f7af357c
3 changed files with 52 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
README.md
View File

@ -60,18 +60,21 @@ docker run -d \
--name logcorrelator \
-v /var/run/logcorrelator:/var/run/logcorrelator \
-v /var/log/logcorrelator:/var/log/logcorrelator \
-v ./config.conf:/etc/logcorrelator/logcorrelator.conf \
-v ./config.example.yml:/etc/logcorrelator/logcorrelator.yml \
logcorrelator:latest
```
### Depuis le package RPM (Rocky Linux 8+)
### Depuis les packages (DEB/RPM)
```bash
# Générer le RPM
# Générer les packages
./build.sh
# Installer le package
sudo rpm -ivh dist/logcorrelator-1.0.0.rpm
# Installer le package DEB (Debian/Ubuntu)
sudo dpkg -i dist/deb/logcorrelator_1.0.0_amd64.deb
# Installer le package RPM (Rocky Linux 8+)
sudo rpm -ivh dist/rpm/logcorrelator-1.0.0-1.x86_64.rpm
# Activer et démarrer le service
sudo systemctl enable logcorrelator
@ -88,66 +91,56 @@ sudo systemctl status logcorrelator
go build -o logcorrelator ./cmd/logcorrelator
# Exécuter
./logcorrelator -config config.example.conf
./logcorrelator -config config.example.yml
```
## Configuration
La configuration utilise un fichier texte simple avec des directives :
La configuration utilise un fichier YAML :
```bash
# Format: directive value [value...]
# Lignes starting with # sont des commentaires
```yaml
# Service configuration
service:
name: logcorrelator
language: go
service.name logcorrelator
service.language go
# Input sources (at least 2 required)
inputs:
unix_sockets:
- name: apache_source
path: /var/run/logcorrelator/apache.sock
format: json
- name: network_source
path: /var/run/logcorrelator/network.sock
format: json
# Inputs (au moins 2 requis)
input.unix_socket apache_source /var/run/logcorrelator/apache.sock json
input.unix_socket network_source /var/run/logcorrelator/network.sock json
# File output
outputs:
file:
enabled: true
path: /var/log/logcorrelator/correlated.log
# Outputs
output.file.enabled true
output.file.path /var/log/logcorrelator/correlated.log
# ClickHouse output
outputs:
clickhouse:
enabled: false
dsn: clickhouse://user:pass@localhost:9000/db
table: correlated_logs_http_network
output.clickhouse.enabled false
output.clickhouse.dsn clickhouse://user:pass@localhost:9000/db
output.clickhouse.table correlated_logs_http_network
output.clickhouse.batch_size 500
output.clickhouse.flush_interval_ms 200
# Corrélation
correlation.key src_ip,src_port
correlation.time_window.value 1
correlation.time_window.unit s
# Politique des orphelins
correlation.orphan_policy.apache_always_emit true
correlation.orphan_policy.network_emit false
# Correlation configuration
correlation:
key:
- src_ip
- src_port
time_window:
value: 1
unit: s
orphan_policy:
apache_always_emit: true
network_emit: false
```
### Directives disponibles
| Directive | Description | Défaut |
|-----------|-------------|--------|
| `service.name` | Nom du service | `logcorrelator` |
| `service.language` | Langage | `go` |
| `input.unix_socket` | Socket Unix (name path [format]) | Requis |
| `output.file.enabled` | Activer sortie fichier | `true` |
| `output.file.path` | Chemin fichier | `/var/log/logcorrelator/correlated.log` |
| `output.clickhouse.enabled` | Activer ClickHouse | `false` |
| `output.clickhouse.dsn` | DSN ClickHouse | - |
| `output.clickhouse.table` | Table ClickHouse | - |
| `output.clickhouse.batch_size` | Taille batch | `500` |
| `output.clickhouse.flush_interval_ms` | Intervalle flush | `200` |
| `output.clickhouse.max_buffer_size` | Buffer max | `5000` |
| `output.clickhouse.drop_on_overflow` | Drop si overflow | `true` |
| `output.stdout.enabled` | Sortie stdout (debug) | `false` |
| `correlation.key` | Clés de corrélation | `src_ip,src_port` |
| `correlation.time_window.value` | Valeur fenêtre | `1` |
| `correlation.time_window.unit` | Unité (ms/s/m) | `s` |
| `correlation.orphan_policy.apache_always_emit` | Émettre A seul | `true` |
| `correlation.orphan_policy.network_emit` | Émettre B seul | `false` |
Exemple complet dans `config.example.yml`.
## Format des logs