Initial commit: logcorrelator with unified packaging (DEB + RPM using fpm)

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>

config.example.conf

@@ -0,0 +1,41 @@
+# logcorrelator configuration file
+# Format: directive value [value...]
+# Lines starting with # are comments
+
+# Service configuration
+service.name logcorrelator
+service.language go
+
+# Input sources (at least 2 required)
+# Format: input.unix_socket <name> <path> [format]
+input.unix_socket apache_source /var/run/logcorrelator/apache.sock json
+input.unix_socket network_source /var/run/logcorrelator/network.sock json
+
+# File output
+output.file.enabled true
+output.file.path /var/log/logcorrelator/correlated.log
+
+# ClickHouse output
+output.clickhouse.enabled false
+output.clickhouse.dsn clickhouse://user:pass@localhost:9000/db
+output.clickhouse.table correlated_logs_http_network
+output.clickhouse.batch_size 500
+output.clickhouse.flush_interval_ms 200
+output.clickhouse.max_buffer_size 5000
+output.clickhouse.drop_on_overflow true
+output.clickhouse.async_insert true
+output.clickhouse.timeout_ms 1000
+
+# Stdout output (for debugging)
+output.stdout.enabled false
+
+# Correlation configuration
+correlation.key src_ip,src_port
+correlation.time_window.value 1
+correlation.time_window.unit s
+
+# Orphan policy
+# apache_always_emit: always emit A events even without matching B
+# network_emit: emit B events alone (usually false)
+correlation.orphan_policy.apache_always_emit true
+correlation.orphan_policy.network_emit false