37f9c21672
- Replace custom directive-based config parser with YAML using gopkg.in/yaml.v3 - Rename config.example.conf to config.example.yml with YAML syntax - Update default config path to /etc/logcorrelator/logcorrelator.yml - Update Dockerfile.package to copy YAML config files - Update packaging scripts to install logcorrelator.yml - Update architecture.yml to document YAML configuration - Add yaml.v3 dependency to go.mod Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
46 lines
849 B
YAML
46 lines
849 B
YAML
# logcorrelator configuration file
|
|
# Format: YAML
|
|
|
|
service:
|
|
name: logcorrelator
|
|
language: go
|
|
|
|
inputs:
|
|
unix_sockets:
|
|
- name: apache_source
|
|
path: /var/run/logcorrelator/apache.sock
|
|
format: json
|
|
- name: network_source
|
|
path: /var/run/logcorrelator/network.sock
|
|
format: json
|
|
|
|
outputs:
|
|
file:
|
|
enabled: true
|
|
path: /var/log/logcorrelator/correlated.log
|
|
|
|
clickhouse:
|
|
enabled: false
|
|
dsn: clickhouse://user:pass@localhost:9000/db
|
|
table: correlated_logs_http_network
|
|
batch_size: 500
|
|
flush_interval_ms: 200
|
|
max_buffer_size: 5000
|
|
drop_on_overflow: true
|
|
async_insert: true
|
|
timeout_ms: 1000
|
|
|
|
stdout:
|
|
enabled: false
|
|
|
|
correlation:
|
|
key:
|
|
- src_ip
|
|
- src_port
|
|
time_window:
|
|
value: 1
|
|
unit: s
|
|
orphan_policy:
|
|
apache_always_emit: true
|
|
network_emit: false
|