add flowgger

README.md

@@ -106,6 +106,7 @@ A collection of delicious docker recipes.
 - [x] bittorrent-tracker
 - [x] cadvisor
 - [x] casperjs :+1:
+- [x] flowgger
 - [x] freegeoip
 - [x] freeradius
 - [x] frp :cn:

flowgger/Dockerfile

@@ -0,0 +1,30 @@
+#
+# Dockerfile for flowgger
+#
+
+FROM rust:1.68-alpine AS builder
+
+WORKDIR /usr/src/flowgger
+
+RUN set -xe \
+ && apk add --no-cache curl tar musl-dev libressl-dev capnproto-dev \
+ && curl -sSL https://github.com/awslabs/flowgger/archive/refs/heads/master.tar.gz | tar xz --strip 1
+
+RUN set -xe \
+ && cargo build --release \
+ && strip target/release/flowgger \
+ && target/release/flowgger --version
+
+FROM alpine:3
+MAINTAINER EasyPi Software Foundation
+
+WORKDIR /opt/flowgger
+
+COPY --from=builder /usr/src/flowgger/target/release/flowgger bin/flowgger
+COPY --from=builder /usr/src/flowgger/flowgger.toml etc/flowgger.toml
+
+RUN apk add --no-cache libssl3 && bin/flowgger --version
+
+ENTRYPOINT ["bin/flowgger"]
+CMD ["etc/flowgger.toml"]
+

flowgger/README.md

@@ -0,0 +1,11 @@
+flowgger
+========
+
+[Flowgger][1] is a fast, simple and lightweight data collector written in Rust.
+
+```bash
+$ docker-compose up -d
+$ echo "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8" | nc -v -u -w 0 127.0.0.1 514
+```
+
+[1]: https://github.com/awslabs/flowgger

flowgger/data/etc/flowgger.toml

@@ -0,0 +1,162 @@
+###################
+#   Input type    #
+###################
+
+[input]
+
+### Standard input
+# type = "stdin"
+
+### File input
+# type = "file"
+# src = "/var/lib/docker/containers/*/*.log"
+
+### Syslog over UDP
+type = "udp"
+listen = "0.0.0.0:514"
+
+### TCP
+# type = "tcp"
+# listen = "0.0.0.0:6514"
+# timeout = 3600
+
+### TCP, using coroutines
+# type = "tcp_co"
+# listen = "0.0.0.0:6514"
+# tcp_threads = 1
+
+### TLS
+# type = "tls"
+# listen = "0.0.0.0:6514"
+# framing = "line"
+# timeout = 3600
+# tls_cert = "flowgger.pem"
+# tls_key = "flowgger.pem"
+# tls_ca_file = "flowgger.pem"
+# tls_compatibility_level = "intermediate"
+# tls_verify_peer = false
+# tls_compression = false
+# tls_ciphers = "EECDH+AES128:EECDH+CHACHA20:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;"
+
+### TLS, using coroutines
+# type = "tls_co"
+# listen = "0.0.0.0:6514"
+# framing = "line"
+# tls_threads = 1
+# tls_cert = "flowgger.pem"
+# tls_key = "flowgger.pem"
+# tls_ca_file = "flowgger.pem"
+# tls_compatibility_level = "intermediate"
+# tls_verify_peer = false
+# tls_compression = false
+# tls_ciphers = "EECDH+AES128:EECDH+CHACHA20:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;"
+
+### Redis client
+# type = "redis"
+# redis_connect = "127.0.0.1"
+# redis_queue_key = "logs"
+# redis_threads = 1
+
+###################
+#  Input format   #
+###################
+
+### LTVS
+# format = "ltsv"
+# queuesize = 1000000
+# [input.ltsv_schema]
+# counter = "u64"
+
+### Syslog
+#format = "rfc3164"
+format = "rfc3164"
+
+####################
+#   Output type    #
+####################
+
+[output]
+
+### Debug output (stdout)
+#type = "stdout"
+
+### File output
+type = "file"
+file_path = "var/output.log"
+# Optional: Enables bufferized output. If rotation is used, must be smaller than file_rotation_size.
+file_buffer_size = 512
+
+# Optional: Enables file rotation once the specified size is reached.
+file_rotation_size = 2048
+
+# Optional: Enables file rotation based on time. Rotation occur every file_rotation_time minutes
+file_rotation_time = 2
+
+# Optional: When time rotation is enabled, the timestamp format is appended to the filenames.
+# Default is set to "[year][month][day]T[hour][minute][second]Z". 
+# Format must conform to https://docs.rs/time/0.3.7/time/format_description/index.html
+file_rotation_timeformat = "[year][month][day]T[hour][minute][second]Z"
+
+# Optional, only used if either file_rotation_size or file_rotation_time is set:
+# Specifies number of rotation files to use. The default value is 50.
+# The last 'file_rotation_maxfiles' logs will be kept, the older logs will be overwritten and lost.
+#file_rotation_maxfiles = 2
+
+### Kafka output
+# type = "kafka"
+# kafka_brokers = [ "172.16.205.129:9092", "172.16.205.130:9092" ]
+# kafka_topic = "test"
+# kafka_threads = 1
+# kafka_coalesce = 1000
+# kafka_timeout = 60000
+# kafka_acks = 0
+# kafka_compression = "none"
+
+### TLS output
+# type = "tls"
+# connect = [ "172.16.205.128:6514", "172.16.205.129:6514" ]
+# timeout = 3600
+# tls_threads = 1
+# tls_cert = "flowgger.pem"
+# tls_key = "flowgger.pem"
+# tls_ca_file = "flowgger.pem"
+# tls_compatibility_level = "intermediate"
+# tls_verify_peer = false
+# tls_compression = false
+# tls_ciphers = "EECDH+AES128:EECDH+CHACHA20:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;"
+# tls_async = false
+# tls_recovery_delay_init = 1
+# tls_recovery_delay_max = 10000
+# tls_recovery_probe_time = 30000
+
+####################
+#   Output format  #
+####################
+
+### JSON (GELF)
+# format = "gelf"
+# framing = "nul"
+# [output.gelf_extra]
+# x-header1 = "x-header1 value"
+# x-header2 = "x-header2 value"
+
+### LTSV
+#format = "ltsv"
+#framing = "line"
+# [output.ltsv_extra]
+# x-header1 = "x-header1 value"
+# x-header2 = "x-header2 value"
+
+### Cap'n Proto
+# format = "capnp"
+# framing = "capnp"
+# [output.capnp_extra]
+# x-header1 = "x-header1 value"
+# x-header2 = "x-header2 value"
+
+### Syslog
+framing = "line"
+# "rfc3164" or "rfc5424" or "passthrough"
+format = "rfc3164"
+# Format of the optional timestamp to be prepended to each event
+syslog_prepend_timestamp="[[[year]-[month]-[day]T[hour]:[minute]:[second].[subsecond digits:6]Z]"

flowgger/docker-compose.yml

@@ -0,0 +1,11 @@
+version: "3.8"
+services:
+  flowgger:
+    image: vimagick/flowgger
+    init: true
+    ports:
+      - "514:514/udp"
+    volumes:
+      - ./data/etc:/opt/flowgger/etc
+      - ./data/var:/opt/flowgger/var
+    restart: unless-stopped