221 lines
4.7 KiB
Plaintext
221 lines
4.7 KiB
Plaintext
logging {
|
||
level = "debug"
|
||
format = "logfmt"
|
||
}
|
||
|
||
// =========================
|
||
// M<>TRICAS WINDOWS -> PROMETHEUS
|
||
// =========================
|
||
prometheus.exporter.windows "local" {
|
||
enabled_collectors = [
|
||
"cpu",
|
||
"memory",
|
||
"logical_disk",
|
||
"os",
|
||
"net",
|
||
"system",
|
||
"process",
|
||
"service",
|
||
"logon",
|
||
"update",
|
||
]
|
||
}
|
||
|
||
prometheus.scrape "windows_exporter" {
|
||
targets = prometheus.exporter.windows.local.targets
|
||
forward_to = [prometheus.remote_write.local_prometheus.receiver]
|
||
job_name = "integrations/windows"
|
||
scrape_interval = "30s"
|
||
scrape_timeout = "25s"
|
||
}
|
||
|
||
prometheus.remote_write "local_prometheus" {
|
||
endpoint {
|
||
url = "https://prometheus.insidemicro.com/api/v1/write"
|
||
}
|
||
}
|
||
|
||
// =========================
|
||
// LOGS WINDOWS -> LOKI
|
||
// =========================
|
||
loki.write "local_loki" {
|
||
endpoint {
|
||
url = "https://loki.insidemicro.com/loki/api/v1/push"
|
||
}
|
||
}
|
||
|
||
// -------------------------
|
||
// EVENT LOG: SYSTEM
|
||
// -------------------------
|
||
loki.source.windowsevent "system" {
|
||
eventlog_name = "System"
|
||
locale = 0
|
||
poll_interval = "5s"
|
||
use_incoming_timestamp = true
|
||
bookmark_path = "C:/ProgramData/Alloy/bookmarks/system.xml"
|
||
|
||
labels = {
|
||
job = "windows-eventlog",
|
||
computer = "constants.hostname",
|
||
channel = "System",
|
||
}
|
||
|
||
forward_to = [loki.process.system.receiver]
|
||
}
|
||
|
||
loki.process "system" {
|
||
forward_to = [loki.write.local_loki.receiver]
|
||
|
||
stage.json {
|
||
expressions = {
|
||
message = "",
|
||
computer = "",
|
||
channel = "",
|
||
event_id = "",
|
||
level = "",
|
||
source = "",
|
||
}
|
||
}
|
||
|
||
stage.labels {
|
||
values = {
|
||
computer = "computer",
|
||
channel = "channel",
|
||
event_id = "event_id",
|
||
level = "level",
|
||
source = "source",
|
||
}
|
||
}
|
||
}
|
||
|
||
// -------------------------
|
||
// EVENT LOG: SECURITY
|
||
// -------------------------
|
||
loki.source.windowsevent "security" {
|
||
eventlog_name = "Security"
|
||
locale = 0
|
||
poll_interval = "5s"
|
||
use_incoming_timestamp = true
|
||
bookmark_path = "C:/ProgramData/Alloy/bookmarks/security.xml"
|
||
|
||
labels = {
|
||
job = "windows-eventlog",
|
||
computer = "constants.hostname",
|
||
channel = "Security",
|
||
}
|
||
|
||
forward_to = [loki.process.security.receiver]
|
||
}
|
||
|
||
loki.process "security" {
|
||
forward_to = [loki.write.local_loki.receiver]
|
||
|
||
stage.json {
|
||
expressions = {
|
||
message = "",
|
||
computer = "",
|
||
channel = "",
|
||
event_id = "",
|
||
level = "",
|
||
source = "",
|
||
}
|
||
}
|
||
|
||
stage.labels {
|
||
values = {
|
||
computer = "computer",
|
||
channel = "channel",
|
||
event_id = "event_id",
|
||
level = "level",
|
||
source = "source",
|
||
}
|
||
}
|
||
}
|
||
|
||
loki.source.windowsevent "boot_perf" {
|
||
eventlog_name = "Microsoft-Windows-Diagnostics-Performance/Operational"
|
||
xpath_query = "*"
|
||
use_incoming_timestamp = true
|
||
poll_interval = "5s"
|
||
bookmark_path = "C:/ProgramData/Alloy/bookmarks/boot_perf.xml"
|
||
|
||
labels = {
|
||
job = "windows_boot",
|
||
computer = "constants.hostname",
|
||
channel = "Microsoft-Windows-Diagnostics-Performance/Operational",
|
||
}
|
||
|
||
forward_to = [loki.process.boot_perf.receiver]
|
||
}
|
||
|
||
loki.process "boot_perf" {
|
||
forward_to = [loki.write.local_loki.receiver]
|
||
|
||
stage.json {
|
||
expressions = {
|
||
message = "",
|
||
computer = "",
|
||
channel = "",
|
||
event_id = "",
|
||
level = "",
|
||
source = "",
|
||
}
|
||
}
|
||
|
||
stage.labels {
|
||
values = {
|
||
computer = "computer",
|
||
channel = "channel",
|
||
event_id = "event_id",
|
||
level = "level",
|
||
source = "source",
|
||
}
|
||
}
|
||
}
|
||
|
||
// -------------------------
|
||
// EVENT LOG: WINDOWS UPDATE
|
||
// NUEVO
|
||
// -------------------------
|
||
loki.source.windowsevent "windows_update" {
|
||
eventlog_name = "Microsoft-Windows-WindowsUpdateClient/Operational"
|
||
xpath_query = "*"
|
||
locale = 0
|
||
poll_interval = "5s"
|
||
use_incoming_timestamp = true
|
||
bookmark_path = "C:/ProgramData/Alloy/bookmarks/windows_update.xml"
|
||
|
||
labels = {
|
||
job = "windows-eventlog",
|
||
computer = "constants.hostname",
|
||
channel = "Microsoft-Windows-WindowsUpdateClient/Operational",
|
||
}
|
||
|
||
forward_to = [loki.process.windows_update.receiver]
|
||
}
|
||
|
||
loki.process "windows_update" {
|
||
forward_to = [loki.write.local_loki.receiver]
|
||
|
||
stage.json {
|
||
expressions = {
|
||
message = "",
|
||
computer = "",
|
||
channel = "",
|
||
event_id = "",
|
||
level = "",
|
||
source = "",
|
||
}
|
||
}
|
||
|
||
stage.labels {
|
||
values = {
|
||
computer = "computer",
|
||
channel = "channel",
|
||
event_id = "event_id",
|
||
level = "level",
|
||
source = "source",
|
||
}
|
||
}
|
||
}
|