diff --git a/hosts/proxy/default.nix b/hosts/proxy/default.nix index 90ee580..44f37d5 100644 --- a/hosts/proxy/default.nix +++ b/hosts/proxy/default.nix @@ -551,17 +551,54 @@ ''; }; vector.settings = { + enrichment_tables.geoip_table = { + type = "mmdb"; + path = "/var/lib/GeoIP/GeoLite2-City.mmdb"; + }; sources.haproxy_metrics = { type = "prometheus_scrape"; endpoints = [ "http://127.0.0.1:8404/metrics" ]; scrape_interval_secs = 15; }; - transforms.add_host_label_haproxy = { - type = "remap"; - inputs = [ "haproxy_metrics" ]; - source = '' - .tags.host = get_hostname!() - ''; + transforms = { + add_host_label_haproxy = { + type = "remap"; + inputs = [ "haproxy_metrics" ]; + source = '' + .tags.host = get_hostname!() + ''; + }; + haproxy_logs_filter = { + type = "filter"; + inputs = [ "journald_logs" ]; + condition = ''."_SYSTEMD_UNIT" == "haproxy.service"''; + }; + haproxy_logs_parse = { + type = "remap"; + inputs = [ "haproxy_logs_filter" ]; + source = '' + .host = get_hostname!() + .unit = "haproxy" + # IPv4: "1.2.3.4:port" IPv6: "[2001:db8::1]:port" + parsed, err = parse_regex(.message, r'^(?:\[(?P[0-9a-fA-F:]+)\]|(?P[\d.]+)):\d+') + if err == null { + if is_null(parsed.ipv6) { + .client_ip = parsed.ipv4 + } else { + .client_ip = parsed.ipv6 + } + } + ''; + }; + haproxy_geoip = { + type = "remap"; + inputs = [ "haproxy_logs_parse" ]; + source = '' + if exists(.client_ip) && !is_null(.client_ip) { + .geoip = get_enrichment_table_record("geoip_table", {"ip": string!(.client_ip)}) ?? {} + } + ''; + }; }; sinks.mimir.inputs = lib.mkForce [ "add_host_label_metrics" @@ -571,6 +608,8 @@ }; + stura.monitoring.extraLogInputs = [ "haproxy_geoip" ]; + environment.systemPackages = with pkgs; [ ];