# CONFIGURED BY ANSIBLE # # netbird server docker container logs # do not mix client and server logs (goes to different datastreams) # [INPUT] name exec command docker logs -f --tail 0 vpn-management-1 tag docker.nbmgmt alias docker_nbmgmt oneshot true threaded true [INPUT] name exec command docker logs -f --tail 0 vpn-coturn-1 tag docker.nbturn alias docker_nbturn oneshot true threaded true [INPUT] name exec command docker logs -f --tail 0 vpn-dashboard-1 tag docker.nbdashboard alias docker_nbdashboard oneshot true threaded true [INPUT] name exec command docker logs -f --tail 0 vpn-signal-1 tag docker.nbsignal alias docker_nbsignal oneshot true threaded true # provide time, level and replace log fields [FILTER] name parser match docker.nbmgmt key_name log parser nbmgmt # provide time, level and replace log fields [FILTER] name parser match docker.nbsignal key_name log parser nbsignal [FILTER] name modify match docker.* # keep the usual field name as with the tail input rename exec log # @timestamp is enough for logs - remove mgmt and signal time fields remove time [FILTER] name modify match docker.nbmgmt add sensor vpn-management-1@{{inventory_hostname_short}} [FILTER] name modify match docker.nbturn add sensor vpn-coturn-1@{{inventory_hostname_short}} [FILTER] name modify match docker.nbdashboard add sensor vpn-dashboard-1@{{inventory_hostname_short}} [FILTER] name modify match docker.nbsignal add sensor vpn-signal-1@{{inventory_hostname_short}} #[OUTPUT] # name file # match docker.* # path /var/log # file fluent-bit.log [OUTPUT] name opensearch match docker.* host {{log_host}} port {{log_port}} tls on tls.verify on index audithack-srvnetbird http_user {{log_http_user}} http_passwd {{log_http_passwd}} suppress_type_name on #replace_dots on trace_error on