Grafana Loki + Promtail

Versão avaliada: Debian 12 + Loki 3.3.1 OSS + Promtail 3.3.1 OSS
O Grafana possui dois modelos de comercialização, o OSS (Open Source Software) e o Enterprise. 1

Promtail é o agente responsavel por coletar los logs e enviar para o Loki.
Loki é onde os logs serão armazenados e processados.

Instale os pacotes de dependência.

# apt-get install apt-transport-https software-properties-common wget -y

Disponibilize o repositório do Grafana.

# mkdir -p /etc/apt/keyrings/

# wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /etc/apt/keyrings/grafana.gpg > /dev/null

# echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee -a /etc/apt/sources.list.d/grafana.list

Atualize e instale o Grafana.

# apt-get update

# apt-get install loki promtail

Verificar a versão instalada.

# loki --version

loki, version 3.3.1 (branch: release-3.3.x, revision: 60f2af32)

build user: root@f884b8078e69

build date: 2024-12-04T17:10:01Z

go version: go1.23.1

platform: linux/amd64

tags: netgo

# promtail --version

promtail, version 3.3.1 (branch: release-3.3.x, revision: 60f2af32)

build user: root@f884b8078e69

build date: 2024-12-04T17:10:01Z

go version: go1.23.1

platform: linux/amd64

tags: promtail_journal_enabled

Validar se o arquivo de configuração está correto.

# loki --config.file=/etc/loki/config.yml

failed parsing config: /etc/loki/config.yml: yaml: unmarshal errors:

line 41: field enabled not found in type aggregation.Config. Use `-config.expand-env=true` flag if you want to expand environment variables in your config file

Nota: No caso acima, existe um erro e precisa ser corrigido.

Para resolver o problema acima, comente a linha:

pattern_ingester:

enabled: true

metric_aggregation:

#enabled: true <- Comentar essa linha

loki_address: localhost:3100

Inicialize o serviço do Loki e Promtail.

# systemctl daemon-reload

# systemctl enable loki.service promtail.service

# systemctl restart loki.service promtail.service

Link: 1 / 2 /

Para validar se o serviço esta funcional acesse a URL http://<IP_SERVER>:3100/metrics para visualizar as informações.

http://192.168.1.105:9080/targets

PROMTAIL Configuração

################## useradd --system promtail

# usermod -aG adm promtail

# systemctl restart promtail.service

##### validar se o de cima resolve

Para ter permissão no arquivo /var/log/grafana/grafana.log execute:

# usermod -aG grafana promtail

# systemctl restart promtail

Default

server:

http_listen_port: 9080

grpc_listen_port: 0

positions:

filename: /tmp/positions.yaml

clients:

- url: http://localhost:3100/loki/api/v1/push <- IP aonde o Loki esta rodando

scrape_configs:

- job_name: system

static_configs:

- targets:

- localhost

labels:

job: varlogs

#NOTE: Need to be modified to scrape any additional logs of the system.

#__path__: /var/log/messages

__path__: /var/log/*.log <- Alterado para esse repositório

Configuração para capturar mensagens enviadas ao journal.

# cat config.yml

# This minimal config scrape only single log file.

# Primarily used in rpm/deb packaging where promtail service can be started during system init process.

# And too much scraping during init process can overload the complete system.

# https://github.com/grafana/loki/issues/11398

server:

http_listen_port: 9080

grpc_listen_port: 0

positions:

filename: /tmp/positions.yaml

clients:

- url: http://localhost:3100/loki/api/v1/push

scrape_configs:

- job_name: journal

journal:

max_age: 24h

labels:

job: systemd-journal

relabel_configs:

- source_labels: ['__journal__systemd_unit']

target_label: 'unit'

Para log em tempo real o scrape abaixo envia as informações diretamente ao Loki sem espera.

scrape_configs:

- job_name: journal

journal:

labels:

job: systemd-journal

relabel_configs:

- source_labels: ['__journal__systemd_unit']

target_label: 'unit'

server:

http_listen_port: 9080

grpc_listen_port: 0

positions:

filename: /tmp/positions.yaml

clients:

- url: http://localhost:3100/loki/api/v1/push

scrape_configs:

- job_name: journal

journal:

path: /var/log/journal

#max_age: 12h

#json: false

#matches: _TRANSPORT=kernel

labels:

job: systemd-journal

relabel_configs:

- source_labels: ['__journal__systemd_unit']

target_label: 'unit'

- source_labels: ['__journal__hostname']

target_label: 'host'

- source_labels: ['__journal__systemd_user_unit']

target_label: 'systemd_user_unit'

- source_labels: ['__journal_prioriy_keyword']

target_label: 'severity'

- source_labels: ['__journal_syslog_identifier']

target_label: 'syslog_identifier'

- source_labels: ['__journal__transport']

target_label: 'transport'

Link: 1 / 2 / 3 / 4 / 5

Usando arquivos de log.

Usando o logs do journalctl.