-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbeacon.monitor.example.yml
More file actions
378 lines (328 loc) · 12.5 KB
/
beacon.monitor.example.yml
File metadata and controls
378 lines (328 loc) · 12.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
# Health checks (HTTP, port, command)
checks:
# HTTP endpoint monitoring
- name: "Homepage"
type: http
url: https://example.com
interval: 30s
alert_command: "curl -X POST https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK -d '{\"text\":\"🚨 Website is down! Check: $BEACON_CHECK_NAME, Error: $BEACON_CHECK_ERROR\"}'"
- name: "API Health"
type: http
url: https://api.example.com/health
interval: 60s
alert_command: "echo 'API is down!' | mail -s 'Alert: API Down' [email protected]"
# Port connectivity checks
- name: "Database Port"
type: port
host: 127.0.0.1
port: 5432
interval: 60s
alert_command: "curl -X POST ${WEBHOOK_URL} -H 'Content-Type: application/json' -d '{\"text\":\"Database connection failed on $BEACON_DEVICE_NAME\"}'"
- name: "Redis Port"
type: port
host: 127.0.0.1
port: 6379
interval: 60s
alert_command: "logger -p local0.err 'Redis port check failed on $BEACON_DEVICE_NAME'"
# Command-based checks with alert_command
- name: "Disk Space"
type: command
command: "df -h / | awk 'NR==2 {print $5}' | sed 's/%//'"
interval: 60s
alert_command: "if [ $BEACON_CHECK_OUTPUT -gt 90 ]; then curl -X POST ${WEBHOOK_URL} -H 'Content-Type: application/json' -d '{\"text\":\"Disk space critical: $BEACON_CHECK_OUTPUT%\"}'; fi"
- name: "Process Check"
type: command
command: "pgrep nginx > /dev/null && echo 'running' || echo 'stopped'"
interval: 60s
alert_command: "if [ '$BEACON_CHECK_OUTPUT' = 'stopped' ]; then curl -X POST ${WEBHOOK_URL} -H 'Content-Type: application/json' -d '{\"text\":\"Nginx is down!\"}'; fi"
- name: "Memory Usage"
type: command
command: "free | awk 'NR==2{printf \"%.0f\", $3*100/$2}'"
interval: 30s
alert_command: "if [ $BEACON_CHECK_OUTPUT -gt 85 ]; then echo 'Memory usage high: $BEACON_CHECK_OUTPUT%' | mail -s 'Memory Alert' [email protected]; fi"
- name: "Log File Size"
type: command
command: "du -m /var/log/syslog | cut -f1"
interval: 300s
alert_command: "if [ $BEACON_CHECK_OUTPUT -gt 100 ]; then echo 'Log file size: ${BEACON_CHECK_OUTPUT}MB' | logger -t beacon-alert; fi"
# Alert Commands (Legacy but still supported)
# For command-type checks, alert_command always runs regardless of check status
# Available variables in alert commands:
# $BEACON_CHECK_NAME - Name of the check
# $BEACON_CHECK_TYPE - Type of check (command, http, port)
# $BEACON_CHECK_STATUS - Status (up, down, error)
# $BEACON_CHECK_OUTPUT - Command output (for command checks only)
# $BEACON_CHECK_ERROR - Error message if any
# $BEACON_CHECK_DURATION - Check duration in seconds
# $BEACON_DEVICE_NAME - Device name
#
# Example alert commands:
# - Send to Webhook: "curl -X POST ${WEBHOOK_URL} -H 'Content-Type: application/json' -d '{\"text\":\"$BEACON_CHECK_NAME: $BEACON_CHECK_STATUS\"}'"
# - Send email: "echo 'Check $BEACON_CHECK_NAME is $BEACON_CHECK_STATUS' | mail -s 'Beacon Alert' [email protected]"
# - Log to syslog: "logger -p local0.err 'Beacon Alert: $BEACON_CHECK_NAME is $BEACON_CHECK_STATUS'"
# Plugin configuration for alerts (Modern approach)
plugins:
# SMTP email plugin
- name: email
enabled: true
smtp_host: "smtp.gmail.com"
smtp_port: "587"
smtp_user: "${SMTP_USER}"
smtp_pass: "${SMTP_PASSWORD}"
from: "[email protected]"
to: ["[email protected]"]
use_tls: true
# Generic webhook plugin
- name: webhook
enabled: true
url: "${WEBHOOK_URL}"
method: "POST"
content_type: "application/json"
headers:
Authorization: "Bearer ${WEBHOOK_TOKEN}"
X-Custom-Header: "Beacon-Alert"
template: |
{
"alert": {
"title": "{{.Title}}",
"message": "{{.Message}}",
"severity": "{{.Severity}}",
"device": "{{.Device.Name}}",
"check": "{{.Check.Name}}",
"status": "{{.Check.Status}}"
}
}
# Alert rules - define when and how alerts are sent
alert_rules:
# Critical alerts - send to all channels
- check: "Homepage"
severity: critical
plugins: ["email", "webhook"]
cooldown: "5m"
# Warning alerts - send to webhook only
- check: "API Health"
severity: warning
plugins: ["webhook"]
cooldown: "10m"
# Database alerts - email only
- check: "Database Port"
severity: critical
plugins: ["email"]
cooldown: "15m"
# Comprehensive Log Sources Configuration
log_sources:
# 1. FILE-BASED LOG FORWARDING
# Monitor application log files
- name: "Application Logs"
type: file
enabled: true
file_path: "/var/log/myapp/app.log"
follow_file: true
interval: 30s
max_lines: 100
deduplicate: true # Enable deduplication for this source
include_patterns:
- "ERROR"
- "WARN"
- "FATAL"
exclude_patterns:
- "DEBUG.*noise"
- name: "Nginx Access Logs"
type: file
enabled: true
file_path: "/var/log/nginx/access.log"
follow_file: true
interval: 60s
max_lines: 50
exclude_patterns:
- "GET.*\\.(css|js|png|jpg|ico)" # Exclude static assets
- name: "Nginx Error Logs"
type: file
enabled: true
file_path: "/var/log/nginx/error.log"
follow_file: true
interval: 30s
max_lines: 50
# 2. DOCKER LOG FORWARDING
# Monitor specific containers
- name: "Web Container Logs"
type: docker
enabled: false
containers: ["myapp-web", "myapp-api"]
interval: 30s
max_lines: 50
docker_options: "--since 5m"
exclude_patterns:
- "health.*check"
# Monitor ALL running containers
- name: "All Docker Logs"
type: docker
enabled: true # Disabled by default to avoid noise
all_containers: true
interval: 60s
max_lines: 20
deduplicate: true # Enable deduplication for Docker logs
docker_options: "--since 2m"
include_patterns:
- "ERROR"
- "FATAL"
- "PANIC"
# 3. DEPLOY LOG FORWARDING
# Capture deployment command output to a file
- name: "Deploy Logs"
type: deploy
enabled: true
deploy_log_file: "/tmp/beacon-deploy.log"
interval: 60s
max_lines: 200
# 4. COMMAND-BASED LOG FORWARDING
# System logs via journalctl
- name: "System Logs"
type: command
enabled: true
command: "journalctl --since '10 minutes ago' --no-pager -n 50 -p err"
interval: 300s # Every 5 minutes
max_lines: 50
# Application service logs
- name: "Application Service"
type: command
enabled: true
command: "journalctl -u myapp.service --since '5 minutes ago' --no-pager -n 30"
interval: 180s
max_lines: 30
- name: "Disk Usage Alerts"
type: command
enabled: true
command: "df -h | awk '$5 > 80 {print $0}'" # Report filesystems > 80% full
interval: 1800s # Every 30 minutes
max_lines: 10
# Docker system information
- name: "Docker System Info"
type: command
enabled: true
command: "docker system df && echo '---' && docker ps --format 'table {{.Names}}\t{{.Status}}'"
interval: 600s
max_lines: 50
# Optional: advanced reporting only in this file (most users rely on ~/.beacon/config.yaml instead).
# Example — local Prometheus scrape or textfile export:
# report:
# prometheus_metrics: true
# prometheus_port: 9100
# prometheus_file_path: ~/.beacon/metrics.prom
# deploy_on_request: true
# -------------------------------------------
# DEPLOY COMMAND LOG REDIRECTION EXAMPLES
# -------------------------------------------
# When using beacon deploy, redirect output to the deploy log file:
#
# Example 1: Docker Compose deployment with logging
# BEACON_DEPLOY_CMD="docker compose up --build -d 2>&1 | tee /tmp/beacon-deploy.log"
#
# Example 2: Custom script with logging
# BEACON_DEPLOY_CMD="./deploy.sh 2>&1 | tee /tmp/beacon-deploy.log"
#
# Example 3: Systemd service restart with logging
# BEACON_DEPLOY_CMD="sudo systemctl restart myapp.service 2>&1 | tee /tmp/beacon-deploy.log"
#
# Example 4: Multi-step deployment with logging
# BEACON_DEPLOY_CMD="{ echo 'Starting deployment...'; git pull; npm install; npm run build; pm2 restart all; echo 'Deployment complete.'; } 2>&1 | tee /tmp/beacon-deploy.log"
# -------------------------------------------
# DOCKER-SPECIFIC LOG EXAMPLES
# -------------------------------------------
# Monitor web application stack:
# log_sources:
# - name: "Web Stack Logs"
# type: docker
# enabled: true
# containers: ["nginx", "app", "redis", "postgres"]
# interval: 30s
# max_lines: 50
# Monitor all containers but filter for errors only:
# log_sources:
# - name: "Docker Error Logs"
# type: docker
# enabled: true
# all_containers: true
# interval: 60s
# max_lines: 100
# include_patterns:
# - "(?i)(error|fatal|panic|exception|fail)"
# -------------------------------------------
# FILE LOG EXAMPLES FOR DIFFERENT APPS
# -------------------------------------------
# Laravel application logs:
# log_sources:
# - name: "Laravel Logs"
# type: file
# enabled: true
# file_path: "/var/www/app/storage/logs/laravel.log"
# follow_file: true
# use_tail: false # try direct file access first, fallback to tail if needed
# interval: 30s
# include_patterns:
# - "ERROR"
# System logs (requires elevated permissions - use tail):
# log_sources:
# - name: "System Logs"
# type: file
# enabled: true
# file_path: "/var/log/syslog"
# follow_file: true
# use_tail: true # force tail command for permission-restricted files
# interval: 30s
# max_lines: 200
# - "CRITICAL"
# - "EMERGENCY"
# Node.js PM2 logs:
# log_sources:
# - name: "PM2 Error Logs"
# type: file
# enabled: true
# file_path: "/home/app/.pm2/logs/app-error.log"
# follow_file: true
# interval: 30s
# Apache access logs with filtering:
# log_sources:
# - name: "Apache Errors"
# type: file
# enabled: true
# file_path: "/var/log/apache2/error.log"
# follow_file: true
# interval: 60s
# include_patterns:
# - "\\[error\\]"
# - "\\[crit\\]"
# -------------------------------------------
# ALERT COMMAND EXAMPLES
# -------------------------------------------
# Beacon supports alert_command for each check. When a check fails, the command is executed.
# The following environment variables are available in the alert command:
#
# BEACON_CHECK_NAME - Name of the failed check
# BEACON_CHECK_TYPE - Type of check (http, port, command)
# BEACON_CHECK_STATUS - Status of the check (down, error)
# BEACON_CHECK_ERROR - Error message from the check
# BEACON_CHECK_DURATION - Duration of the check in seconds
# BEACON_DEVICE_NAME - Name of the device running the check
#
# Example alert commands:
# 1. Slack Webhook Alert:
# alert_command: "curl -X POST https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK -d '{\"text\":\"🚨 $BEACON_CHECK_NAME is down on $BEACON_DEVICE_NAME: $BEACON_CHECK_ERROR\"}'"
# 2. Email Alert:
# alert_command: "echo 'Alert: $BEACON_CHECK_NAME failed on $BEACON_DEVICE_NAME' | mail -s 'Beacon Alert' [email protected]"
# 3. Webhook Alert:
# alert_command: "curl -X POST ${WEBHOOK_URL} -H 'Content-Type: application/json' -d '{\"text\":\"Alert: $BEACON_CHECK_NAME failed\"}'"
# 4. System Log Alert:
# alert_command: "logger -p local0.err 'Beacon Alert: $BEACON_CHECK_NAME failed on $BEACON_DEVICE_NAME'"
# 5. Custom Script Alert:
# alert_command: "/usr/local/bin/my-alert-script.sh '$BEACON_CHECK_NAME' '$BEACON_CHECK_ERROR' '$BEACON_DEVICE_NAME'"
# 6. Slack Webhook Alert:
# alert_command: "curl -X POST ${SLACK_WEBHOOK_URL} -H 'Content-Type: application/json' -d '{\"text\":\"🚨 $BEACON_CHECK_NAME is down on $BEACON_DEVICE_NAME\"}'"
# 7. SMS Alert (via Twilio):
# alert_command: "curl -X POST https://api.twilio.com/2010-04-01/Accounts/YOUR_ACCOUNT/Messages.json --data-urlencode 'To=+1234567890' --data-urlencode 'From=+0987654321' --data-urlencode 'Body=Alert: $BEACON_CHECK_NAME failed' -u YOUR_ACCOUNT:YOUR_TOKEN"
# 8. Auto-remediation (restart service):
# alert_command: "systemctl restart nginx && echo 'Nginx restarted due to check failure' | logger -p local0.warn"
# 9. Multiple alerts (chain commands):
# alert_command: "curl -X POST https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK -d '{\"text\":\"Alert: $BEACON_CHECK_NAME failed\"}' && echo 'Alert sent to Slack' | logger -p local0.info"
# 10. Conditional alerting (only alert on specific errors):
# alert_command: "if [[ '$BEACON_CHECK_ERROR' == *'connection refused'* ]]; then curl -X POST https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK -d '{\"text\":\"Critical: $BEACON_CHECK_NAME connection refused\"}'; fi"