All materials
alloy-config.river
riveralloy-config.river
// Grafana Alloy configuration for Reseau Sante du Nord security assessment
//
// CURRENT STATE: Only collecting EHR web application logs.
// SSH and FTP logs are NOT being collected.
//
// To add new log sources, create additional local.file_match and loki.source.file
// blocks following the pattern below. Each new source needs:
// 1. A local.file_match block to find the log files
// 2. A loki.source.file block to read and forward them
// 3. Appropriate labels (service name, job type) for targeted queries
//
// Labels matter: {service="ehr-web"} lets you query just web logs.
// Without service labels, every query must filter by log content, which is slow.
// --- EHR Web Application Logs ---
local.file_match "ehr_web_logs" {
path_targets = [{
__address__ = "localhost",
__path__ = "/var/log/ehr-web/*.log",
service = "ehr-web",
job = "docker",
}]
}
loki.source.file "ehr_web" {
targets = local.file_match.ehr_web_logs.targets
forward_to = [loki.write.default.receiver]
}
// --- Loki Write Endpoint ---
loki.write "default" {
endpoint {
url = "http://loki:3100/loki/api/v1/push"
}
}