// Alloy configuration for Reseau Sante du Nord EHR monitoring
// NOTE: This configuration uses a flat label scheme ({job="varlogs"}) for all log sources.
// This is a SIEM-ML.1 target -- the student should redesign the labels for security queries.

local.file_match "varlogs" {
  path_targets = [{
    __path__ = "/var/log/**/*.log",
  }]
}

loki.source.docker "containers" {
  host = "unix:///var/run/docker.sock"
  targets = []
  labels = {
    job = "varlogs",
  }
  forward_to = [loki.write.local.receiver]
}

// Database logs are NOT collected by default
// This is a SIEM-ML.2 target -- the student should add this log source
// to gain visibility into database access patterns

loki.write "local" {
  endpoint {
    url = "http://loki:3100/loki/api/v1/push"
  }
}