Examples
Config Example
Here is an example config with some real use cases.
Config Example with Use Cases
yaml
# ===========================================
# CONFIG EXAMPLE
# ===========================================
#
# This is an example config.yaml file for loggifly.
#
# Feel free to contribute to the containers section of this example config with use cases you have found helpful :)
containers:
audiobookshelf:
ntfy_topic: abs
ntfy_tags: books, headphones
ntfy_icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/audiobookshelf.png
notification_cooldown: 5
title_template: "{container_name}" # use container name as title
keywords:
# user requested download:
- regex: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3}).*User "(?P<user>[a-zA-Z0-9._+-]+)" requested download for item "(?P<item>[A-Za-z\s]+)"'
message_template: |
🔎 The user {user} requested download for '{item}'!
🕐 {timestamp}
# user was online
- regex: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3}).*Socket.*disconnected from client "(?P<user>[a-zA-Z0-9._+-]+)"'
message_template: |
🔎 The user '{user}' was seen!
🕐 {timestamp}
# Failed Login attempt
- regex: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3}).*Failed login attempt for username "(?P<user>[a-zA-Z0-9._+-]+)" from ip (?P<ip_address>\d{1,3}(?:\.\d{1,3}){3})\s+\((?P<error>[A-Za-z\s]+)\)'
message_template: |
🚨 Failed login!
🙎♂️ Username: '{user}'
🔎 IP Address: {ip_address}
🕐 {timestamp}
- podcast
- regex: User.*logged in # when a user logs in
- failed login # Failed login to the web interface
- Error in openid callback # Error when trying to login with OIDC
vaultwarden:
ntfy_tags: closed_lock_with_key
ntfy_priority: 5
ntfy_topic: security
ntfy_icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/vaultwarden.png
notification_cooldown: 0
keywords:
- regex: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3}).*Username or password is incorrect. Try again. IP: (?P<ip_address>\d{1,3}(?:\.\d{1,3}){3}). Username: (?P<email>[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})'
message_template: |
🚨 Failed login!
📧 Email: '{email}'
🔎 IP Address: {ip_address}
🕐 {timestamp}
title_template: 'Failed Vaultwarden login'
ntfy_tags: rotating_light
paperless-webserver:
ntfy_priority: 5
ntfy_topic: security
notification_cooldown: 0
ntfy_icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/paperless-ngx.png
keywords:
- regex: '.*(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d+).*Login failed for user `(?P<username>.*)` from IP `(?P<ip>.*)`'
message_template: |
🚨 Failed login!
📧 Username: '{username}'
🔎 IP Address: {ip}
🕐 {timestamp}
title_template: 'Failed Paperless-ngx login'
ntfy_tags: closed_lock_with_key,rotating_light
homeassistant:
ntfy_priority: 5
ntfy_topic: security
notification_cooldown: 0
ntfy_icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/home-assistant.png
keywords:
- regex: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}).*Login attempt or request with invalid authentication from (?P<ip>.*)\. Requested URL.*'
message_template: |
🚨 Failed login!
🔎 IP Address: {ip}
🕐 {timestamp}
title_template: 'Failed Home Assistant login'
ntfy_tags: closed_lock_with_key,rotating_light
immich_server:
ntfy_tags: camera_flash
ntfy_priority: 5
ntfy_topic: security
ntfy_icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/immich.png
notification_cooldown: 0
keywords:
- regex: '.*(?P<timestamp>\d{2}\/\d{2}\/\d{4}, \d+:\d{2}:\d{2} (?:AM|PM)).*Failed login attempt for user (?P<username>.*) from ip address (?P<ip>.*)'
message_template: |
🚨 Failed login!
📧 Username: '{username}'
🔎 IP Address: {ip}
🕐 {timestamp}
title_template: 'Failed Immich login'
ntfy_tags: camera_flash,rotating_light
immich_machine_learning:
ntfy_tags: camera_flash,robot
ntfy_topic: server
ntfy_icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/immich.png
ntfy_markdown: true
container_events:
- event: oom
attach_logfile: true
ntfy_tags: robot,rotating_light
- event: crash
ntfy_tags: robot,rotating_light
action: restart
action_cooldown: 10
title_template: 'Immich Machine Learning Container crashed (exit code: {exit_code})'
# link inside message_template is formatted as markdown for the ntfy notification because of ntfy_markdown: true
message_template: |
🔁 {action_result_message}
🔎 [Link to Dozzle](http://192.168.178.222:8080/container/{container_id})
grafana:
ntfy_tags: closed_lock_with_key
ntfy_priority: 5
ntfy_topic: security
ntfy_icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/grafana.png
notification_cooldown: 0
keywords:
- regex: '.*logger=authn\.service.*\[identity.not-found\]\s+(?P<msg>.*)'
message_template: '🚨 {msg}'
title_template: 'Failed Grafana login'
- regex: '.*logger=authn\.service.*\[password-auth.failed\]\s+(?P<msg>.*)'
message_template: '🚨 {msg}'
title_template: 'Failed Grafana login'
ebook2audiobook:
attachment_lines: 300
keywords:
- 100%
- sentence
- converting
- keyword: total audio parts saved to
attach_logfile: true # Attach a log file to the notification
# Authelia has JSON logs, so we can use the JSON template fields in out templates.
authelia:
ntfy_topic: security
ntfy_icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/authelia.png
keywords:
- regex: \bsuccessful.*authentication
title_template: "Successful Authelia login"
message_template: |
🔎 IP: {remote_ip}
🕐 {time}
{msg}
- keyword: user not found
title_template: "Failed Authelia login"
message_template: |
🚨 Somebody tried to log in with a username that does not exist
🕐 {time}
{msg}
adguard:
attach_logfile: true # Attach a log file to the notification
attachment_lines: 100
ntfy_topic: adguard
ntfy_icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/adguard-home-light.png
keywords:
- failed
- error
fluentbit-kernel:
#assuming output from
# command: >
# /fluent-bit/bin/fluent-bit
# -i kmsg -t kernel
# -o stdout -p match=* -p format=json_lines
ntfy_tags: warning
ntfy_priority: 3
ntfy_topic: server
notification_cooldown: 0
keywords:
- keyword_group:
- "\"priority\":4"
message_template: "{msg}"
title_template: 'Kernel warning'
ntfy_priority: 3
ntfy_tags: warning
- keyword_group:
- "\"priority\":3"
message_template: "{msg}"
title_template: 'Kernel error'
ntfy_priority: 4
ntfy_tags: exclamation
- keyword_group:
- "\"priority\":2"
message_template: "{msg}"
title_template: 'Kernel critical error'
ntfy_priority: 5
ntfy_tags: skull
- keyword_group:
- "\"priority\":1"
message_template: "{msg}"
title_template: 'Kernel alert'
ntfy_priority: 5
ntfy_tags: skull
global_keywords:
keywords:
- keyword: panic
attach_logfile: true # Attach a log file to the notification
- keyword: fatal
ntfy_topic: fatal-errors
notifications:
# At least one of these (ntfy/Apprise/Webhook) is required.
ntfy:
url: http://your-ntfy-server # Required. The URL of your ntfy instance
topic: loggifly # Required. the topic for ntfy
token: ntfy-token # ntfy token in case you need authentication
username: john # ntfy Username + Password in case you need authentication
password: password # ntfy Username + Password in case you need authentication
priority: 3 # ntfy priority (1-5)
tags: kite,mag # ntfy tags/emojis
apprise:
url: "discord://webhook-url" # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
webhook:
url: https://custom.endpoint.com/post
headers: # add headers if needed
Authorization: "Bearer token"
X-Custom-Header": "Test123"
# Since all settings have default values, we can only set the ones we want to change.
# This is just an example of settings you might want to change. See the docs for all available settings.
settings:
disable_config_reload_message: True # Suppress config reload notification
disable_monitor_event_message: True # Suppress notifications when container monitoring starts/stops
notification_cooldown: 0 # Seconds between alerts for same keyword (per container)
action_cooldown: 60 # Cooldown (seconds) before next container action (min 60s)
hide_regex_in_title: True # Hide full regex pattern in found keywords in notification title for cleaner lookINFO
Feel free to contribute your use cases to the file.
Systemd Monitoring
You can monitor systemd services / journal logs with LoggiFly by setting up a fluentbit container.
With this compose file journal logs are directly streamed to the fluentbit container logs where LoggiFly can then monitor them.
Fluentbit Compose File
yaml
services:
fluentbit:
image: fluent/fluent-bit:latest
container_name: fluentbit
read_only: true
volumes:
- /var/log/journal:/var/log/journal:ro
command: >
/fluent-bit/bin/fluent-bit
-i systemd -p tag=journal -p path=/var/log/journal -p read_from_tail=true
-o stdout -p match=* -p format=json_lines
restart: unless-stoppedLoggiFly Config Example
yaml
containers:
fluentbit:
keywords:
- keyword_group:
- ssh
- failed
- password
title_template: 'Failed SSH Login Attempt'
message_template: '{MESSAGE}' # this is a field available in the JSON log entry
notification_cooldown: 0
ntfy_tag: rotating_lightResult
