Examples ā
š Config Example ā
Here is an example config with some real use cases.
Config Example with Use Cases
yaml
# ===========================================
# CONFIG EXAMPLE
# ===========================================
#
# This is an example config.yaml file for loggifly.
#
# If you want to use this file after editing it make sure to rename it to config.yaml
#
# Feel free to contribute to the containers section of this example config with use cases you have found helpful :)
containers:
audiobookshelf:
ntfy_topic: abs
ntfy_tags: books, headphones
notification_cooldown: 5
notification_title: "{container}" # hide found keywords from notification title
keywords:
# user requested download:
- regex: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3}).*User "(?P<user>[A-Za-z\s]+)" requested download for item "(?P<item>[A-Za-z\s]+)"'
template: '\nš The user {user} requested download for ''{item}''!\nš {timestamp}'
# user was online
- regex: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3}).*Socket.*disconnected from client "(?P<user>[A-Za-z\s]+)"'
template: '\nš The user {user} was seen!\nš {timestamp}'
# Failed Login attempt
- regex: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3}).*Failed login attempt for username "(?P<user>[A-Za-z\s]+)" from ip (?P<ip_address>\d{1,3}(?:\.\d{1,3}){3})\s+\((?P<error>[A-Za-z\s]+)\)'
template: 'šØ Failed login!šāāļø\nUsername: ''{user}''\nš IP Address: {ip_address}\nš {timestamp}'
- podcast
- regex: User.*logged in # when a user logs in
- failed login # Failed login to the web interface
- Error in openid callback # Error when trying to login with OIDC
vaultwarden:
ntfy_tags: closed_lock_with_key
ntfy_priority: 5
ntfy_topic: security
notification_cooldown: 0
keywords:
- regex: '(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3}).*Username or password is incorrect. Try again. IP: (?P<ip_address>\d{1,3}(?:\.\d{1,3}){3}). Username: (?P<email>[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})'
template: 'šØ Failed login!\nš§ Email: ''{email}''\nš IP Address: {ip_address}\nš {timestamp}'
hide_pattern_in_title: true # Hide full regex pattern in notification title
ebook2audiobook:
attachment_lines: 300
keywords:
- 100%
- sentence
- converting
- keyword: total audio parts saved to
attach_logfile: true # Attach a log file to the notification
authelia:
ntfy_topic: security
keywords:
- regex: \bsuccessful.*authentication
json_template: '{msg}\nš IP: {remote_ip}\n{time}'
- keyword: user not found
json_template: 'šØ Somebody tried to log in with a username that does not exist\n\nš{time}\nFull Error Message:\n{msg}'
adguard:
attach_logfile: true # Attach a log file to the notification
attachment_lines: 100
ntfy_topic: adguard
keywords:
- failed
- error
kitchenowl:
keywords:
- keyword: traceback
action: stop # I have had container restart loops because kitchenowl couldn't connect to my Authentik Server
global_keywords:
keywords:
- keyword: panic
attach_logfile: true # Attach a log file to the notification
- keyword: fatal
ntfy_topic: fatal-errors
notifications:
# At least one of these (Ntfy/Apprise/Webhook) is required.
ntfy:
url: http://your-ntfy-server # Required. The URL of your Ntfy instance
topic: loggifly # Required. the topic for Ntfy
token: ntfy-token # Ntfy token in case you need authentication
username: john # Ntfy Username + Password in case you need authentication
password: password # Ntfy Username + Password in case you need authentication
priority: 3 # Ntfy priority (1-5)
tags: kite,mag # Ntfy tags/emojis
apprise:
url: "discord://webhook-url" # Any Apprise-compatible URL (https://github.com/caronc/apprise/wiki)
webhook:
url: https://custom.endpoint.com/post
headers: # add headers if needed
Authorization: "Bearer token"
X-Custom-Header": "Test123"
# Default settings (can be overridden on container or keyword level)
settings:
log_level: INFO # DEBUG, INFO, WARNING, ERROR
multi_line_entries: True # Catch log entries that span multiple lines instead of going line by line.
reload_config: True # Auto-reload config on changes
disable_start_message: False # Suppress startup notification
disable_shutdown_message: False # Suppress shutdown notification
disable_config_reload_message: False # Suppress config reload notification
disable_container_event_message: False # Suppress container start/stop notifications
notification_cooldown: 5 # Seconds between alerts for same keyword (per container)
notification_title: default # Custom template for notification title
action_cooldown: 300 # Cooldown (seconds) before next container action (min 60s)
attach_logfile: False # Attach log file to all notifications
attachment_lines: 20 # Lines to include in log attachments
hide_regex_in_title: False # Hide regex in notification title
excluded_keywords: # List of keywords that will always be ignored in log lines.
- keyword: ignore this messageINFO
Feel free to contribute your use cases to the file.
š Systemd Monitoring ā
You can monitor systemd services / journal logs with LoggiFly by setting up a fluentbit container.
With this compose file journal logs are directly streamed to the fluentbit container logs where LoggiFly can then monitor them.
Fluentbit Compose File ā
yaml
services:
fluentbit:
image: fluent/fluent-bit:latest
container_name: fluentbit
read_only: true
volumes:
- /var/log/journal:/var/log/journal:ro
command: >
/fluent-bit/bin/fluent-bit
-i systemd -p tag=journal -p path=/var/log/journal -p read_from_tail=true
-o stdout -p match=* -p format=json_lines
restart: unless-stoppedLoggiFly Config Example ā
yaml
containers:
fluentbit:
keywords:
- keyword_group:
- ssh
- failed
- password
notification_title: 'Failed SSH Login Attempt'
json_template: '{MESSAGE}'
notification_cooldown: 0
ntfy_tag: rotating_lightResult ā
