deeily/mail
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mail/deploy/elk/filebeat.yml
deeily 5024bf9a8d init: full mail stack — phases 0..8 (web client, admin, IMAP/SMTP, 
sieve, search, sessions, dramatiq, deploy/install, ELK, monitoring)
2026-04-29 16:30:43 +03:00

87 lines
2.4 KiB
YAML
Raw Permalink Blame History

# Filebeat config for shipping mail-stack logs to ELK.
#
# Stack we ship:
# - Flask gunicorn access/error → /var/log/mail-flask.log
# - Dramatiq worker → /var/log/mail-dramatiq.log
# - Backup cron → /var/log/mail-backup.log
# - DMS (Postfix/Dovecot) → docker logs / docker-mailserver-1 host log
#
# Output: Logstash on ${ELK_HOST}:5044 (Beats input, lumberjack).
# Override via env vars in /etc/default/filebeat or via templating.
filebeat.inputs:
- type: filestream
id: mail-flask
paths:
- /var/log/mail-flask.log
parsers:
- ndjson:
target: ""
overwrite_keys: true
ignore_decoding_error: true
fields:
service: mail-flask
environment: ${ENV:dev}
fields_under_root: true
- type: filestream
id: mail-dramatiq
paths:
- /var/log/mail-dramatiq.log
fields:
service: mail-dramatiq
environment: ${ENV:dev}
fields_under_root: true
- type: filestream
id: mail-backup
paths:
- /var/log/mail-backup.log
fields:
service: mail-backup
environment: ${ENV:dev}
fields_under_root: true
# Postfix + Dovecot through host file written by DMS volume mount.
- type: filestream
id: dms-mail
paths:
- /home/deeily/mail/docker/dms-data/logs/mail.log
- /home/deeily/mail/docker/dms-data/logs/mail.err
fields:
service: dms
environment: ${ENV:dev}
fields_under_root: true
processors:
- add_host_metadata: ~
- add_fields:
target: ""
fields:
host_role: mail-server
- drop_fields:
fields: ["agent.ephemeral_id", "ecs.version", "input.type", "log.flags"]
ignore_missing: true
# ── Output ─────────────────────────────────────────────────────────────────
output.logstash:
hosts: ["${ELK_HOST:logstash.internal}:${ELK_PORT:5044}"]
# ssl.enabled: true # uncomment if Logstash uses TLS
# ssl.certificate_authorities: ["/etc/filebeat/ca.crt"]
# Альтернатива: прямо в Elasticsearch
# output.elasticsearch:
# hosts: ["https://${ELK_HOST:elastic.internal}:9200"]
# username: "${ELASTIC_USER}"
# password: "${ELASTIC_PASSWORD}"
# ssl.verification_mode: full
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 5
permissions: 0640
Reference in New Issue View Git Blame Copy Permalink