grafana-loki-syslog-stack/config.alloy

loki.source.syslog "syslog" {
        listener {
                address               = "0.0.0.0:1514"
                idle_timeout          = "1m0s"
                label_structured_data = true
                labels                = {
                        job = "syslog",
                }
                max_message_length = 0
        }
        forward_to    = [loki.write.default.receiver]
        relabel_rules = discovery.relabel.syslog.rules
}

discovery.relabel "syslog" {
        targets = []

        rule {
                source_labels = ["__syslog_message_hostname"]
                target_label  = "host"
        }

        rule {
                source_labels = ["__syslog_message_severity"]
                target_label  = "severity"
        }

        rule {
                source_labels = ["__syslog_message_app_name"]
                target_label  = "app"
        }
}

local.file_match "alloy_syslog_relay_varlogs" {
        path_targets = [{
                __address__ = "localhost",
                __path__    = "/var/log/*log",
                job         = "alloy-varlogs",
        }]
}

loki.source.file "alloy_syslog_relay_varlogs" {
        targets               = local.file_match.alloy_syslog_relay_varlogs.targets
        forward_to            = [loki.write.default.receiver]
        legacy_positions_file = "/tmp/positions.yaml"
}

loki.write "default" {
        endpoint {
                url = "http://localhost:3100/loki/api/v1/push"
        }
        external_labels = {}
}