watch-tool/configs/example-config.yaml

export:
  enabled: true
  batch_size: 100
  export_interval: "30s"
  retry_attempts: 5
  retry_backoff: "10s"
  health_check_interval: "60s"

localstorage:
  enabled: true
  db_path: "./watch.db"
  rotation:
    max_sizes_bytes: 100 * 1024 * 1024
    max_age_hours: 24
    max_files: 3
    check_interval_minuntes: 5
    archive_dir: ""

elasticsearch:
  enabled: true
  url: "http://10.0.0.99:9200"
  index: "watch"
  username: "your-configured-user"
  password: "your-super-secret-password"
  api_key: "your-api-key"
  timeout: 30

web_service:
  enabled: true
  host: "0.0.0.0"
  port: 9090

system_metrics:
  enabled: true
  collect_cpu: true
  collect_memory: true
  collect_disk: true
  collect_network: true
  disk_paths:
    - "/"
    - "/var"
    - "/home"
  network_interfaces:
    - "ens6"
  collect_network_connections: true
  collect_load_average: true
  collect_tcp_stats: true
  collect_filehandles: true
  collect_disk_io: true
  collect_network_latency: true
  collect_bandwidth_usage: true
  transfer_ports: 60003
  latency_test_hosts: "www.google.de"

poll_interval_seconds: 30
patterns_file: "./configs/patterns.yaml"

logging:
  level: "info"
  file_path: "/var/log/system-monitor.log"

drain3:
  enabled: true
  state_dir: "./drain3_states"
  depth: 4
  sim_th: 0.4
  max_children: 100
  max_clusters: 1000
  save_interval: 60

services:
  - name: "nginx"
    service: "nginx.service"
    enabled: true
    since_time: ""
    priority: "info"

tools:
  - name: "nginx-access"
    log_file: "/var/log/nginx/access.log"
    enabled: true
    buffer_size: 200
    format:
      name: "nginx_combined"
      pattern: '^(?P<client_ip>\S+) \S+ \S+ \[(?P<timestamp>[^\]]+)\] "(?P<method>\S+) (?P<path>\S+) (?P<protocol>\S+)" (?P<status>\d+) (?P<body_bytes>\d+) "(?P<referer>[^"]*)" "(?P<user_agent>[^"]*)"'
      fields:
        client_ip: "remote_addr"
        timestamp: "time_local"
        method: "request_method"
        path: "request_uri"
        protocol: "server_protocol"
        status: "status"
        body_bytes: "body_bytes_sent"
        referer: "http_referer"
        user_agent: "http_user_agent"

  - name: "nginx-error"
    log_file: "/var/log/nginx/error.log"
    enabled: true
    buffer_size: 100
    format:
      name: "nginx_error"
      pattern: '^(?P<timestamp>\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}) \[(?P<level>\w+)\] (?P<pid>\d+)#(?P<tid>\d+): (?P<message>.*)'
      fields:
        timestamp: "time"
        level: "log_level"
        pid: "process_id"
        tid: "thread_id"
        message: "error_message"