Closed LogiEx7 closed 4 years ago
Hi, the exact syntax is configured by the following environment variables :
It is indeed pretty unclear, I will update this ASAP to provide a more detailed configuration !
version: "3.7"
services:
ssh-log-to-influx:
image: acouvreur/ssh-log-to-influx
build: ./
restart: always
environment:
- INFLUX_URL=mydomain
- INFLUX_DB=mydb
- INFLUX_USER=myuser
- INFLUX_PWD=mystrongpassword
- INFLUX_PORT=https
ports:
- 7070:7070/tcp
would be valid. Can you try it ? Thanks.
Moreover the port is 8086 and there is no way to change it at this moment, I'll update this too
Hello @acouvreur , Thank you very much for the speed and quality of the response. It works better like that indeed.
f0ee174590bf acouvreur/ssh-log-to-influx "docker-entrypoint.s…" 18 hours ago Up 18 hours 0.0.0.0:7070->7070/tcp ssh-log-to-influx_ssh-log-to-influx_1
By cons I don't collect any data. I think the problem comes from rsyslog ..
mai 20 11:08:12 myserver liblogging-stdlog[8923]: action 'action 14' resumed (module 'builtin:omfwd') [v8.24.0 try http://www.rsyslog.com/e/2359 ]
rsyslogd -v
rsyslogd 8.24.0, compiled with:
PLATFORM: x86_64-pc-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64
I will provide you my RSyslog configuration when I'll have time. But it seems to be working fine as
mai 20 11:08:12 myserver liblogging-stdlog[8923]: action 'action 14' resumed (module 'builtin:omfwd') [v8.24.0 try http://www.rsyslog.com/e/2359 ]
seems to be ok.
Can you try starting the ssh-log-to-influx server in debug mode ?
For this, add DEBUG_LEVEL=debug
under environments:
inside the docker-compose file
Meanwhile this issue https://github.com/acouvreur/ssh-log-to-influx/issues/48 may interest you. The goal is to read from the auth.log file instead of listening to TCP packets from rsyslog.
If you have any suggestion please let me know.
I activated debug mode, do you have a technique for viewing the logs? I used docker logs
I have this as a result:
[2020-05-20T09:59:02.246] [DEBUG] default - Geohashing with lat: 31.0449, lon: 121.4012: wtw2de99s
[2020-05-20T09:59:02.248] [INFO] default - CLOSED: ::ffff:172.20.0.1:39470
[2020-05-20T09:59:07.594] [INFO] default - CONNECTED: ::ffff:172.20.0.1:39680
[2020-05-20T09:59:07.596] [DEBUG] default - Received data Failed password for root from 222.186.175.217 port 44920 ssh2
[2020-05-20T09:59:07.597] [DEBUG] default - Parsed root 222.186.175.217 44920
[2020-05-20T09:59:07.597] [DEBUG] geohash - Not making an API Call for 222.186.175.217, using in memory from previous calls {
status: 'success',
country: 'China',
countryCode: 'CN',
region: 'SH',
regionName: 'Shanghai',
city: 'Shanghai',
zip: 'none',
lat: 31.0449,
lon: 121.4012,
timezone: 'Asia/Shanghai',
isp: 'Chinanet Jiangsu',
org: 'Chinanet JS',
as: 'AS23650 AS Number for CHINANET jiangsu province backbone',
query: '222.186.175.217'
}
[2020-05-20T09:59:07.597] [DEBUG] default - Geohashing with lat: 31.0449, lon: 121.4012: wtw2de99s
(node:31) UnhandledPromiseRejectionWarning: Error: No host available
at Pool.stream (/app/node_modules/influx/lib/src/pool.js:228:29)
at /app/node_modules/influx/lib/src/pool.js:165:18
at new Promise (<anonymous>)
at Pool.discard (/app/node_modules/influx/lib/src/pool.js:164:16)
at InfluxDB.writePoints (/app/node_modules/influx/lib/src/index.js:840:27)
at _callee$ (/app/src/index.js:57:10)
at tryCatch (/app/node_modules/regenerator-runtime/runtime.js:45:40)
at Generator.invoke [as _invoke] (/app/node_modules/regenerator-runtime/runtime.js:274:22)
at Generator.prototype.<computed> [as next] (/app/node_modules/regenerator-runtime/runtime.js:97:21)
at asyncGeneratorStep (/app/src/index.js:25:103)
(node:31) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 262)
[2020-05-20T09:59:07.598] [INFO] default - CLOSED: ::ffff:172.20.0.1:39680
docker logs -f
will tail you the logs in real time.
It seems from this message Error: No host available
that you haven't successfully connected to the provided database. If you run the docker-compose without --detach (-d) you should see a warning saying that you could not connect to the database.
Maybe this behavior should be changed and directly stop the application. I'm working on an HEALTHCHECK instruction that will check if the container is successfully connected to the database.
Ok I see that it resolves the domain name correctly however the problem comes from the fact that it wants to use port 8086. How can I use a custom port? Or this feature doesn't exist yet? In any case, thank you very much for your help.
You can use INFLUX_PORT, see the README for available configurations
I tried but it still takes the default port
I have enabled the default port of influxdb, it works. However, you must have an admin user so that he can create the database.
I just tried with a custom port and it worked. Can you provide more details on your configuration ?
What is the exact syntax for docker-compose.yml? For a configuration of influxdb on another server.
With this configuration the container restarts all the time.