shizunge
commented
8 months ago -
Short answer is No.
If you read the introduction, one reason I wrote
endlessh-gois I don't want to parse unstructured logs. So adding more information to log to be parsed later defeats the purpose of this program.I hope you can set the expectation that these log formats could change anytime and it will break your parser.
-
We may add structured logging. However we need to answer the following questions. We can keep this bug open for discussion.
- Shall we build a structured data ourselves then use current logging library to log them? Or use a new structured logging library?
- If we use a new library, shall we keep current logging library
https://github.com/golang/glogas well? Does it worth to maintain two logging libraries in one program? - If we remove current logging library, it would change the CLI interface, and break backward compatible. Does it worth the trouble to everyone? What is the rollout plan?
Anyway it won't be done very soon.
-
Grafana can send alerts as well https://grafana.com/docs/grafana/latest/alerting/
Maybe you can build something like prometheus->grafana->discord or prometheus->grafana->crowdsec->discord?
FoxxMD
I'm working on an enhanced crowdsec collection for endlessh-go as well as a basic notifier to discord. Neither of these can take advantage of prometheus exports directly and instead need to use the log file generated to parse events. It would be helpful if the geo information parsed for prometheus metrics was included in the log lines (on ACCEPT) so that I don't have to make another call to ip-api to get the same information again.