Closed FoxxMD closed 8 months ago
Short answer is No.
If you read the introduction, one reason I wrote endlessh-go
is I don't want to parse unstructured logs. So adding more information to log to be parsed later defeats the purpose of this program.
I hope you can set the expectation that these log formats could change anytime and it will break your parser.
We may add structured logging. However we need to answer the following questions. We can keep this bug open for discussion.
https://github.com/golang/glog
as well? Does it worth to maintain two logging libraries in one program?Anyway it won't be done very soon.
Grafana can send alerts as well https://grafana.com/docs/grafana/latest/alerting/
Maybe you can build something like prometheus->grafana->discord or prometheus->grafana->crowdsec->discord?
Appreciate the response and understand the reluctance to change the existing log format.
I went ahead and built the parser and implemented the geolocation stuff myself. For anyone else viewing this you can use endless-notify to get notifications with geolocation data to discord, ntfy, and gotify for real-time events from endlessh-go or the original endlessh. And I'll have a generic webhook and/or structure log output option available soon.
I'm working on an enhanced crowdsec collection for endlessh-go as well as a basic notifier to discord. Neither of these can take advantage of prometheus exports directly and instead need to use the log file generated to parse events. It would be helpful if the geo information parsed for prometheus metrics was included in the log lines (on ACCEPT) so that I don't have to make another call to ip-api to get the same information again.