Skip to content

Loki config

Loki Setup (hostmonitor)

Loki Config file is already configured. Do not touch:

auth_enabled: false

server:
  http_listen_port: 3100

common:
  path_prefix: /loki
  storage:
    filesystem:
      chunks_directory: /loki/chunks
      rules_directory: /loki/rules
  replication_factor: 1
  ring:
    kvstore:
      store: inmemory

schema_config:
  configs:
    - from: 2024-01-01
      store: tsdb
      object_store: filesystem
      schema: v13
      index:
        prefix: index_
        period: 24h

limits_config:
  retention_period: 30d

Alloy setup

Installation of Alloy

  1. Create directory for keyrings if it doesn't exist 

    sudo mkdir -p /etc/apt/keyrings/

  2. Download and dearmor the GPG key: 

    wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null

  3. Add the stable repository to your sources: 

    echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | sudo tee /etc/apt/sources.list.d/grafana.list

  4. Install Alloy: 

    sudo apt-get update
sudo apt-get install -y alloy

  5. Make the alloy user a admin for log privelages: 

    sudo usermod -a -G adm alloy

Setup of Alloy

  1. Edit the file /etc/alloy/config.alloy to the following:

Warning

Config file of alloy may change based on required logs. Please check this file on an existing server

// --- 1. DISCOVERY: Define where the logs are ---
local.file_match "node_logs" {
    path_targets = [
        // PROXMOX LOGS
        { "job" = "proxmox", "subsystem" = "pve_tasks", "__path__" = "/var/log/pve/tasks/*" },
        { "job" = "proxmox", "subsystem" = "corosync",  "__path__" = "/var/log/pve/corosync.log" },
        { "job" = "proxmox", "subsystem" = "corosync",  "__path__" = "/var/log/pve/**/*.log" },

        // SYSTEM & INSTALL LOGS
        { "job" = "system", "subsystem" = "syslog",    "__path__" = "/var/log/syslog" },
        { "job" = "system", "subsystem" = "install",   "__path__" = "/var/log/dpkg.log" },
        { "job" = "system", "subsystem" = "apt",       "__path__" = "/var/log/apt/history.log" },

        // CATCH-ALL: Everything in /var/log/ ending in .log
        // This includes subdirectories like /var/log/apt/*.log
        { "job" = "var_logs", "subsystem" = "generic", "__path__" = "/var/log/**/*.log" },

        // ACTIVE DIRECTORY & LOGIN LOGS (SSSD is most common for AD on Linux)
        { "job" = "ad", "subsystem" = "auth",     "__path__" = "/var/log/auth.log" },
        { "job" = "ad", "subsystem" = "sssd",     "__path__" = "/var/log/sssd/*.log" },
        { "job" = "ad", "subsystem" = "winbind",  "__path__" = "/var/log/samba/log.winbindd" },
    ]
}

// --- 2. PROCESSING: Attach global labels (Hostname) ---
loki.relabel "add_hostname" {
    forward_to = [loki.write.loki_vm.receiver]

    rule {
        target_label = "hostname"
        replacement  = "proxmox-physical-01" // Change this per host
    }
    rule {
        target_label = "host_type"
        replacement  = "physical"
    }
}

// --- 3. SCRAPE: Read the files ---
loki.source.file "log_scraper" {
    targets    = local.file_match.node_logs.targets
    forward_to = [loki.relabel.add_hostname.receiver]
}

// --- 4. EXPORT: Send to your Loki VM ---
loki.write "loki_vm" {
    endpoint {
        url = "http://10.8.1.43:3100/loki/api/v1/push"
    }
}
  1. Enable and start Alloy
sudo systemctl enable alloy
sudo systemctl start alloy