examples

examples/config.json

@@ -0,0 +1,36 @@
+{
+  // this is an example config file for kawa
+  // it is parsed using hujson so you can use comments and trailing commas, but
+  // is otherwise identical to JSON
+  "sources": [
+    {
+      "type": "syslog",
+      "addr": "0.0.0.0:5514",
+      // content-type tells the source how to parse logs received on this
+      // instance of syslog. We may explore using the syslog tag to indicate
+      // the schema as well down the line.
+      "contentType": "application/json; rrtype=nginx-json",
+    },
+    {
+      "type": "journald",
+    },
+  ],
+  "destinations": [
+    {
+      "type": "s3",
+      "bucketName": "the-lumber-mill",
+      "bucketRegion": "us-west-2",
+    },
+    {
+      "type": "runreveal",
+      // Replace this webhook URL with your own, created on https://www.runreveal.com
+      // as a "Kawa" type source
+      "webhookURL": "https://example.runreveal.com/sources/kawa/webhook/0123456789",
+      // You can also use environment variables by referencing them with a
+      // dollar sign. The value must be quoted, start with a dollar sign and be
+      // a valid environment variable name
+      // "webhookURL": "$WEBHOOK_URL",
+    },
+  ],
+}
+

examples/mqtt_config.json

@@ -0,0 +1,32 @@
+{
+  // this is an example config file for kawa
+  // it is parsed using hujson so you can use comments and trailing commas, but
+  // is otherwise identical to JSON
+  "sources": [
+    {
+      "type": "mqtt",
+      "broker": "mqtt://broker.localhost:1883",
+      "clientID": "kawa_src",
+      "userName": "",
+      "password": "",
+      "topic": "reveald/src",
+      "qos": 1, // Optional defaults to 1 if not included
+      "retained": false, // Optional defaults to false if not included
+    },
+  ],
+  "destinations": [
+    {
+      "type": "mqtt",
+      "broker": "mqtt://broker.localhost:1883",
+      "clientID": "kawa_dst",
+      "userName": "",
+      "password": "",
+      "topic": "reveald/dest",
+      "qos": 1, // Optional defaults to 1 if not included
+      "retained": false, // Optional defaults to false if not included
+    },
+    {
+      "type": "printer"
+    }
+  ],
+}

examples/nginx_json.conf

@@ -0,0 +1,80 @@
+# Put this file into /etc/nginx/conf.d/ and reload or restart nginx.
+# You can then use the log_format in your vhost config.
+#
+# Example:
+# server {
+#       listen 80;
+#       server_name example.com;
+#       access_log syslog:server=127.0.0.1:5514 json_combined;
+#       location / {
+#               ... location settings
+#       }
+# }
+
+
+map $upstream_bytes_received $upstreamBytesReceived {
+        default $upstream_bytes_received;
+        ""      0;
+}
+
+map $upstream_bytes_sent $upstreamBytesSent {
+        default $upstream_bytes_sent;
+        ""      0;
+}
+
+map $upstream_response_time $upstreamResponseTime {
+        default $upstream_response_time;
+        ""      0;
+}
+
+map $upstream_response_length $upstreamResponseLength {
+        default $upstream_response_length;
+        ""      0;
+}
+
+map $status $statusCode {
+        default $status;
+        ""      0;
+}
+
+map $body_bytes_sent $bodyBytesSent {
+        default $body_bytes_sent;
+        ""      0;
+}
+
+map $request_time $requestTime {
+        default $request_time;
+        ""      0;
+}
+
+log_format json_combined escape=json
+'{'
+        '"ts":"$time_iso8601",'
+        '"remote_addr":"$remote_addr",'
+        '"remote_user":"$remote_user",'
+        '"request_time":$requestTime,'
+        '"request":{'
+                '"http_referrer":"$http_referer",'
+                '"http_user_agent":"$http_user_agent",'
+                '"method":"$request_method",'
+                '"scheme":"$scheme",'
+                '"host":"$host",'
+                '"server_addr":"$server_addr",'
+                '"uri":"$uri",'
+                '"query":"$query_string",'
+                '"request_uri":"$request_uri",'
+                '"xfwd":"$proxy_add_x_forwarded_for"'
+        '},'
+        '"upstream":{'
+                '"addr":"$upstream_addr",'
+                '"bytes_received":$upstreamBytesReceived,'
+                '"bytes_sent":$upstreamBytesSent,'
+                '"response_time":$upstreamResponseTime,'
+                '"response_length":$upstreamResponseLength'
+        '},'
+        '"response":{'
+                '"status":$statusCode,'
+                '"body_bytes_sent":$bodyBytesSent'
+        '}'
+'}';
+

examples/reveald.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Reveald Collector
+After=network.target
+
+[Service]
+Type=simple
+# adjust the locations to your environment as necessary
+ExecStart=/usr/local/reveald run --config /etc/reveald/config.json
+MemoryMax=1G
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+

examples/windows/config_windows.json

@@ -0,0 +1,15 @@
+{
+  "pprof": "localhost:6060",
+  "sources": [
+    {
+      "type": "eventlog",
+      "channel": "Security",
+      "query": "*", //"*[EventData[Data[@Name='LogonType']='2'] and System[(EventID=4624)]]"
+    },
+  ],
+  "destinations": [
+    {
+      "type": "printer",
+    },
+  ],
+}