feat(monitoring): resolve Loki-stack syslog ingestion with rsyslog filter fix

Fixed critical issue preventing UniFi router logs from reaching Loki/Promtail/Grafana. Root Cause: - rsyslog filter in /etc/rsyslog.d/unifi-router.conf filtered for 192.168.1.1 - VM 101 on VLAN 2, actual source IP is 192.168.2.1 (VLAN 2 gateway) - Filter silently rejected all incoming syslog traffic Solution: - Updated rsyslog filter from 192.168.1.1 to 192.168.2.1 - Logs now flow: UniFi → rsyslog → Promtail → Loki → Grafana Changes: - Add services/loki-stack/* - Complete Loki/Promtail/Grafana stack configs - Add services/logward/* - Logward service configuration - Update troubleshooting/loki-stack-bugfix.md - Complete 5-phase resolution - Update CLAUDE_STATUS.md - Document 2025-12-11 resolution - Update sub-agents/scribe.md - Agent improvements - Remove services/promtail-config.yml - Duplicate file cleanup Status: ✅ Monitoring stack fully operational, syslog ingestion active Technical Details: See troubleshooting/loki-stack-bugfix.md for complete analysis 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-11 13:56:27 -07:00
parent 698a5b531a
commit 892684c46e
8 changed files with 526 additions and 3 deletions
--- a/services/logward/.env.example
+++ b/services/logward/.env.example
@@ -0,0 +1,62 @@
+# Database
+DATABASE_URL=postgresql://logward:password@localhost:5432/logward
+DB_NAME=logward
+DB_USER=logward
+DB_PASSWORD=Nbkx4mdmay1)
+
+# Redis
+REDIS_PASSWORD=Nbkx4mdmay1)
+REDIS_URL=redis://:Nbkx4mdmay1)@localhost:6379
+
+# API
+API_KEY_SECRET=XEZV6seqamKGb1JaCBCYGLopC9xMC9d8
+PORT=8080
+HOST=0.0.0.0
+
+# SMTP (configure for email alerts)
+SMTP_HOST=smtp.example.com
+SMTP_PORT=587
+SMTP_USER=your_email@example.com
+SMTP_PASS=your_smtp_password
+SMTP_FROM=noreply@logward.local
+
+# Rate Limiting
+RATE_LIMIT_MAX=1000
+RATE_LIMIT_WINDOW=60000
+
+# Environment
+NODE_ENV=development
+
+# Internal Logging (Self-Monitoring)
+# Enable/disable internal logging (logs LogWard's own requests/errors)
+INTERNAL_LOGGING_ENABLED=true
+
+# API key for internal logging project (auto-generated on first run if not set)
+# After first run, copy the generated key from console output and set it here
+# INTERNAL_API_KEY=lp_your_generated_api_key_here
+
+# API URL for internal logging (defaults to API_URL if not set)
+# INTERNAL_LOGGING_API_URL=http://localhost:8080
+
+# Service name (distinguishes backend from worker in logs)
+# Backend: logward-backend (default)
+# Worker: logward-worker
+SERVICE_NAME=logward-backend
+
+# Frontend (SvelteKit)
+# Public API URL for frontend to connect to backend
+PUBLIC_API_URL=http://localhost:8080
+
+# GitHub API Token (optional - for SigmaHQ integration)
+# Without token: 60 requests/hour rate limit
+# With token: 5000 requests/hour rate limit
+# Create token at: https://github.com/settings/tokens (no scopes needed for public repos)
+# GITHUB_TOKEN=ghp_your_github_personal_access_token_here
+
+# Docker Images (optional - specify custom images or versions)
+# By default, uses latest from Docker Hub
+# Available registries:
+#   - Docker Hub: logward/backend:latest, logward/frontend:latest
+#   - GHCR: ghcr.io/logward-dev/logward-backend:latest, ghcr.io/logward-dev/logward-frontend:latest
+# LOGWARD_BACKEND_IMAGE=logward/backend:0.2.4
+# LOGWARD_FRONTEND_IMAGE=logward/frontend:0.2.4