From 833b1a2b5e8a24cd58a784a6feb69ac3702bb8f7 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Fri, 25 Aug 2023 19:53:36 +0200
Subject: [PATCH] collect traefik access logs remove forgejo access logs

---
 ansible/roles/monitoring/elasticsearch.yml.j2 | 4 ++--
 ansible/roles/monitoring/fluent.conf.j2       | 4 ++--
 ansible/roles/traefik/docker-stack.yml.j2     | 8 ++++++++
 terraform/elasticsearch/main.tf               | 2 +-
 4 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/monitoring/elasticsearch.yml.j2 b/ansible/roles/monitoring/elasticsearch.yml.j2
index 81a0d2e..90fee48 100644
--- a/ansible/roles/monitoring/elasticsearch.yml.j2
+++ b/ansible/roles/monitoring/elasticsearch.yml.j2
@@ -26,10 +26,10 @@ datasources:
       index: 'fluentd.diskfree-*'
       timeField: '@timestamp'
 
-  - name: forgejo_access
+  - name: traefik_access
     type: elasticsearch
     access: proxy
     url: http://maestro.dmz:{{ elasticsearch_port }}
     jsonData:
-      index: 'fluentd.docker.forgejo_forgejo.**'
+      index: 'fluentd.access.traefik-*'
       timeField: '@timestamp'
diff --git a/ansible/roles/monitoring/fluent.conf.j2 b/ansible/roles/monitoring/fluent.conf.j2
index 1dd5f70..dd030ba 100644
--- a/ansible/roles/monitoring/fluent.conf.j2
+++ b/ansible/roles/monitoring/fluent.conf.j2
@@ -6,7 +6,7 @@
   port {{ fluent_forward_port }}
 </source>
 
-<filter docker.forgejo_forgejo.**>
+<filter access.**>
   @type geoip
   geoip_lookup_keys  host
   backend_library geoip2_c
@@ -17,7 +17,7 @@
   skip_adding_null_record  true
 </filter>
 
-<match cpu memory diskfree docker.forgejo_forgejo.**>
+<match cpu memory diskfree access.**>
   @type elasticsearch
   host maestro.dmz
   port {{ elasticsearch_port }}
diff --git a/ansible/roles/traefik/docker-stack.yml.j2 b/ansible/roles/traefik/docker-stack.yml.j2
index 95e8b60..a865683 100644
--- a/ansible/roles/traefik/docker-stack.yml.j2
+++ b/ansible/roles/traefik/docker-stack.yml.j2
@@ -125,3 +125,11 @@ services:
       - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
 
       - --serversTransport.insecureSkipVerify=true
+
+      - --accesslog=true
+      - --accesslog.fields.defaultmode=keep
+      - --accesslog.fields.names.ClientUsername=drop
+      - --accesslog.fields.headers.defaultmode=keep
+      - --accesslog.fields.headers.names.User-Agent=keep
+      - --accesslog.fields.headers.names.Authorization=drop
+      - --accesslog.fields.headers.names.Content-Type=keep
diff --git a/terraform/elasticsearch/main.tf b/terraform/elasticsearch/main.tf
index b6d0e4f..8709975 100644
--- a/terraform/elasticsearch/main.tf
+++ b/terraform/elasticsearch/main.tf
@@ -52,7 +52,7 @@ resource "elasticstack_elasticsearch_index_template" "logs_template" {
   name = "logs_template"
 
   priority = 42
-  index_patterns = ["fluentd.docker.**"]
+  index_patterns = ["fluentd.access.**"]
 
   template {
     settings = jsonencode({