Skip to content

Notifiarr/fogwillow

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Fog Willow

Log Buffer

This app listens on a UDP port. Parses packets with a specific format. Buffers the packet payloads and writes them to disk.

Allows us to efficiently transport logs out of the PHP app and directly to the system with the hard disk where we store log files. We use this because NFS was too slow, and we can trade a bit of reliability for faster log exfiltration.

Packet Format

The first line of the packet is an integer that signals how many settings to expect. A minimum of 1 settings is required: filepath=/path Other recognized settings are: flush=true, truncate=true, delete=true, password=p4ssw0rd

Example Packets

1
filepath=/path/to/file.log
[INFO] this is a log line
2
filepath=/path/to/file.log
password=option4lPassw0rd
[INFO] this is a log line

Create a packet with echo and netcat:

echo -e "1\nfilepath=/tmp/filename.txt\nfile content goes here\nline 2 in the file" | nc -uw0 127.0.0.1 9000

Metrics

Has a Prometheus exporter built in with juicy metrics!
grafana

PHP Client

Very simple procedure we use for testing.

$socket = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);

function socket_put_contents($socket, $outputfile, $line, $host, $length = 8000)
{
    if (strlen($line) > $length) {
        foreach (str_split($line, $length) as $piece) {
            $loggerPayload = "1\nfilepath=".$outputfile."\n".$piece;
            usleep(1);
            socket_sendto($socket, $loggerPayload, strlen($loggerPayload), 0, $host, 9000);
        }
    } else {
        $loggerPayload = "1\nfilepath=" . $outputfile . "\n" . $line;
        socket_sendto($socket, $loggerPayload, strlen($loggerPayload), 0, $host, 9000);
    }
}

Usage

We run this from a Docker container directly on a Synology NAS. Using this image:
ghcr.io/Notifiarr/fogwillow:main

Mount /config and give it a /config/fog.conf file that looks like the example. You also want to mount a place to store files, and set that to output_path in the config file.