Update 4 files

- /roles/base_setup/tasks/main.yml
- /roles/promtail/templates/promtail-service.yml.j2
- /roles/promtail/templates/promtail-config.yml.j2
- /roles/promtail/tasks/main.yml

roles/base_setup/tasks/main.yml

@@ -288,14 +288,12 @@
         --collector.cpu \
         --collector.meminfo \
         --collector.diskstats \
-        --collector.netdev \
         --collector.filesystem \
         --collector.loadavg \
         --collector.time \
         --collector.textfile.directory=/var/lib/node_exporter/textfile_collector \
         --web.listen-address=0.0.0.0:9100 \
         --web.telemetry-path=/metrics
-        --no-collector.netdev.address-info
       Restart=always
       RestartSec=5
 

roles/promtail/tasks/main.yml

@@ -19,6 +19,15 @@
     recurse: yes
   become: yes
 
+- name: Create positions file with correct permissions
+  file:
+    path: "{{ promtail_data_dir }}/positions.yaml"
+    state: touch
+    owner: promtail
+    group: promtail
+    mode: '0644'
+  become: yes
+  
 - name: Add promtail user to adm group for system log access
   user:
     name: promtail

roles/promtail/templates/promtail-config.yml.j2

@@ -6,7 +6,8 @@ positions:
   filename: {{ promtail_data_dir }}/positions.yaml
 
 clients:
-  - url: http://{{ loki_server_host }}:{{ loki_server_port }}/loki/api/v1/push
+  - url: http://{{ loki_server_host }}:{{ monitoring_ports.loki }}/loki/api/v1/push
+    tenant_id: "{{ inventory_hostname }}"
 
 scrape_configs:
   - job_name: system
@@ -14,23 +15,10 @@ scrape_configs:
       - targets:
           - localhost
         labels:
-          job: system-logs
+          job: varlogs
           host: "{{ inventory_hostname }}"
           __path__: /var/log/*.log
-
-  - job_name: docker
-    static_configs:
-      - targets:
-          - localhost
-        labels:
-          job: container-logs
-          host: "{{ inventory_hostname }}"
-          __path__: /var/lib/docker/containers/*/*.log
-    relabel_configs:
-      - source_labels: ['__path__']
-        target_label: container_name
-        regex: '/var/lib/docker/containers/([^/]*)/.*log'
-        replacement: '$1'
+          __path_exclude__: /var/log/*.gz
 
   - job_name: syslog
     static_configs:
@@ -39,4 +27,34 @@ scrape_configs:
         labels:
           job: syslog
           host: "{{ inventory_hostname }}"
-          __path__: /var/log/syslog
+          __path__: /var/log/syslog
+
+  - job_name: auth
+    static_configs:
+      - targets:
+          - localhost
+        labels:
+          job: auth
+          host: "{{ inventory_hostname }}"
+          __path__: /var/log/auth.log
+
+  - job_name: docker
+    static_configs:
+      - targets:
+          - localhost
+        labels:
+          job: docker
+          host: "{{ inventory_hostname }}"
+          __path__: /var/lib/docker/containers/*/*.log
+    pipeline_stages:
+      - docker: {}
+
+  - job_name: journal
+    journal:
+      max_age: 12h
+      labels:
+        job: journal
+        host: "{{ inventory_hostname }}"
+    relabel_configs:
+      - source_labels: ['__journal__systemd_unit']
+        target_label: 'unit'

roles/promtail/templates/promtail-service.yml.j2

@@ -15,5 +15,17 @@ KillMode=process
 Restart=on-failure
 RestartSec=5s
 
+# Security settings
+NoNewPrivileges=yes
+ProtectSystem=strict
+ProtectHome=yes
+PrivateTmp=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+ReadWritePaths={{ promtail_data_dir }}
+
 [Install]
 WantedBy=multi-user.target