Here’s a script integration with GrayLog
Basically this is a post-backup script that will format the results and send to Graylog server via HTTP POST. The duplicati post execution script example was used as basis.
Any comments and improvements welcome.
#!/bin/bash
# We read a few variables first.
EVENTNAME=$DUPLICATI__EVENTNAME
OPERATIONNAME=$DUPLICATI__OPERATIONNAME
REMOTEURL=$DUPLICATI__REMOTEURL
LOCALPATH=$DUPLICATI__LOCALPATH
BACKUPNAME=$DUPLICATI__backup_name
if [ "$EVENTNAME" == "AFTER" ]
then
# If this is a finished backup, we send an email
if [ "$OPERATIONNAME" == "Backup" ]
then
MESSAGE="/tmp/duplicati-graylog.txt"
HOSTNAME=$(uname -n)
GRAYLOGHOST="https://my_graylog_server/gelf"
# Read backup results and strip Limited Messages and everything after
# Transform result file to JSON as expeted by Graylog GELF
# add _duplicati_ in front of every field to be able to distinguish in graylog
# Add GELF mandatory fields
cat $DUPLICATI__RESULTFILE | sed '/^LimitedMessages:/,$d' | \
jq -Rc 'reduce (inputs | split(": ")) as [$key, $value] ({}; .["_duplicati_"+$key]=$value)' | \
sed 's/^{/{"version":"1.1","host":"'"$HOSTNAME"'","short_message":"Duplicati Backup","_duplicati_BackupName":"'"$BACKUPNAME"'",/' > $MESSAGE
# Post to Graylog server
curl -s -X POST -H 'Content-Type: application/json' -d @$MESSAGE $GRAYLOGHOST
else
# This will be ignored
echo "Got operation \"$OPERATIONNAME\", ignoring"
fi
else
# This should never happen, but there may be new operations
# in new version of Duplicati
# We write this to stderr, and it will show up as a warning in the logfile
echo "Got unknown event \"$EVENTNAME\", ignoring" >&2
fi
exit 0