GrayLog integration

Here’s a script integration with GrayLog
Basically this is a post-backup script that will format the results and send to Graylog server via HTTP POST. The duplicati post execution script example was used as basis.

Any comments and improvements welcome.

#!/bin/bash

# We read a few variables first.
EVENTNAME=$DUPLICATI__EVENTNAME
OPERATIONNAME=$DUPLICATI__OPERATIONNAME
REMOTEURL=$DUPLICATI__REMOTEURL
LOCALPATH=$DUPLICATI__LOCALPATH
BACKUPNAME=$DUPLICATI__backup_name

if [ "$EVENTNAME" == "AFTER" ]
then

	# If this is a finished backup, we send an email
	if [ "$OPERATIONNAME" == "Backup" ]
	then

		MESSAGE="/tmp/duplicati-graylog.txt"
		HOSTNAME=$(uname -n)
		GRAYLOGHOST="https://my_graylog_server/gelf"
		
		# Read backup results and strip Limited Messages and everything after
		# Transform result file to JSON as expeted by Graylog GELF
		# add _duplicati_ in front of every field to be able to distinguish in graylog
		# Add GELF mandatory fields

		cat $DUPLICATI__RESULTFILE | sed '/^LimitedMessages:/,$d' | \
		jq -Rc 'reduce (inputs | split(": ")) as [$key, $value] ({}; .["_duplicati_"+$key]=$value)' | \
		sed 's/^{/{"version":"1.1","host":"'"$HOSTNAME"'","short_message":"Duplicati Backup","_duplicati_BackupName":"'"$BACKUPNAME"'",/' > $MESSAGE
		
		# Post to Graylog server
		curl -s -X POST -H 'Content-Type: application/json' -d @$MESSAGE $GRAYLOGHOST
	
	else
		# This will be ignored
		echo "Got operation \"$OPERATIONNAME\", ignoring"	
	fi
else
	# This should never happen, but there may be new operations
	# in new version of Duplicati
	# We write this to stderr, and it will show up as a warning in the logfile
	echo "Got unknown event \"$EVENTNAME\", ignoring" >&2
fi

exit 0
1 Like

Here is a basic Graylog dashboard created pretty much with 5 mouse clicks from collected data that are provided to Graylog by the above scrip.