A tool to parse Samba logs from Loki and export metrics to Prometheus.
- Queries Samba logs from Loki
- Parses SMB operations: create, open, modify, delete
- Aggregates metrics per user and device
- Pushes metrics to Prometheus Pushgateway
- Can be run as a cronjob for periodic metric collection
Create a config.yaml file with the following structure:
loki:
url: "http://localhost:3100"
prometheus:
pushgateway_url: "http://localhost:9091"
job_name: "smblogparser"
query:
query: '{job="samba"}'
lookback_ms: 300000 # 5 minutes
limit: 5000
device: "default"make buildThis creates a binary at bin/smblogparser.
Run the parser with default config file (reads from Loki):
./bin/smblogparserRun with a custom config file:
./bin/smblogparser -config /path/to/config.yamlFor testing without Loki, use the -file flag to read logs from a text file:
# Build the binary
make build
# Test with example file
./bin/smblogparser -file example/test-logs.txtNote: When using -file, the Prometheus Pushgateway must still be running, or you can comment out the push step in the code for testing.
Example test log format (one log entry per line):
2024/01/15 14:30:45 john open_file /share/documents/report.pdf read
2024/01/15 14:31:12 jane open_file /share/projects/code.go create
2024/01/15 14:32:03 john pwrite /share/documents/report.pdf
To run every 5 minutes, add to your crontab:
*/5 * * * * /path/to/smblogparser -config /path/to/config.yaml >> /var/log/smblogparser.log 2>&1Example for hourly execution:
0 * * * * /path/to/smblogparser -config /path/to/config.yaml >> /var/log/smblogparser.log 2>&1The following metrics are exported to Prometheus:
smb_create_operations_total{user, device}- Total create operations per usersmb_open_operations_total{user, device}- Total open operations per usersmb_modify_operations_total{user, device}- Total modify operations per usersmb_delete_operations_total{user, device}- Total delete operations per user
Run tests:
make testClean build artifacts:
make cleanInstall to /usr/local/bin:
make install