Minor fix and tweak for graylog integration (#15455)

* Minor fix and tweak for graylog integration * More flexible in other use cases * fix again?
2024-10-07 16:52:45 +00:00 · 2023-11-02 04:35:44 +01:00
parent 9ca95a9ba5
commit f0bbab2419
7 changed files with 22 additions and 4 deletions
--- a/app/ApiClients/GraylogApi.php
+++ b/app/ApiClients/GraylogApi.php
@@ -97,13 +97,14 @@ class GraylogApi
     */
    public function buildSimpleQuery(?string $search = null, ?Device $device = null): string
    {
+        $field = Config::get('graylog.query.field');
        $query = [];
        if ($search) {
            $query[] = 'message:"' . $search . '"';
        }

        if ($device) {
-            $query[] = 'source: ("' . $this->getAddresses($device)->implode('" OR "') . '")';
+            $query[] = $field . ': ("' . $this->getAddresses($device)->implode('" OR "') . '")';
        }

        if (empty($query)) {
--- a/app/Http/Controllers/Table/GraylogController.php
+++ b/app/Http/Controllers/Table/GraylogController.php
@@ -111,14 +111,16 @@ class GraylogController extends SimpleTableController
            $displayTime = $message['message']['timestamp'];
        }

-        $device = $this->deviceFromSource($message['message']['source']);
+        $origin = $this->deviceFromSource($message['message']['gl2_remote_ip']);
+        $source = $this->deviceFromSource($message['message']['source']);
        $level = $message['message']['level'] ?? '';
        $facility = $message['message']['facility'] ?? '';

        return [
+            'origin'    => $origin ? Url::deviceLink($origin) : htmlspecialchars($message['message']['gl2_remote_ip']),
            'severity'  => $this->severityLabel($level),
            'timestamp' => $displayTime,
-            'source'    => $device ? Url::deviceLink($device) : htmlspecialchars($message['message']['source']),
+            'source'    => $source ? Url::deviceLink($source) : htmlspecialchars($message['message']['source']),
            'message'   => htmlspecialchars($message['message']['message'] ?? ''),
            'facility'  => is_numeric($facility) ? "($facility) " . __("syslog.facility.$facility") : $facility,
            'level'     => (is_numeric($level) && $level >= 0) ? "($level) " . __("syslog.severity.$level") : $level,