chore: enumerate log sources to harvest from example-node #54

New issue

Closed

opened 2026-05-27 08:50:48 -07:00 by pyr0ball · 1 comment

pyr0ball commented

2026-05-27 08:50:48 -07:00

Owner

Detected services on xanderland

Based on your current setup, here's a starter sources-xanderland.yaml with suggested sources:

# xanderland log sources for Turnstone SSH collection
# Review and remove anything you don't want harvested.
# Add any missing services below.

sources:
  # ── System journal (catch-all: systemd failures, OOM, kernel, SMART events) ──
  - id: xanderland-journal
    path: /devl/turnstone-cluster/data/xanderland-journal.jsonl
    # Collected via: ssh xanderland.tv journalctl --output=json --priority=0..5 --since '20 minutes ago'

  # ── Media stack ───────────────────────────────────────────────────────────────
  - id: xanderland-jellyfin
    path: /devl/turnstone-cluster/data/xanderland/jellyfin.log
    # Jellyfin writes timestamped log files to /var/log/jellyfin/
    # We'd tail the current log: ls -t /var/log/jellyfin/*.log | head -1

  - id: xanderland-plex
    path: /devl/turnstone-cluster/data/xanderland/plex.log
    # Plex log location — confirm your path:
    # /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Logs/Plex Media Server.log

  # ── Servarr stack (Radarr, Lidarr, Prowlarr) — native Servarr log format ────
  - id: xanderland-radarr
    path: /devl/turnstone-cluster/data/xanderland/radarr.log
    # Radarr log: check container volume or /opt/radarr/logs/radarr.txt

  - id: xanderland-lidarr
    path: /devl/turnstone-cluster/data/xanderland/lidarr.log
    # Lidarr log: check container volume or /opt/lidarr/logs/lidarr.txt

  - id: xanderland-prowlarr
    path: /devl/turnstone-cluster/data/xanderland/prowlarr.log
    # Prowlarr log: check container volume or /opt/prowlarr/logs/prowlarr.txt

  # ── Downloader (qBittorrent) ─────────────────────────────────────────────────
  - id: xanderland-qbit
    path: /devl/turnstone-cluster/data/xanderland/qbit-app.log
    # qBit app log (NOT docker stdout — it's a file in the container volume)
    # Likely: /opt/qbittorrent/qBittorrent/logs/qbittorrent.log  (confirm path)

  # ── Network / access logs ─────────────────────────────────────────────────────
  - id: xanderland-caddy
    path: /devl/turnstone-cluster/data/xanderland/caddy-access.log
    # /var/log/caddy/jellyfin-access.log (already confirmed to exist)
    # Are there other Caddy access logs? List any you want included.

  - id: xanderland-pihole
    path: /devl/turnstone-cluster/data/xanderland/pihole.log
    # Pi-hole DNS query log — confirm container volume path
    # Usually: /etc/pihole/pihole.log or /opt/pihole/pihole.log inside the container

  # ── Nextcloud ─────────────────────────────────────────────────────────────────
  - id: xanderland-nextcloud
    path: /devl/turnstone-cluster/data/xanderland/nextcloud.log
    # Nextcloud app log — confirm container volume path
    # Usually: /var/www/html/data/nextcloud.log inside the container volume

  # ── Samba ─────────────────────────────────────────────────────────────────────
  - id: xanderland-samba
    path: /devl/turnstone-cluster/data/xanderland/samba.log
    # /var/log/samba/log.smbd  (per-connection logs are noisy — main smbd log is fine)

  # ── Optional / lower priority ─────────────────────────────────────────────────
  # Uncomment anything you want:
  #
  # - id: xanderland-nzbget
  #   path: /devl/turnstone-cluster/data/xanderland/nzbget.log
  #
  # - id: xanderland-foundryvtt
  #   path: /devl/turnstone-cluster/data/xanderland/foundryvtt.log
  #
  # - id: xanderland-mariadb
  #   path: /devl/turnstone-cluster/data/xanderland/mariadb.log
  #
  # - id: xanderland-meshtastic
  #   path: /devl/turnstone-cluster/data/xanderland/meshtastic.log
  #   # Meshtastic mesh radio events — journald unit: meshmonitor.service

What to fill in

For each service you want to keep, we need the exact host path to the log file (or confirm it's in the system journal). Specifically:

Plex — confirm log path (usually inside /var/lib/plexmediaserver/...)
Servarr (Radarr/Lidarr/Prowlarr) — are these Podman containers? If so, what's the volume mount path for logs?
qBittorrent — same — the app log file path inside the container volume
Pi-hole — log path inside the container volume, or is it bind-mounted to the host?
Nextcloud — nextcloud.log path (usually in the data volume)
FoundryVTT / Meshtastic — want these? If yes, what are the log paths?
Anything else running that isn't listed — add it to the bottom

What to remove / skip

Per-IP Samba logs (log.10.0.0.*) — noisy and not useful, skipping by default
Installer logs (/var/log/installer/, /var/log/dist-upgrade/) — one-time, not needed
apport.log — crash reporter, usually not useful for operational monitoring

Just comment out or delete any section above you don't want. Alan will set up the SSH collection timer once you've confirmed the list.

Hey @xenon — Turnstone (the log aggregation + LLM diagnosis tool running on Heimdall) can pull logs from your machine via SSH and ingest them into the cluster database. Based on a quick look at your running services, here's what we think is worth harvesting. Please review, remove anything you'd rather keep private, and add anything we missed. --- ## Detected services on xanderland Based on your current setup, here's a starter `sources-xanderland.yaml` with suggested sources: ```yaml # xanderland log sources for Turnstone SSH collection # Review and remove anything you don't want harvested. # Add any missing services below. sources: # ── System journal (catch-all: systemd failures, OOM, kernel, SMART events) ── - id: xanderland-journal path: /devl/turnstone-cluster/data/xanderland-journal.jsonl # Collected via: ssh xanderland.tv journalctl --output=json --priority=0..5 --since '20 minutes ago' # ── Media stack ─────────────────────────────────────────────────────────────── - id: xanderland-jellyfin path: /devl/turnstone-cluster/data/xanderland/jellyfin.log # Jellyfin writes timestamped log files to /var/log/jellyfin/ # We'd tail the current log: ls -t /var/log/jellyfin/*.log | head -1 - id: xanderland-plex path: /devl/turnstone-cluster/data/xanderland/plex.log # Plex log location — confirm your path: # /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Logs/Plex Media Server.log # ── Servarr stack (Radarr, Lidarr, Prowlarr) — native Servarr log format ──── - id: xanderland-radarr path: /devl/turnstone-cluster/data/xanderland/radarr.log # Radarr log: check container volume or /opt/radarr/logs/radarr.txt - id: xanderland-lidarr path: /devl/turnstone-cluster/data/xanderland/lidarr.log # Lidarr log: check container volume or /opt/lidarr/logs/lidarr.txt - id: xanderland-prowlarr path: /devl/turnstone-cluster/data/xanderland/prowlarr.log # Prowlarr log: check container volume or /opt/prowlarr/logs/prowlarr.txt # ── Downloader (qBittorrent) ───────────────────────────────────────────────── - id: xanderland-qbit path: /devl/turnstone-cluster/data/xanderland/qbit-app.log # qBit app log (NOT docker stdout — it's a file in the container volume) # Likely: /opt/qbittorrent/qBittorrent/logs/qbittorrent.log (confirm path) # ── Network / access logs ───────────────────────────────────────────────────── - id: xanderland-caddy path: /devl/turnstone-cluster/data/xanderland/caddy-access.log # /var/log/caddy/jellyfin-access.log (already confirmed to exist) # Are there other Caddy access logs? List any you want included. - id: xanderland-pihole path: /devl/turnstone-cluster/data/xanderland/pihole.log # Pi-hole DNS query log — confirm container volume path # Usually: /etc/pihole/pihole.log or /opt/pihole/pihole.log inside the container # ── Nextcloud ───────────────────────────────────────────────────────────────── - id: xanderland-nextcloud path: /devl/turnstone-cluster/data/xanderland/nextcloud.log # Nextcloud app log — confirm container volume path # Usually: /var/www/html/data/nextcloud.log inside the container volume # ── Samba ───────────────────────────────────────────────────────────────────── - id: xanderland-samba path: /devl/turnstone-cluster/data/xanderland/samba.log # /var/log/samba/log.smbd (per-connection logs are noisy — main smbd log is fine) # ── Optional / lower priority ───────────────────────────────────────────────── # Uncomment anything you want: # # - id: xanderland-nzbget # path: /devl/turnstone-cluster/data/xanderland/nzbget.log # # - id: xanderland-foundryvtt # path: /devl/turnstone-cluster/data/xanderland/foundryvtt.log # # - id: xanderland-mariadb # path: /devl/turnstone-cluster/data/xanderland/mariadb.log # # - id: xanderland-meshtastic # path: /devl/turnstone-cluster/data/xanderland/meshtastic.log # # Meshtastic mesh radio events — journald unit: meshmonitor.service ``` --- ## What to fill in For each service you want to keep, we need the **exact host path** to the log file (or confirm it's in the system journal). Specifically: 1. **Plex** — confirm log path (usually inside `/var/lib/plexmediaserver/...`) 2. **Servarr** (Radarr/Lidarr/Prowlarr) — are these Podman containers? If so, what's the volume mount path for logs? 3. **qBittorrent** — same — the app log file path inside the container volume 4. **Pi-hole** — log path inside the container volume, or is it bind-mounted to the host? 5. **Nextcloud** — `nextcloud.log` path (usually in the data volume) 6. **FoundryVTT / Meshtastic** — want these? If yes, what are the log paths? 7. **Anything else** running that isn't listed — add it to the bottom ## What to remove / skip - Per-IP Samba logs (`log.10.0.0.*`) — noisy and not useful, skipping by default - Installer logs (`/var/log/installer/`, `/var/log/dist-upgrade/`) — one-time, not needed - `apport.log` — crash reporter, usually not useful for operational monitoring Just comment out or delete any section above you don't want. Alan will set up the SSH collection timer once you've confirmed the list.

pyr0ball added this to the beta milestone 2026-05-27 08:50:48 -07:00

pyr0ball added the

deployment

docs

labels 2026-05-27 08:50:48 -07:00

xenon was assigned by pyr0ball

2026-05-27 08:50:48 -07:00

pyr0ball changed title from ~~chore: enumerate log sources to harvest from xanderland~~ to chore: enumerate log sources to harvest from example-node

2026-06-13 22:03:16 -07:00

pyr0ball referenced this issue from a commit

2026-06-13 22:03:27 -07:00

chore: replace vendor product name with generic ext_device throughout

pyr0ball referenced this issue from a commit

2026-06-13 22:18:29 -07:00

chore: replace vendor product name with generic ext_device throughout

pyr0ball commented

2026-06-14 15:17:15 -07:00

Author

Owner

Resolved by the live Orchard setup. Huginn is now submitting to harvest.circuitforge.tech/huginn (#55). The example-node (node2) has its sources enumerated in patterns/sources-example.yaml and the compose setup in docker-compose.submissions.yml (#54). The graft API (#27) handles future node enrollment automatically.

Resolved by the live Orchard setup. Huginn is now submitting to harvest.circuitforge.tech/huginn (#55). The example-node (node2) has its sources enumerated in `patterns/sources-example.yaml` and the compose setup in `docker-compose.submissions.yml` (#54). The graft API (#27) handles future node enrollment automatically.

pyr0ball closed this issue

2026-06-14 15:17:15 -07:00

pyr0ball referenced this issue

2026-06-14 15:17:15 -07:00

chore: enumerate log sources to harvest from huginn #55