# Turnstone log sources — Heimdall cluster glean. # Covers: Heimdall (local), Navi, Sif, Cass, Strahl (SSH-collected), # Docker services on Heimdall, and network device syslog. # # Collected by scripts/collect_cluster_logs.sh before each glean run. # All paths are container-side (/data/ = bind-mount of /devl/turnstone-cluster/data/). # # Cron (collect + glean, every 15 min): # */15 * * * * bash /Library/Development/CircuitForge/turnstone/scripts/collect_cluster_logs.sh && \ # docker exec turnstone-cluster python scripts/glean_corpus.py \ # --sources /patterns/sources-cluster.yaml --db /data/turnstone.db \ # >> /var/log/turnstone-cluster-glean.log 2>&1 sources: # ── Heimdall (local) ───────────────────────────────────────────────────────── - id: heimdall-journal path: /data/heimdall-journal.jsonl - id: heimdall-dmesg path: /data/heimdall-dmesg.txt # ── Remote cluster nodes (SSH-collected journals) ──────────────────────────── - id: navi-journal path: /data/navi-journal.jsonl - id: sif-journal path: /data/sif-journal.jsonl - id: cass-journal path: /data/cass-journal.jsonl - id: strahl-journal path: /data/strahl-journal.jsonl # ── Docker services on Heimdall ────────────────────────────────────────────── - id: docker-cf-orch-coordinator path: /data/docker-cf-orch-coordinator.jsonl - id: docker-cf-web path: /data/docker-cf-web.jsonl - id: docker-cf-directus path: /data/docker-cf-directus.jsonl - id: docker-caddy-proxy path: /data/docker-caddy-proxy.jsonl # ── Network syslog (router, switches, UniFi APs) ───────────────────────────── # Written by syslog-receiver.service (UDP 5140 → /devl/turnstone-cluster/data/network-syslog.txt). # Configure devices to send syslog to Heimdall:5140. # UniFi: Settings → System → Remote Logging → Syslog Host = :5140 # Ubiquiti EdgeRouter: set system syslog host facility all level debug # Managed switches: varies by vendor — target UDP 5140 - id: network-syslog path: /data/network-syslog.txt