In my recent post, I showed a Grafana Dashboard containing log entries for nftables logs. These logs are collected by Grafana Alloy and then sent to Loki.
This is my Grafana Alloy configuration:
// For a full configuration reference, see https://grafana.com/docs/alloy
logging {
level = "warn"
}
// It's similar to journalctl _TRANSPORT=kernel --follow
loki.source.journal "router_kernel" {
matches = "_TRANSPORT=kernel"
forward_to = [loki.write.grafanacloud.receiver]
}
// Write to Loki
loki.write "grafanacloud" {
endpoint {
url = "https://logs-prod-032.grafana.net/loki/api/v1/push"
basic_auth {
username = "username-generated-on-grafana-cloud"
password = "password-generated-on-grafana-cloud"
}
}
}This configuration enables Alloy to collect kernel logs using the source.journal module. Once the logs are written to Loki, I can easily explore them.