From 8d524610b326841483cd80c1e59e383031141747 Mon Sep 17 00:00:00 2001
From: Benno Evers <benno.evers@tenzir.com>
Date: Wed, 25 Sep 2024 21:28:13 +0200
Subject: [PATCH] Polish graylog package

---
 graylog/package.svg  | 10 ++++++++++
 graylog/package.yaml | 45 +++++++++++++++++---------------------------
 2 files changed, 27 insertions(+), 28 deletions(-)
 create mode 100644 graylog/package.svg

diff --git a/graylog/package.svg b/graylog/package.svg
new file mode 100644
index 0000000..f3c2c15
--- /dev/null
+++ b/graylog/package.svg
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
+<svg width="800px" height="800px" viewBox="0 -4 256 256" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" preserveAspectRatio="xMidYMid">
+    <g>
+        <path d="M128.002368,0 C202.384366,0 256.00329,57.2695747 256.00329,123.893941 C256.00329,191.659134 205.122353,247.559715 128.002368,247.559715 C50.8823831,247.559715 0.000720818792,191.659134 0.000720818792,123.893941 C-0.226719402,57.2695747 53.3922051,0 128.002368,0 Z M43.3529171,123.893941 C43.3529171,169.298902 82.3692409,209.227888 127.774203,209.227888 C173.179164,209.227888 212.195488,169.298902 212.195488,123.893941 C212.195488,74.8383287 173.179164,38.1036613 127.774203,38.1036613 C82.5974066,38.1036613 43.3529171,74.8383287 43.3529171,123.893941 Z" fill="#FF3633">
+
</path>
+        <path d="M73.9271124,117.048971 C77.3495969,117.048971 80.3157502,118.874297 81.9129097,121.84045 L89.4423757,121.84045 L101.306989,93.3197452 C101.76332,91.9507514 103.132314,90.8099232 104.501308,90.353592 C107.01113,89.8972607 109.520952,91.2662545 109.977283,93.7760765 L122.526393,148.992161 L135.303669,74.6101631 L135.303669,74.6101631 C135.531834,72.784838 136.900828,71.4158442 138.726153,70.9595129 C141.235975,70.275016 143.745797,71.8721754 144.430294,74.3819974 L158.120232,130.282578 L165.193367,109.519505 C165.421533,108.606843 166.106029,107.69418 167.018692,107.009683 C169.072183,105.64069 172.038336,106.097021 173.40733,108.150512 L179.339636,116.59264 C179.567802,118.646131 179.567802,120.699622 179.567802,122.753112 C179.567802,125.4911 179.339636,128.229088 179.111471,130.73891 C178.198808,130.510744 177.514311,129.826247 176.829814,129.14175 L176.829814,129.14175 L170.897508,120.927787 L161.770882,148.535829 C160.85822,151.045651 158.348398,152.186479 155.838576,151.501983 C154.241416,151.045651 153.100588,149.676657 152.872423,148.307664 L152.872423,148.307664 L140.551478,98.5675549 L127.546037,174.09038 C127.089706,176.600202 124.808049,178.197362 122.298227,177.969196 C120.244737,177.741031 118.875743,176.143871 118.419411,174.09038 L104.501308,110.204002 L96.9718417,128.229088 C96.2873448,130.054413 94.4620197,131.195241 92.6366946,131.195241 L92.6366946,131.195241 L81.9129097,131.195241 C80.3157502,133.933229 77.3495969,135.758554 73.9271124,135.758554 C68.9074684,135.758554 64.5723213,131.651572 64.5723213,126.403763 C64.8004869,121.384119 68.9074684,117.048971 73.9271124,117.048971 Z" fill="#A6AFBD">
+
</path>
+    </g>
+</svg>
\ No newline at end of file
diff --git a/graylog/package.yaml b/graylog/package.yaml
index fc54e11..da95365 100644
--- a/graylog/package.yaml
+++ b/graylog/package.yaml
@@ -3,24 +3,20 @@ id: graylog
 name: Graylog
 author: Tenzir
 author_icon: https://raw.githubusercontent.com/tenzir/library/main/author.svg
+package_icon: |
+  https://raw.githubusercontent.com/tenzir/library/main/graylog/package.svg
 description: |
   [Graylog](https://graylog.org/) is an open-core log management platform
   with a focus on security operations.
 
-  This package allows onboarding graylog data from local files or from the
+  This package supports onboarding Graylog data from local files or from the
   network.
 
 inputs:
-  filename:
-    name: Graylog filename
-    description: The location of a local file containing graylog data
-    type: string
-    default: "/tmp/example.data"
-
   listen-address:
     name: Graylog listen address
     description: |
-      The network interface and port on which graylog data arrives over
+      The network interface and port on which Graylog data arrives over
       the network.
     type: string
     default: 0.0.0.0:9000
@@ -29,7 +25,7 @@ pipelines:
   import-graylog:
     name: Import Graylog data
     description: |
-      Reads graylog data from the topic "graylog" and imports the data
+      Reads Graylog events from the topic `graylog` and imports the data
       into the node.
     definition: |
       // tql2
@@ -39,29 +35,22 @@ pipelines:
   onboard-from-network:
     name: Read Graylog from Network
     description: |
-      Reads graylog events from the network and publishes them
-      on the topic `graylog`.
-    disabled: true
-    definition: |
-      from {{ inputs.listen-address }} read lines --null
-      | buffer 1Mi --policy drop
-      | write lines | read json --ndjson
-      | set #schema="graylog.log"
-      | publish graylog
-
-  onboard-from-file:
-    name: Read Graylog from File
-    description: |
-      Reads graylog events from the network and publishes them
+      Reads graylog data from the network and publishes them
       on the topic `graylog`.
+      
+      Note that this pipeline does not support incoming TLS connections,
+      so for production instances of graylog an external reverse proxy
+      is recommended.
     definition: |
-      from {{ inputs.filename }} read lines --null
-      | write lines | read json --ndjson
-      | set #schema="graylog.log"
-      | publish graylog 
+      // tql2
+      load_tcp "{{ inputs.listen-address }}" {
+        read_gelf
+      }
+      @name = "graylog"
+      publish "graylog"
 
 examples:
-  - name: Display
+  - name: Display Graylog Ingest
     description: |
       View all Graylog data that arrived in the last day.
     definition: |