fix(soc): trazer configs do Grafana/Promtail para o git e corrigir volumes
continuous-integration/webhook Deploy concluido com sucesso (VPS 4)

- Adiciona soc/promtail/config.yml (antes fora do git, em /opt/soc/)
- Adiciona soc/grafana/provisioning/alerting/alerts.yml (antes fora do git)
- Adiciona soc/grafana/provisioning/datasources/datasources.yml (antes fora do git)
- Corrige docker-compose.yml: volumes do Promtail e Grafana agora apontam
  para paths dentro do repo (/home/deploy/stack/soc/) ao invés de /opt/soc/
- Corrige mount dos containers Docker: host path mapeia para /var/lib/docker/containers
  (path padrão que o Promtail espera dentro do container)
- Corrige .gitignore: ignora apenas dados binários (grafana-data, loki-data, prom-data),
  não mais todos os subdiretórios do soc/
- Alertas Loki usam count_over_time() para retornar métrica numérica compatível
This commit is contained in:
VPS 4 Deploy Agent
2026-05-12 05:16:21 +02:00
parent 7e1591303a
commit e6a1ab9af5
5 changed files with 208 additions and 5 deletions
+8 -2
View File
@@ -22,12 +22,18 @@ ssh_alerts_config.json
*.tar.gz
*.zip
# Monitoramento e Dados de Estado (SOC)
**/prom-data/
# Monitoramento e Dados de Estado (SOC) - apenas dados binários/estado, NÃO configs
soc/prom-data/
soc/loki-data/
soc/grafana-data/
**/wal/
**/chunks/
**/tombstones/
**/positions.yaml
# Configs SOC rastreados pelo git (NÃO ignorar):
# soc/promtail/config.yml
# soc/grafana/provisioning/**
# soc/docker-compose.yml
# Sessões e Mídia locais
**/sessions/
+3 -3
View File
@@ -7,7 +7,7 @@ services:
- "10.99.0.1:3000:3000"
volumes:
- "/home/deploy/stack/soc/grafana-data:/var/lib/grafana"
- "/opt/soc/grafana/provisioning:/etc/grafana/provisioning"
- "/home/deploy/stack/soc/grafana/provisioning:/etc/grafana/provisioning"
- "/opt/soc/grafana/dashboards:/var/lib/grafana/dashboards"
environment:
- GF_SECURITY_ADMIN_PASSWORD=wMjFvkQ3GRWCvJbd
@@ -24,9 +24,9 @@ services:
restart: always
volumes:
- /var/log:/var/log:ro
- /opt/soc/promtail:/etc/promtail:ro
- /home/deploy/stack/soc/promtail:/etc/promtail:ro
- /run/user/1000/docker.sock:/var/run/docker.sock:ro
- /home/deploy/.local/share/docker/containers:/home/deploy/.local/share/docker/containers:ro
- /home/deploy/.local/share/docker/containers:/var/lib/docker/containers:ro
command: -config.file=/etc/promtail/config.yml
networks:
- soc
@@ -0,0 +1,145 @@
apiVersion: 1
groups:
# ──────────────────────────────────────────────────────────────────
# Alertas de infraestrutura (baseados em métricas do Prometheus)
# ──────────────────────────────────────────────────────────────────
- name: SOC Alerts
folder: SOC
interval: 30s
rules:
- uid: cpu_high
title: CPU ALTA
condition: A
data:
- refId: A
datasourceUid: PBFA97CFB590B2093
relativeTimeRange:
from: 300
to: 0
model:
expr: 100 - (avg(rate(node_cpu_seconds_total{mode="idle"}[5m])) * 100)
noDataState: OK
execErrState: OK
for: 2m
annotations:
description: "CPU acima de 80%"
- uid: falco_critical
title: FALCO CRITICAL
condition: A
data:
- refId: A
datasourceUid: P8E80F9AEF21F6940
relativeTimeRange:
from: 300
to: 0
model:
expr: '{job="falco"} |= "CRITICAL"'
for: 1m
annotations:
description: "Evento crítico detectado pelo Falco"
- uid: crypto_attack
title: POSSÍVEL CRYPTOJACKING
condition: A
data:
- refId: A
datasourceUid: PBFA97CFB590B2093
relativeTimeRange:
from: 300
to: 0
model:
expr: 100 - (avg(rate(node_cpu_seconds_total{mode="idle"}[5m])) * 100)
- refId: B
datasourceUid: P8E80F9AEF21F6940
relativeTimeRange:
from: 300
to: 0
model:
expr: '{job="falco"} |= "xmrig"'
for: 1m
annotations:
description: "CPU alta + minerador detectado"
# ──────────────────────────────────────────────────────────────────
# Alertas de aplicação (baseados em logs dos containers via Loki)
# Datasource: Loki (uid: P8E80F9AEF21F6940)
# Container monitorado: newwhats-backend-prod
# ──────────────────────────────────────────────────────────────────
- name: App Alerts
folder: SOC
interval: 60s
rules:
- uid: backend_unhandled_exception
title: BACKEND - Exceção Não Tratada
condition: A
data:
- refId: A
datasourceUid: P8E80F9AEF21F6940
relativeTimeRange:
from: 300
to: 0
model:
expr: |
count_over_time(
{container="newwhats-backend-prod"}
|~ "(?i)(unhandledRejection|uncaughtException|TypeError: Cannot|ReferenceError:|Cannot read properties)"
[5m]
) > 0
noDataState: OK
execErrState: OK
for: 0s
annotations:
summary: "Exceção não tratada detectada no backend WhatsApp"
description: "O container newwhats-backend-prod emitiu uma exceção crítica não tratada. Verifique os logs e o código-fonte."
labels:
severity: critical
- uid: backend_prisma_p2002
title: BACKEND - Colisão Prisma P2002
condition: A
data:
- refId: A
datasourceUid: P8E80F9AEF21F6940
relativeTimeRange:
from: 300
to: 0
model:
expr: |
count_over_time(
{container="newwhats-backend-prod"} |= "P2002"
[5m]
) > 0
noDataState: OK
execErrState: OK
for: 2m
annotations:
summary: "Violação de unicidade P2002 detectada no banco de dados"
description: "Prisma está relatando violações de constraint única (P2002). Pode indicar race condition em mensagens concorrentes."
labels:
severity: warning
- uid: backend_http_5xx
title: BACKEND - Erros HTTP 5xx
condition: A
data:
- refId: A
datasourceUid: P8E80F9AEF21F6940
relativeTimeRange:
from: 300
to: 0
model:
expr: |
count_over_time(
{container="newwhats-backend-prod"}
|~ "statusCode.*5[0-9]{2}|HTTP.*5[0-9]{2}|\"status\":5[0-9]{2}"
[5m]
) > 0
noDataState: OK
execErrState: OK
for: 2m
annotations:
summary: "Erros HTTP 5xx detectados no backend"
description: "O backend está retornando erros 5xx. Pode indicar falha interna, banco de dados indisponível ou bug de runtime."
labels:
severity: warning
@@ -0,0 +1,11 @@
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
access: proxy
url: http://prometheus:9090
- name: Loki
type: loki
access: proxy
url: http://loki:3100
+41
View File
@@ -0,0 +1,41 @@
server:
http_listen_port: 9080
positions:
filename: /tmp/positions.yaml
clients:
- url: http://loki:3100/loki/api/v1/push
scrape_configs:
- job_name: falco
static_configs:
- targets: [localhost]
labels:
job: falco
__path__: /var/log/falco.log
- job_name: varlogs
static_configs:
- targets: [localhost]
labels:
job: varlogs
__path__: /var/log/syslog
# Coleta logs de todos os containers Docker via service discovery
- job_name: docker_containers
docker_sd_configs:
- host: unix:///var/run/docker.sock
refresh_interval: 5s
relabel_configs:
# Extrai o nome do container (remove a barra inicial)
- source_labels: ['__meta_docker_container_name']
regex: '/?(.+)'
target_label: container
# Stream (stdout/stderr)
- source_labels: ['__meta_docker_container_log_stream']
target_label: stream
# Nome do serviço do docker-compose
- source_labels: ['__meta_docker_container_label_com_docker_compose_service']
target_label: service
# Caminho do log dentro do container mountado
- source_labels: ['__meta_docker_container_id']
target_label: __path__
replacement: /var/lib/docker/containers/$1/$1-json.log