-
Notifications
You must be signed in to change notification settings - Fork 15
LogForge Core
Adan edited this page Oct 6, 2025
·
1 revision
The LogForge Core service is the central control plane that discovers Docker containers, streams their telemetry, and exposes APIs consumed by the Alert Engine and Notifier. It runs alongside two supporting containers: a React frontend (logforge-frontend) and an optional Watchtower-based auto-updater (logforge-autoupdate). The backend is shipped as source-available code so teams can audit or extend it for maximum transparency (see the logforge-core repository).
- Discover running containers through the Docker socket and keep an in-memory registry up to date.
- Collect logs and metadata, exposing them via HTTP and WebSocket endpoints for the dashboards.
- Manage user-defined container groups (stored in SQLite) so rules and views can target related services.
- Provide REST APIs that the Alert Engine and Notifier use for container snapshots, groups, config, and health.
- Broadcast container and group changes in real time to any connected UI or automation client.
-
logforge-backend: Python FastAPI application with direct
/var/run/docker.sockaccess. Handles discovery, APIs, WebSockets, and persistence. - logforge-frontend: Vite/React UI that calls the backend APIs and listens for WebSocket updates.
-
logforge-autoupdate (optional): Watchtower derivative that tracks container updates when
AUTO_UPDATE=true. - All services share the
logforge-networkbridge network; UI ports bind to127.0.0.1by default for local access only.
| Endpoint | Method | Description |
|---|---|---|
/containers |
GET | Returns the cached container list plus monitored groups. |
/groups |
GET/POST/PATCH/DELETE | CRUD operations for container groups. |
/config/preferences |
GET/POST | UI preferences (timezone, etc.). |
/config/filters/add-keyword |
POST | Manage core keyword filters. |
/health |
GET | Summarises container counts, rule counts, and DB status. |
Refer to logforge/backend/app/routes for the full FastAPI router definitions.
-
/ws/logs/{container_name}: streams live logs for an individual container. -
/ws/updates/{type}: unified feed for config, alerts, containers, orallupdate types. -
/ws/updates/alerts/{container}: per-container alert stream (newer alternative to the unified channel). -
/ws/updates/containers: broadcasts container and group snapshots whenever the registry changes.
- Users create or edit groups via the Core UI; changes hit
/groupson the backend. - Groups persist in the Core SQLite database (
logforge_core_datavolume) using theGroupandGroupMembershiptables (app/models/settings.py). - When groups or containers change, the backend rebuilds the monitored list and pushes updates to WebSocket subscribers.
- The Alert Engine listens to the same WebSocket feed, filters out groups without monitored containers, and surfaces the result in its rule builder scope pickers.
-
Alert Engine: Polls
/containersand/groups, receives WebSocket updates, and calls/alerts/ingestto push alert metadata back into Core. - Notifier: Core exposes configuration endpoints; notifier destinations are managed independently but Core references the notifier container for test sends.
-
Auto-updater: Optional service that restarts containers when new images are available, respecting the
AUTO_UPDATEflag.
-
logforge_core_data: stores the Core SQLite database (container registry, groups, UI settings). - The backend writes only to this volume; application code lives in the container image.
- The backend has full Docker control through the socket; protect it with network boundaries or a
docker-socket-proxyif you need fine-grained API whitelisting. - UI ports bind to loopback by default; use a reverse proxy with TLS and authentication when exposing the dashboard outside the host.
- Keep credentials (SMTP, webhooks, tokens) in environment variables or Docker secrets rather than the compose file.