diff --git a/promtail/config.yml b/promtail/config.yml
new file mode 100644
index 0000000..19fbdb7
--- /dev/null
+++ b/promtail/config.yml
@@ -0,0 +1,50 @@
+server:
+  http_listen_port: 9080
+  grpc_listen_port: 0
+
+positions:
+  filename: /tmp/positions.yaml
+
+clients:
+  - url: http://192.168.123.20:3100/loki/api/v1/push
+
+scrape_configs:
+  # Logs système
+  - job_name: system
+    static_configs:
+      - targets:
+          - localhost
+        labels:
+          job: varlogs
+          host: __hostname__
+          __path__: /var/log/*log
+  
+  # Logs auth (SSH, sudo, etc.)
+  - job_name: auth
+    static_configs:
+      - targets:
+          - localhost
+        labels:
+          job: auth
+          host: __hostname__
+          __path__: /var/log/auth.log
+  
+  # Logs UFW
+  - job_name: ufw
+    static_configs:
+      - targets:
+          - localhost
+        labels:
+          job: ufw
+          host: __hostname__
+          __path__: /var/log/ufw.log
+  
+  # Logs Docker
+  - job_name: docker
+    static_configs:
+      - targets:
+          - localhost
+        labels:
+          job: docker
+          host: __hostname__
+          __path__: /var/lib/docker/containers/*/*.log